Problem with login system

Hi guys!

I’ve just started working with PHP and MySQL to build a login system. This is the code:


<?php

	session_start();
	
	if($_POST && !empty($_POST['username']) && !empty($_POST['password'])) {
		
		$connection = mysqli_connect('localhost', 'username', 'password');
		mysqli_select_db($connection, 'utenti');
		$query = "SELECT * FROM utenti WHERE username = ? AND password = ? LIMIT 1";
		
		if (mysqli_query($connection, $query) {
			
			$_SESSION['status'] = 'authorized';
			header("location: indexcopia.php");
		
		};
		
	}
		
		

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

	<head>
		<title>Title</title>
		<!-- <link rel="icon" href="favicon.ico"> -->
		<meta name="description" content=""/>
		<meta name ="keywords" content=""/>
		<meta http-equiv="Content-Type" content ="text/html; charset=iso-8859-1"/>
		<link rel="stylesheet" href="css/styles.css" media="all"/>	
	</head>
	
	<body>
	
	<div id="header">
		<h1>Title</h1>
	</div>
	
	<div id="login">
		<h2>Login</h2>
		<form method="post" action="">
			<div>
				<label for="username">Username: </label>
				<input type="text" name="username"/>
			</div>
			<div>
				<label for="password">Password: </label>	
				<input type="password" name="password"/>
			</div>
			<div>
				<input type="submit" value="Login" name="submit"/>
			</div>
		</form>
	</div>
	
	<div id="footer">
		<p>Copyright</p>
	</div>
	
	</body>

</html>

This, of course, doesn’t work :smiley:

What’s wrong in the code?

Oh sorry, we call it like that in Italian.

(mysqli_num_rows($result) != 0) is the guard ^^

try


if(mysqli_num_rows($result) != 0){
// we have rows for the user/pass start the session
}

I would go one step further and get username, userlevel from the database and assign them to session also.
$_SESSION[‘username’] = $row[‘username’]; etc…

echo mysqli_num_rows($result); after mysqli_query.

That will tell you if you are pulling any rows.

I tried to change that but the problem remains. Basically, the header() function still doesn’t do anything. I’ve looked for a solution to the problem and I’ve read that sometimes there are problems with this function when you use $_POST or when you output something before using the header() function. Anyway, everything should be ok in the code, why is it that it still doesn’t work? Is there another way to do a redirect using PHP?

Sorry for the up. I’ve changed one line of code (7th line):

<?php
if('POST' === $_SERVER['REQUEST_METHOD']){
  if(false === empty($_POST['username']) && false === empty($_POST['username'])){

    $conn = mysqli_connect('localhost', 'root', 'root', 'users');
    
    if(!$conn){
      echo 'Database Error: ' . mysqli_connect_error() ;
      exit;
    }
    
    $sql = sprintf(
      "SELECT username FROM users WHERE username = '%s' AND password = '%s' LIMIT 1",
      mysqli_real_escape_string($conn, $_POST['username']),
      mysqli_real_escape_string($conn, $_POST['password'])
    );
    
    $result = mysqli_query($conn, $sql);
    
    if(is_resource($result) && 1 === mysqli_num_rows($result)){
      session_start();
      $_SESSION['is_authorised'] = true;
      header('Location: indexcopia.php');
      exit;
    }
    
  }
}
?>

because the old version kept giving me database errors. Anyway, instead of being redirected to “indexcopia.php” I still remain on the same page. Why?

Thank you very much! before trying this, could you please explain what this code exactly does and what was wrong with mine? :slight_smile:

Knew that XD

Apart from being vulnerable to sql injection, you’re not checking the output from the query to see if any records were returned in order to determine if the user is legitimate or not.

Yeah, I though so. How can I check this?

I am wondering if you would not be better off working through the w3schools php and database tutorials before continuing on with your project.

I definitely will. The only thing is, I would need this thing pretty soon :frowning:

Just having a quick look at your code - Lots :shifty:

Apart from being vulnerable to sql injection, you’re not checking the output from the query to see if any records were returned in order to determine if the user is legitimate or not.

I am wondering if you would not be better off working through the w3schools php and database tutorials before continuing on with your project.

Yes, it works, when I insert a correct username-password combination I see a 1.

Here you go.


<?php
if('POST' === $_SERVER['REQUEST_METHOD']){
  if(false === empty($_POST['username']) && false === empty($_POST['username'])){
    
    $conn = mysqli_connect('localhost', 'username', 'password', 'schema');
    
    if(false === is_resource($conn)){
      echo 'Database Error: ' . mysqli_connect_error() ;
      exit;
    }
    
    $sql = sprintf(
      "SELECT username FROM utenti WHERE username = '&#37;s' AND password = '%s' LIMIT 1",
      mysqli_real_escape_string($conn, $_POST['username']),
      mysqli_real_escape_string($conn, $_POST['password'])
    );
    
    $result = mysqli_query($conn, $sql);
    
    if(is_resource($result) && 1 === mysqli_num_rows($result)){
      session_start();
      $_SESSION['is_authorised'] = true;
      header('Location: http://www.example.org/members.php');
      exit;
    }
    
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

    <head>
        <title>Title</title>
        <!-- <link rel="icon" href="favicon.ico"> -->
        <meta name="description" content=""/>
        <meta name ="keywords" content=""/>
        <meta http-equiv="Content-Type" content ="text/html; charset=iso-8859-1"/>
        <link rel="stylesheet" href="css/styles.css" media="all"/>    
    </head>
    
    <body>
    
    <div id="header">
        <h1>Title</h1>
    </div>
    
    <div id="login">
        <h2>Login</h2>
        <form method="post" action="">
            <div>
                <label for="username">Username: </label>
                <input type="text" name="username"/>
            </div>
            <div>
                <label for="password">Password: </label>    
                <input type="password" name="password"/>
            </div>
            <div>
                <input type="submit" value="Login" name="submit"/>
            </div>
        </form>
    </div>
    
    <div id="footer">
        <p>Copyright</p>
    </div>
    
    </body>

</html>

‘guard of the cycle’ , what do you mean?

No wait! I’ve changed the guard of the cycle and it now works! Why is that?