-3

I am unable to authenticate using Php/mysql, using the following method. I used a form in order to login. Please check the following and help me out?

form.php

<html>
    <body>
        <h2>Authentication</h2> 
        <form action="login.php" method="post">
            <label>Userid :</label>
            <input type="text" id="userid" name="userid" >
            <label>Password :</label>
            <input type="password" id="password" name="password">
            <input name="submit" type="submit" value=" Login ">
            <span><?php echo $error; ?></span>
        </form>
    </body>
</html>

login.php

<?php
    $message="";
    if(count($_POST)>0) {
        mysql_connect("localhost", "root", "kami123")or
        die(mysql_error());    
        mysql_select_db("ccmsdb") or die(mysql_error());

        $result = mysql_query("SELECT *FROM client WHERE 
        userid='" . $_POST["userid"] . "' AND 
        password = '". $_POST["password"]."'");

        $count  = mysql_num_rows($result);
        if($count==0) {
            $message = "Invalid Username or Password!";
        } else {
            $message = "You are successfully authenticated!";
        }
    }
?>
Thomas Bormans
  • 5,156
  • 6
  • 34
  • 51
kamran javaid
  • 1
  • 2
  • what do you mean "unable to authenticate" ? You don't see the successful message ? You don't have a session ? By the way, mysql is deprecated, you should consider switch to mysqli or pdo. And beware of SQL injections ! http://stackoverflow.com/questions/13944956/the-mysql-extension-is-deprecated-and-will-be-removed-in-the-future-use-mysqli – jiboulex Dec 30 '15 at 08:52
  • You should not post your database root password. You should not store passwords in plain text. And you should definitely read about SQL injection. – dev0 Dec 30 '15 at 08:55
  • it is not operational project, i am working on it will apply anti sqli later. but code is not working what is problem – kamran javaid Dec 30 '15 at 08:57
  • Site note: mysql_* is depricated since newer PHP-Versions and is completely removed in PHP7. See [Why not use mysql_ functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Hecke29 Dec 30 '15 at 09:04
  • 1
    @jiboulex mysql is not deprecated, its doesn't exist anymore, of course in current stable version php, which is 7 ^_^ – Abdul Rehman Dec 30 '15 at 09:16
  • Your code code will not work, bcoz u keep saying `its not working`. let it be `not working` – Abdul Rehman Dec 30 '15 at 09:18

2 Answers2

1

Besides what's already mentioned in the comments, you are missing a space in the query:

SELECT *FROM client WHERE

should be

SELECT * FROM client WHERE
dev0
  • 1,057
  • 8
  • 22
0

Why don't you try PDO? MySQL functions are deprecated.

$err="";
(isset($_POST['email'], $_POST['pass'])) {
$email      =   $_POST['email'];
$pass       =   $_POST['pass'];

    if(!empty($email) && !empty($pass)) {
        if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
                $err = 'Invalid email format.';
                   }
           $dbc = new PDO('mysql:host=YOUR HOST;dbname=YOUR DBNAME', 'YOUR USERNAME', 'YOUR PASSWORD');
                $stmt = $dbc->prepare("SELECT id, name, pass FROM client WHERE email =:email LIMIT 1");
                $stmt -> bindValue(':email', $email);
                $stmt -> execute(); 
                    while( $row = $stmt->fetch(PDO::FETCH_ASSOC) ){
                        if(password_verify($pass, $row['pass'])) {
                            //Logged In 
                            $_SESSION['id'] = $row['id'];
                            $_SESSION['name'] = $row['name'];
                            header('Location:logged_in_user_page.php');
                              ... bla bla ...                   
                        }else {
                            // Not Logged In
                            header('Location:not_logged_in_user_page.php');                         
                        }
                    }           
    }else {
        $err =  'You have to provide an email and a password!';
    }
}
remux -
  • 37
  • 7