User Authentication system

Hi, I am currently working on a site at the moment where the user has to log in, I am working with code from here: http://www.php-mysql-tutorial.com/user-authentication/database.php

<?php
session_start();

$errorMessage = '';
if (isset($_POST['username']) && isset($_POST['password'])) {
include 'mysql_connect.php';

   $userId = $_POST['username'];
   $password = $_POST['password'];

  
   $sql = "SELECT username FROM profile WHERE username = '$userId' AND password = PASSWORD('$password')";

   $result = mysql_query($sql)
             or die('Query failed. ' . mysql_error());

   if (mysql_num_rows($result) == 1) {
      $_SESSION['db_is_logged_in'] = true;
      header('Location: memberhome.php');
      exit;
   } else {
      $errorMessage = 'Sorry, wrong user id / password';
   }

   mysql_close($conn);
}
?>

<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php include 'header.php'; ?>
	
	
		<div id="contentarea">
			<div id="advert"><a href="#"><img src="images/ad.png" alt="advertisement" /></a></div>	
			<div id="contentarea_padding">	
				<div class="content">
				
				<?php if ($errorMessage != '') { ?>
				<?php echo $errorMessage; ?>
				<?php } ?>
				
				<div class="bannertitles">				
				<font color="#b7fd3d">log</font><font color="#fded36">in</font>
				</div><br/><br/>
				
				<form method="post" name="frmLogin" id="frmLogin">
				<div class="inputcontainer">
				<div class="label">Username:</div><input type="text" name="username" size="60" maxlength="60" /> </div>
				<div class="inputcontainer">
				<div class="label">Password:</div><input type="password" name="password" size="60" maxlength="60" /> </div>
				<br/><br/>
				<div class="inputcontainer"><div align="right">
					<input type="submit" name="btnLogin" value="Login"></div></div>
				</form>


			</div>
		</div></div>
		
<?php include 'sidebar.php'; ?>
<?php include 'footer.php'; ?>
</body>
</html>

Code (markup):

and the memberhome.php:

<?php
session_start();

if (!isset($_SESSION['db_is_logged_in'])
   || $_SESSION['db_is_logged_in'] !== true) {

   header('Location: login.php');
   exit;
}

?>

<?php include 'header.php'; ?>
	
	
		<div id="contentarea">
			<div id="advert"><a href="#"><img src="images/ad.png" alt="advertisement" /></a></div>	
			<div id="contentarea_padding">	
				<div class="content">
				success
			</div>
		</div></div>
		
		<?php include 'sidebar.php'; ?>
		<?php include 'footer.php'; ?>
	

Code (markup):

The code all looks fine to me, only it doesn't go to memberhome.php when I put in the correct log in details. Is there something I need to change? Any help will be greatly appreciated.

Thanks

Simon

 

You didn't specify the 'action' parameter for the form.
http://www.w3schools.com/tags/tag_form.asp

 

I set the action to login.php which is the page with the php and form code, however I still get the same problem. If i set the action to memberhome.php it just goes to that page whatever values I put in.

 

This is the code that I have on my site to redirect a member after they have logged in,

							
			// Start defining the URL.
			$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
			// Check for a trailing slash.
			if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
				$url = substr ($url, 0, -1); // Chop off the slash.
			}
			// Add the page.
			$url .= '/index.php';

Code (markup):

This I then follow up with what should happen if login is not successful.

			
			ob_end_clean(); // Delete the buffer.
			header("Location: $url");
			exit(); // Quit the script.
				
		} else { // No match was made.
			echo '<p>Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; 
		}
		
	} else { // If everything wasn't OK.
		echo '<p>Please try again.</p>';		
	}
	
	mysql_close(); // Close the database connection.

Code (markup):

I hope you find this useful.

 

I dont want to be changing the whole code and the code I have looks fine when I read through it, any ideas???

 

Hi, I am now following this script here: http://www.phpeasystep.com/workshopview.php?id=6

However it only allows me to recognise a password written in text format

<input type="text">

Code (markup):

rather than

<input type="password">

Code (markup):

Which obviously isnt the right thing to do on a site, so does anybody know how I get the php/mysql to recognise the text of the password.

Thanks

 

No matter, I sorted it, I didnt set the action to the right page. Thanks