Simple Login Using Sessions / SQL

Question

I am trying to create a simple login experience on my website. The data is being taken from phpmyadmin. I'm having trouble and not really sure exactly where I'm going wrong. I'm looking to keep this as simple as possible for now, just to get it started.

HTML

    <div class="container">
        <div class="row">
          <div class="col-md-8 col-md-offset-2">
            <div class="well well-sm">
              <form class="form-horizontal" action="" method="post">
              <fieldset>
                <legend class="text-center">Sign In</legend>


                <!-- Message body -->
                <div class="form-group">
                  <label class="col-md-4 control-label" for="Username">Username</label>
                  <div class="col-md-8">
                    <input id="username" name="username" type="text" placeholder="Your email" class="form-control">
                  </div>
                </div>

                <div class="form-group">
                  <label class="col-md-4 control-label" for="Password">Password</label>
                  <div class="col-md-8">
                    <input id="password" name="password" type="text" placeholder="Your email" class="form-control">
                  </div>
                </div>

                <!-- Form actions -->
                <div class="form-group">
                  <div class="col-md-12 text-right">
                    <button onClick="return validateForm()" type="submit" class="btn btn-primary btn-lg">Submit</button>
                 ` </div>
                </div>
              </fieldset>
              </form>
            </div>
          </div>
        </div>
    </div>

PHP

session_start();
$username=$_POST['username'];
$password=$_POST['password'];

// Connection
$conn = mysql_connect("localhost", "root", "MIS42520!$") or die (mysql_error());

//Select the database to use
mysql_select_db ("cookie", $conn);

// SQL query to fetch information of registerd users and finds user match.
$sql = mysql_query("select * from login where password='$password' AND username='$username'",     $connection);

$result = mysql_query($sql, $conn) or die(mysql_error());

$row  = mysql_fetch_array($sql);

if(is_array($row)) {
$_SESSION["username"] = $row[username];
$_SESSION["password"] = $row[password];
} else {
$message = "Invalid Username or Password!";
}

if(isset($_SESSION["user_id"])) {
header("Location:user_dashboard.php");
}

`mysql_*` functions are [deprecated](http://php.net/manual/en/migration55.deprecated.php), stop using them. — The Blue Dog, Dec 07 '14 at 18:02
Why do you think that `[...]the data is being taken from phpmyadmin`? Your question is completely unrelated to phpMyAdmin. And how does your problem differ from your previous question [Get information out of sql and put it in a form](http://stackoverflow.com/questions/26937084/get-information-out-of-sql-and-put-it-in-a-form). Additionally you should first fix basic errors like `$row[username]` — t.niese, Dec 07 '14 at 18:06
This code is tremendously vulnerable to SQL injection. **Your site will get hacked if you don't write more secure code.** — ceejayoz, Dec 07 '14 at 18:07
[See this repo](https://github.com/halfer/php-tutorial-project/tree/rebase4) for how to do login, sessions and password storage using a modern database engine. It's unfortunate for beginners that login is one of the hardest things to do correctly `:-)`. — halfer, Dec 07 '14 at 18:11
Don't use plaintext passwords. Look into using password_hash and password_verify functions for password hashing. — Mike Brant, Dec 10 '14 at 04:26

score 0 · Answer 1 · answered Dec 07 '14 at 18:10

0

I think this is your problem as I notice your form action is target on same page.

if(isset($_POST['username']) && isset($_POST['password'])){

//grab all your php code here
}

And please dont use mysql_* function since it was deprecated

answered Dec 07 '14 at 18:10

user3815506

91
11

Simple Login Using Sessions / SQL

1 Answers1