473,408 Members | 1,858 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > problem with login script using php

Join Bytes to post your question to a community of 473,408 software developers and data experts.

Problem with login script using php

17
Hey guys. I seem to be having a problem with security on my login script.


This is the code for my login page.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2.     include('connect.php');
  3.  
  4.     $username=$_POST['username'];
  5.     $password=$_POST['password'];
  6.  
  7.     // protect from MySQL injection 
  8.     $username = stripslashes($username);
  9.     $password = stripslashes($password);
  10.     $username = mysql_real_escape_string($username);
  11.     $password = mysql_real_escape_string($password);
  12.  
  13.     $encrypted_password=md5($password);
  14.  
  15.     $sql="SELECT * FROM staff WHERE username='$username' and password='$encrypted_password'";
  16.     $sqlresult=mysql_query($sql)or die("Could not retreive data from table");
  17.  
  18.     $row=mysql_fetch_array($sqlresult);
  19. ?>
  20.  
All the code is working fine and it directs to the admin.php file upon successful login


Expand|Select|Wrap|Line Numbers
  1. <?php
  2.             if (isset($_POST['submit']))
  3.             {
  4.  
  5.                 if ($row['username']==$username && $row['password']==$encrypted_password)
  6.                 {
  7.                     $username = $_SESSION['username'];
  8.                     $password = $_SESSION['password'];
  9.                     header("Location:admin.php");
  10.                 }
  11.  
  12.                     elseif ($username == '' || $password == '')
  13.                     {
  14.                         echo '<div style="padding:5px 10px 5px 10px; margin:0px auto 20px; border:2px solid #FF0000; color:#FF0000; width:176px;">';
  15.                         echo "Please fill in all required fields";
  16.                         echo '</div>';
  17.                     }
  18.  
  19.                         else
  20.                         {
  21.                             echo '<div style="padding:5px 10px 5px 10px; text-align:center; margin:0px auto 20px; border:2px solid #FF0000; color:#FF0000; width:255px;">';
  22.                             echo "INCORRECT USERNAME AND PASSWORD ENTERED:";
  23.                             echo "<br/>";
  24.                             echo "Please enter a valid username and password";
  25.                             echo '</div>';
  26.                         }
  27.             }
  28.         ?>    
  29.  
  30.  
However, if I type in 'admin.php' into the appropriate place in the url in the address bar then I can view the page that should be secured with a login. Currently I have used sessions on the admin page to redirect somebody if they haven't first logged in.

Expand|Select|Wrap|Line Numbers
  1.  
  2. <?php
  3.     session_start();
  4.  
  5.         if ($_SESSION['username'] = '')
  6.         {
  7.             header("location:login.php");
  8.         }
  9. ?>
  10.  
Any feedback would be much appreciated
Dec 29 '11 #1
3 1574
johny10151981
1,059 1GB
this line is wrong
Expand|Select|Wrap|Line Numbers
  1. if ($_SESSION['username'] = '')
  2.  
  3. //correct line would be
  4. if ($_SESSION['username']=='')
  5. //..
  6.  

and in the log in page i.e. login.php start your session and as well save the user id in session
Dec 29 '11 #2
James

johny10151981 is right, you are missing an = , it is better to include a session check file in every page other than login page & the code should be like this
Expand|Select|Wrap|Line Numbers
  1. <?php
  2.     session_start();
  3.  
  4.         if ($_SESSION['username'] == '')
  5.         {
  6.             header("location:login.php");
  7.         }
  8. ?>
  9.  
also make sure you set $_SESSION['username'] once logged in credentials are checked correct.
Jan 2 '12 #3
Dormilich
8,658 Expert Mod 8TB
Expand|Select|Wrap|Line Numbers
  1. <?php
  2.     session_start();
  3.  
  4.         if ($_SESSION['username'] = '')
  5.         {
  6.             header("location:login.php");
  7.         }
  8. ?>
some nifty little trick to avoid this problem:
if ('' == $_SESSION['username'])
should you accidentally write
if ('' = $_SESSION['username']),
you’ll be prompted with an error.
Jan 5 '12 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

3
php login script error
by: koolyio | last post by:
Hey, could you please tell me what is wrong with my login script. I just started learning php. CODE: login.php <? session_start(); header("Cache-Control: private"); ?>
PHP
1
login script to database
by: Peter..... | last post by:
Hi all. I want to make a login script( using python) to a homepage. The password and name is stored in a PostgreSQL database, so I have to go to connect to the database ( I know how to do that )...
Python
2
session problem with login script
by: Tom | last post by:
I hope someone can help me figure out what's going on here. I've re-read the section on sessions at php.net and Googled this high and low but I haven't found anything that quite explains my...
PHP
3
Login script for php
by: damico | last post by:
I'm a VERY basic webmeister for a non-profit group and need to password protect an area. How does that work? Is there some boilerplate script I can drop in?
PHP
2
Login script which only works some of the time...?
by: dubdave | last post by:
Hi I wrote a very basic login script which acesses a mySQL database, like this:- <?php // compares values entered in login page form with mySQL database, and then directs either to...
PHP
2
Can't create simple login page using asp:login control
by: Sasquatch | last post by:
I'm having trouble creating a simple login page using the asp:login control. I followed some instructions in a WROX book, "Beginning ASP.NET 2.0," and the instructions are very straight forward,...
ASP.NET
2
login script and mysql database problem
by: drah | last post by:
Hello not exactly sure if it is a php script problem or a database/table issue i apologize if i'mposting in wrong category. I was asked to put a login script on a site for someone and i made the...
PHP
8
tolkienarda
trouble with login script
by: tolkienarda | last post by:
hi all i have a login script that is simplified with out any extra stuff. and it doesn't seem to work. i think the problem is something to do with session variables. but i am not sure what it is....
PHP
3
PHP - MySQL Login script error
by: bull1099 | last post by:
I designed a simple site which has a login for users to access their account page. When i had my files uploaded on a terrible hosting service site, my website I designed was fully functional. I moved...
PHP
1
Rediffmail login script in html
by: sadanandsuvarna | last post by:
Hi, I hv created following script for rediffmail login, i've saved login name and password and has saved it with .html extension so that when i click on the file it wud directly take me to inbox...
HTML / CSS
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!