Help with PHP login Script

Could anyone tell me why the following is not working?

<html><body>


<? 
$link = mysql_connect('localhost', 'username', 'password'); if (!$link) {     die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_select_db('database'); 

if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['password']) && !empty($_POST['password'])){      $username = ($_POST['username']);      $password = ($_POST['password']);
 
$search = mysql_query("SELECT username, password, active FROM users WHERE username='".$username."' AND password='".$password."'") or die(mysql_error());      

$match  = mysql_num_rows($search);              }  
if($match > 0){      

echo 'Login Complete! Thanks';    }

else{      echo  'Login Failed! Please make sure that you enter the correct details and that you have activated your account.';  }  

?>          
                

<h3>Login Form</h3>

<p>Please enter your name and password to login</p>                          

<form action="" method="post">              
<label for="name">Name:</label>              
<input type="text" name="name" value="" />              
<label for="password">Password:</label>              
<input type="password" name="password" value="" />                
<input type="submit" class="submit_button" value="Login" />          
</form>  
</body></html>

PHP:

The connected successfully message comes up, but so does the Login Failed! one. I am not sure what I am doing wrong. The stuff I am typing in exactly matches the database info. (I have changed username, password etc. for this post).

This isn't the finished script but I am just checking as I go along, still need to add cookies, session etc. but it is not looking good if I can't do this!

The script isn't mine either, I have adapted it so it works with my registration one.
Thanks

 

You're calling $_POST['username'] in your PHP code, however your HTML username input is set to name attribute is set to "name" instead of "username"

 

your if statement is complicated, i should say.
see the code how it works: http://php-login-script.com

Remove the commas

($_POST['username'])

PHP:

you might want to check for duplicate users before allow to login.

 

Hi
you just add <input type='text' name='username'> instead of <input type='text' name='name'> .

 

Hi

Thank you for your help. Yes I will check for duplication, just wanted to get this bit working first.

Thanks

 

try it with
like: <input type="submit" name="Login" value="Login">

<?php if(isset($_POST['Login']))
{
$username = $_POST['name'];
$password = $_POST['password'];

// your query here
}?>

try this type. hope it will help

 

i am too facing the same issue with admin login page i created .as i am new to php ,i am going through internet.but still not able to sucessfully login as with me ,it causes some session error as below
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampplite\htdocs\project\adminLogin.php:18) inC:\xampplite\htdocs\project\adminLogin.php on line 19

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampplite\htdocs\project\adminLogin.php:18) inC:\xampplite\htdocs\project\adminLogin.php on line 19


dont know what i am missing

 

it basically causing errors at session_start(); line in page beginning

 

are you starting the session at the very first step in code before doing anything?if yes then it wont be a problem. The errors may be due to dual redirection of the page. it would be more preferrable if you post a snipplet of code here.

 

The session_start(); needs to be at the very beginning of the page, before any HTML or headers.

 

<?php	session_start ();
?>
<html>
<body>
<?php


	// It's logged out by default
	$logged = false;
	
	if ( $_POST['login_bt'] ) {
	
		// Make the SQL Connection
		$link = mysql_connect('localhost', 'username', 'password') or die('Could not connect: ' . mysql_error());
				mysql_select_db('database', $link); 
		
		// Check there values have been set
		if( array_key_exists ( 'username' , $_POST ) && $_POST['username'] != '' 
			&& array_key_exists ( 'password' , $_POST ) && $_POST['password'] != '' ){		
				
			// Temporary variables for easier handle
			$username = $_POST['username'];      
			$password = $_POST['password'];		  
			 
			// Make the Query
			$search = mysql_query("SELECT `username`, `password`, `active` FROM `users` WHERE `username` = '" . $username . "' AND `password`= '" . $password . "'", $link ) or die(mysql_error());      
			
			// Check it exists
			if ( mysql_num_rows ( $search ) != 1 ){
				
				// Make a fetch
				$dataCheck = mysql_fetch_array ( $search ) ;
				
				// Validate they match with DB
				if ( $dataCheck['username'] == $username && md5 ( $password ) == md5 ( $dataCheck['password'] ) )
					$logged = true;
				           
			}
			
		}


	} 


	/*
	 * 
	 * You can now use $logged to check wheter is the person
	 * is logged in or not.
	 * 
	 */


?>          
                


<h3>Login Form</h3>


<p>Please enter your name and password to login</p>                          


<form action="" method="post">              
<label for="name">Name:</label>              
<input type="text" name="name" value="" />              
<label for="password">Password:</label>              
<input type="password" name="password" value="" />                
<input type="submit" name="login-bt" class="submit_button" value="Login" />          
</form>  
</body></html>

Code (markup):

Now, first of all I added a "name" to the login button.
Then, I modified your code to be good code, you were missing some quotes here and there, and isset() doesn't work that good. That's why I replaced it with
array_key_exists().

After that, it makes the query and checks there's only ONE result, this is because the user has to eb UNIQUE.
Finally, it validates the post data against the DB data. The md5() can be taken away easily.

Cheers!