0

I have made a successful registration system that inputs data into the database (phpmyadmin).

Now i am trying to tackle another major problem the login system. I have 2 parts of it done. Part 1 = the database to code link Part 2 = the form.

What I need is code to pull the data from the data base and authenticate it and either transfer to a home.php page or go back to the login page with an echo "Sorry your Log-in information is incorrect". I have tried this many times and all have failed miserably. Any code you can give me to login would be much appreciated. So the code i have now is just 2 parts not the third and I am hoping some one on here can help me through making this login page.

Here is my code so far:

<?
$db_selected = mysql_select_db('XXXXXX', $link);
$host="XXXX"; 
$db_user="XXXXX"; 
$db_password="XXXXXX"; 
$database="XXXXXXX"; 
$link = mysql_connect($host,$db_user,$db_password);

$link = mysql_connect($host,$db_user,$db_password);
if (!$link) {
die('Not connected : ' . mysql_error());
}

$db_selected = mysql_select_db($database, $link);
if (!$db_selected) {
die ('Can\'t use the DB : ' . mysql_error());
}

if (!$link) {
die('Could not connect: ' . mysql_error());
}
else
{
echo "Mysql Connected Successfully";
}


?>


<font color="red">
<h1>Log-In</h1>

<p>Please Enter your details below to Log-in</p>

<form method="post" action="home.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username"        id="username" /><br />
<label for="password">Password:</label><input type="password" name="password"          id="password" /><br />
    <input type="submit" name="login" id="login" value="Log-In" />
</fieldset>
</form>
</font>
</div>
</HTML>
Xxcoder14xX
  • 27
  • 6
  • 2
    you cant select the db before you connect to the server –  Jul 29 '14 at 21:54
  • 1
    You need to quit using `mysql_` functions **they are deprecated**. – Jay Blanchard Jul 29 '14 at 21:57
  • So I could move the select db code below the connect code? – Xxcoder14xX Jul 29 '14 at 22:03
  • I realize the functions are "deprecated" but that is not the answer or input I need. – Xxcoder14xX Jul 29 '14 at 22:08
  • It doesn't matter if that is not the input you need, you will get that input from nearly anyone who answers or looks at a PHP question where those functions are used until **everyone** stops using them @Xxcoder14xX Additionally your OP came in dictating many things about how folks should answer you. In my experience on SO that doesn't work well, often ends up with a heavily DV'd and sometimes closed question. Just some helpful hints for you :) – Jay Blanchard Jul 30 '14 at 19:18

1 Answers1

0

Pseudo-code for process.php NOTE: you MUST make sure that you cleanse any input that a user provides so that you protect your server! This example does not take care of all of the possibilities, it is just to get you started - 

$link = mysqli_connect("localhost", "my_user", "my_password", "world");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$user = mysqli_real_escape_string($link, $_POST['username']);
$pass = mysqli_real_escape_string($link, $_POST['password']);

if ($result = mysqli_query($link, "SELECT * FROM `users` WHERE `user` = $user AND `password` = $pass")) {
    if(0 != mysqli_num_rows($result)) {
        header('Location: home.html');
        exit();
    } else {
        echo "Your login has failed.";
    }
}

mysqli_close($link);

Never store plain text passwords! Please use PHP's built-in functions to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() compatibility pack. It is not necessary to escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding.

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119