-2

I have this login function, but it returns me a blank page when I tried to login. This is the first form

<form name="form1" method="post" action="checklogin.php">
<input type="hidden" name="action" value="login">
<input type="hidden" name="hide" value="">
<table class='center'>
<tr><td>Username:</td><td><input type="text" name="username"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password"></td></tr>
<tr><td>&nbsp;</td><td><input type="submit" value="Enter"></td></tr>
<tr><td colspan=2>&nbsp;</td></tr>
<tr><td colspan=2>Don't have an admin account yet? Click <a 
href="Register.php">here</a>!</td></tr>
<tr><td colspan=2>Thank you for using Sentence Scramble and Sequencer</td></tr>
</table>
</form>

Followed by a php file

<?php

// Connect to server and select databse.
$server = 'localhost'; 
$username = 'root'; 
$password = ''; 
$database = 'project'; 
mysql_connect($server,$username,$password) or die(mysql_error()); 
mysql_select_db($database) or die(mysql_error());

function SignIn ()
{
    session_start();
    if(!empty($_POST['username']))
    {
        $query = mysql_query("SELECT * FROM register where myusername = '$_POST[username]' 
AND mypassword = '$_POST[password]'") or die(mysql_error());
        $row = mysql_fetch_array($query) or die(mysql_error());
        if(!empty($row['myusername']) AND !empty($row['mypassword']))
        {
            $_SESSION['myusername'] = $row['mypassword'];
            echo "SUCCESS";
        }
        else{
            echo "sorry";
        }
    }
}
if(isset($_POST['submit']))
{
    login_success.php();
}
?>

'myusername' and 'mypassword' is the elements of the table where user register their username and password into.

scrowler
  • 24,273
  • 9
  • 60
  • 92
user3583643
  • 1
  • 1
  • 2
  • 1
    [There are](http://php.about.com/od/troubleshooting/f/white_page_php.htm) [plenty](http://stackoverflow.com/questions/2473926/php-site-keeps-opening-to-blank-page-no-errors) [of references](http://stackoverflow.com/questions/8401423/php-blank-page-error-reporting-not-functioning) [to this](http://stackoverflow.com/questions/19626013/php-white-screen-of-death) [problem online](http://stackoverflow.com/questions/1475297/phps-white-screen-of-death) – scrowler Jun 23 '14 at 03:46
  • First is Signin function is not being called, second login_success.php() <<== syntax error – Eric T Jun 23 '14 at 03:51

1 Answers1

2

There are a number of issues with your code.

  • You're using the deprecated mysql_* functions. You should switch to PDO or mysqli
  • You're declaring the function SignIn() but never using/calling it
  • Your method to validate credentials is wrong. You should check for the number of rows returned and it should be equal to 1
  • This will throw a syntax error: login_success.php();

The reason you might be getting a blank page is because you have error_reporting set to none. That's the reason errors are being suppressed.

So if you want your code to work,

    <?php
    error_reporting(E_ALL); // this will print out errors if any
    $server = 'localhost'; 
    $username = 'root'; 
    $password = ''; 
    $database = 'project'; 
    $db = new PDO("mysql:host=$server;dbname=$database;charset=utf8", '$username', '$password');

        function SignIn ($db)
        {
            session_start();
            if(!empty($_POST['username']))
            {
                $un = $_POST['username'];
                $pw = $_POST['password'];
                $stmt = $db->prepare("SELECT COUNT(*) FROM register where myusername = ? 
AND mypassword = ?");
                $stmt->execute(array($un, $pw)); 
                // this is a better approach to validate credentials       
                if($stmt->fetchColumn() == 1)
                {
                    while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
                        $_SESSION['myusername'] = $row['mypassword'];
                    }                       
                    echo "SUCCESS";
                }
                else{
                    echo "sorry";
                }
            }
            else
            {
              echo 'Username was empty. Please go back and try again.';
            }
        }
        if(isset($_POST['submit']))
        {
            SignIn($db);
        }
        else
        {
           echo 'Direct script access not allowed';
        }
asprin
  • 9,579
  • 12
  • 66
  • 119