How to fix this login form in PHP

Question

Please help me.

When I input the correct username and password nothing happens If i put in an incorrect combo it outputs:

Invalid Username or Password..

Please help me to fix this, here's the code:

<?php
if(isset($_POST['submit']))
{
$Username=$_POST["user"];  //variable declaration for Username
    $Password=$_POST["pass"];  //variable declaration for Password(Encrypted)

    $query2 = "SELECT * FROM admin WHERE username1='$Username' and pasword2='$Password'";  // . this is correct dont worry about this
    $result = mysql_query($query2);  //execute query
    $host    = "localhost"; // Host name
    $db_name = "db_login";      // Database name
    $db_user = "root";      // Database user name
    $db_pass = "";      // Database Password
        // Table column from which suggestions will get shown

    $conn = mysql_connect($host,$db_user,$db_pass)or die(mysql_error());
    mysql_select_db($db_name,$conn)or die(mysql_error());

    $count = mysql_num_rows($result);  //no of data found
    $row = mysql_fetch_array($result, MYSQL_NUM); //rows no.
    if($row)
    {
        session_start();
        $USW=$_SESSION["username1"] = $row[2];
        $_SESSION["usertype"] = $row[4];        
        $ui=$_SESSION["Id"] = $row[0];
                                $row[4];            
    }
            $Us=$_POST['user'];
           $Up=$_POST['pass'];
      if($count == 1)  //if data found is 1
    {
        if($row[4] == "admin") //then if user type is admin
        {

            header("location:Admin/Home.php?ui=$ui");
        }
        else  //if not
        {

            header("location:user/index.php?ui=$ui");
        }
    }
    else //if data is not found or greater than 1
    {

        echo '<b style="color:red;">Invalid Username or Password</b><br>';
        echo '<b style="color:white;">Please try again..</b>';
        header("index.php");
    }
}
?>

help me to fix the login if the input password and username is correct

curious; is this intended for or is already a live site? I hope not — Funk Forty Niner, Aug 01 '15 at 14:09
plus, you had this working http://stackoverflow.com/q/31675018/ so why the repost? — Funk Forty Niner, Aug 01 '15 at 14:47
bcuz . the other one .. do not have admin and user header location.. so i changed it .. but its not working properly anymore thats why i repost to fix this.... — Mḁṝk Pḹṏciṏṩ, Aug 01 '15 at 15:01
use working code, make a copy of it and add to it after, don't overwrite working code. always build slowly, then when something breaks, you'll know what to go after to troubleshoot the problem. — Funk Forty Niner, Aug 01 '15 at 15:02
you also did not answer my first question about if this is for a live site or is intended to go live. — Funk Forty Niner, Aug 01 '15 at 15:11

martynasma · Answer 1 · 2015-08-01T14:14:58.610

1

You need to move the mysql_num_rows() call after the actual query:

$result = mysql_query($query2);  //execute query
$count = mysql_num_rows($result);  //no of data found
$row = mysql_fetch_array($result, MYSQL_NUM); //rows no.

Having said that, your code makes your DB wide open for SQL injection attacks.

Another note is that MySQL PHP module in deprecated. Consider using MySQLi.

edited Aug 01 '15 at 14:14

answered Aug 01 '15 at 14:04

martynasma

8,542
2
28
45

Should also add a note about SQL injections and deprecated driver. – chris85 Aug 01 '15 at 14:09
@chris85 that isn't the only thing – Funk Forty Niner Aug 01 '15 at 14:11
@chris85 Good point. – martynasma Aug 01 '15 at 14:11
1

@Fred-ii- Ah yes, guess I should have gone further into the code. – chris85 Aug 01 '15 at 14:14

score 0 · Answer 2 · edited Aug 01 '15 at 14:13

0

Execute Query only after connecting to the database

$result = mysql_query($query2);

should come after

$conn = mysql_connect($host,$db_user,$db_pass)or die(mysql_error());

edited Aug 01 '15 at 14:13

chris85

23,846
7
34
51

answered Aug 01 '15 at 14:12

Onkoba Sam

1

How to fix this login form in PHP

2 Answers2