Login Form

I want to do checking for my login form.

if(isset($_POST['SUBMIT']))
	{
		if($_POST['SUBMIT']=='Sign In')
		{
			if($_POST['username'] && $_POST['password'] &&  $_POST['txtbranch']) {
				
				$username = addslashes($_POST['username']);
				$password = addslashes($_POST['password']);
				$txtbranch = addslashes($_POST['txtbranch']);
				echo $txtbranch;
				
						
				$query_callbranch=mysql_query("SELECT * FROM branch WHERE BRANCHID='$txtbranch' ")or die(mysql_error());
				while($rowcallbranch=mysql_fetch_array($query_callbranch)){
					$txtbranchname = $rowcallbranch['branchname'];
					$txtbranchid = $rowcallbranch['branchid'];
					echo $txtbranchname;
					echo $txtbranchid;
				
				
				$hash_pass = $password;
				
				$query = mysql_query("select * from sysfile where username='".$username."', password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
				 
				$count_user = mysql_num_rows($query);
				if($count_user==1){
					$row = mysql_fetch_array($query);
					$_SESSION['userid'] = $row['userid'];
					$_SESSION['username'] = $row['username'];
					$_SESSION['pin'] = $row['pin'];
					$_SESSION['branchid'] = $_POST['txtbranch'];
				}else{
					$error = 'Error Username and Password.';	
				}
				}
			}
		}
	}

Will there be any error if I write like this?

1 Like

One incomplete line of code, out of context is not a lot to go on.
Only you can know if your script runs without error, by enabling error reporting.

1 Like

I already edited my code.

1 Like

That is a bit more info to go on.

Depending on your PHP version, unless it’s very old you will get warnings about using the deprecated mysql functions. In PHP7 it won’t run at all, as these functions have been removed, they no longer exist.
The script needs updating to use either mysqli or PDO to run without errors. It can also be more secure using those, as you will have prepared statements available to use.

1 Like

What is this line for?

$hash_pass = $password;

Just assigning one variable to another is not going to hash the password. It looks as though you are using plain text passwords which could very easily be hacked.

1 Like

Actually my username,password and branch is match with the record in database. But it say username,password and branch is wrong.

My username,password and branch is match with the record in database. But it say username,password and branch is wrong.

What version of PHP are you using?

In this code

$query = mysql_query("select * from sysfile where username='".$username."', password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");

is the syntax correct? I’ve never seen multiple conditions split by a comma, rather than either OR or AND. Just gives a syntax error when I try something similar on my local machine.

4 Likes

if it is a test project for practice is good but in the production it has sql injection problem. and as others said mysql removed at php 7, you must use PDO or mysqli

It is deprecated in 5.x. In 7 it has been removed.

IMHO there is enough scope for improvement in the script that starting from scratch would be the best approach.

2 Likes

i edited. i mean that but i have a bad english:grinning:

A login form is an extremely complex system for someone who just started learning PHP 2 seconds ago. Copying&pasting also won’t help you learn anything. “learning” doesn’t come from copying&pasting. It comes from writing code, testing it on a local machine, seeing what the function does, learn how you could make it more simpler, test it again, debug it if necessary. Then if all fails, then you can come and ask questions.

Most people are lazy as hell, but Google search is your best friend when it comes to programming. A quick search (this isn’t from this topic, but a small demonstration) on

Parse error: syntax error, unexpected end of file in /var/www/html/test/test.php on line 3

Tells me that I have a wrong syntax in my PHP code.


I mean, it’s not like your question hasn’t been asked a million times. That doesn’t mean that it excuses the fact that your situation might be slightly different from other searches. All you have to do is take the time and effort to looking through it.


On topic

Yes. [quote=“user9791, post:1, topic:269817”]
if($_POST[‘SUBMIT’]==‘Sign In’)
[/quote]

This is an invalid syntax for PHP (not entirely). People forget the fact that PHP is an HTML parser/generator. PHP stands for

P - PHP
H - Hypertext
P - Proccessor

And what does Hypertext mean? It’s HTML.

H - Hyper
T - Text
M - Markup
L - Language

PHP goes hand-in-hand with HTML. If

<input type="text" name="This is a random name" value="">

is an INVALID HTML line, what makes you think

$_POST['SUBMIT']=='Sign In'

Is a valid PHP line?


This is why people who just started learning PHP 2 seconds ago should really learn the basics of PHP first. Well, more like the basics of HTML & CSS.

I know whats wrong with my code. I should use AND rather than use comma.

2 Likes

My problem

$query = mysqli_query("select * from sysfile where username='".$username."', password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");

How I solve it.

$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");

1 Like

Related topic continued here:-

This topic is closed.

1 Like