Requesting Username & Password In PHP Session

Question

i tried to put username & password dynamically but It doesnt work with stored username & password in DB and stays on same page.... really depressed.

<?php include "../db/db_connection.php";

$username = $_POST['txt_username'];
$pwd =$_POST["txt_pwd"];
if(empty($username) || $username == ""){
header("location:index.php?err_msg=1");  
exit;
}
if(empty($pwd) || $pwd == ""){
    header("location:index.php?err_msg=2");  
    exit;
}
$sql = "SELECT username,password FROM users WHERE username= '$username' and password= '$pwd'";
$result =  mysqli_query($con,$sql);
if(mysqli_num_rows($result)==1){
    header("location:dashboard.php"); 
}
else{
    header("location:index.php?err_msg=3"); 
}
if($_REQUEST['txt_username'] == $username && $_REQUEST['txt_pwd'] == $pwd){
    $_SESSION['txt_username'];
    $_SESSION['txt_pwd'];
header("Location:dashboard.php");
}
else{
header("Location:index.php");
}
?>`

Thanks for updating us on your emotional status. If you could, please, describe the problem **in detail** before posting the code, that would greatly help us help you — N.B., Nov 27 '13 at 13:39
@user3041902 Is user password stored in plain text? not encrypted? — Jason Heo, Nov 27 '13 at 13:42
I would recommend you to read also something about SQL injections. — tttpapi, Nov 27 '13 at 13:42

score 0 · Answer 1 · answered Nov 27 '13 at 13:42

0

Those lines doesn't nothing..

$_SESSION['txt_username'];
$_SESSION['txt_pwd'];

maybe:

$_SESSION['txt_username'] = $user;
$_SESSION['txt_pwd'] = ...;

?

answered Nov 27 '13 at 13:42

Daniele Vrut

2,565
1
19
32

i did that but it stays on same page no use :( – Hubbak Khan Nov 27 '13 at 13:58

score 0 · Answer 2 · answered Nov 27 '13 at 14:00

You can try this, I am not sure if this is exactly what you are looking for...

    <?php session_start();

    $username = $_POST['txt_username'];
    $pwd =$_POST["txt_pwd"];
    if(empty($username) || $username == ""){
    header("location:index.php?err_msg=1");  
    exit;
    }
    if(empty($pwd) || $pwd == ""){
        header("location:index.php?err_msg=2");  
        exit;
    }
    $sql = "SELECT username,password FROM users WHERE username= '$username' and password= '$pwd'";
    $result =  mysqli_query($con,$sql);
    if(mysqli_num_rows($result)==1){
        $_SESSION['txt_username'] = $username;
        $_SESSION['txt_pwd'] = $pwd;
        header("location:dashboard.php"); 
    }
    else{
        header("location:index.php?err_msg=3"); 
    }
    header("Location:index.php"); // if it stays on the same page remove this line

    ?>

score 0 · Answer 3 · edited May 23 '17 at 10:25

I restructured your code to look more clean.

Also I suggest you to avoid using mysql and start using mysqli (or PDO) to avoid SQL injection attacks.

<?php session_start();

if(isset($_SESSION['txt_username']) && !empty($_SESSION['txt_username'])) {
      //If we enter here the user has already logged in
      header("Location:dashboard.php");
      exit;
}

if(!isset($_POST['txt_username'])) {
     header("location:index.php?err_msg=1");  
     exit;
}
else if(!isset($_POST["txt_pwd"])) {
     header("location:index.php?err_msg=2");  
     exit;
}

$username = $_POST['txt_username'];
$pwd = $_POST["txt_pwd"];

//We use MYSQL with prepared statements BECAUSE MYSQL IS DEPRECATED
$mysqli = new mysqli('localhost', 'my_bd_user', 'mi_bd_password', 'my_bd');
$sql = "SELECT 1 FROM users WHERE username= ? and password = ?";
$stmt = $mysql->prepare($sql);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$stmt->bind_result($result);
$stmt->fetch();

if(!empty($result)) {
    //IF we enter here user exists with that username and password
    $_SESSION['txt_username'] = $username;

    header("location:dashboard.php"); 
    exit;
}
else{
    header("location:index.php?err_msg=3"); 
}

Try it.

score 0 · Answer 4 · answered Nov 27 '13 at 14:05

I checked your code and found everything is correct .I wold like you to add connection file on this.

Like

$username = "root";
$password = "password";//your db password
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) 
 or die("Unable to connect to MySQL");


//select a database to work with
$selected = mysql_select_db("db name",$dbhandle) 
  or die("Could not select Database");

Thanks

score -1 · Accepted Answer · answered Nov 27 '13 at 13:45

-1

Try below code : i have reviewed and changed your code :

<?php session_start();
mysqli_connect("locahost","username","password");
mysqli_select_db("database_name");

$username   =   trim($_POST['txt_username']);
$pwd        =   trim($_POST["txt_pwd"]);
if($username == ''){
    header("location:index.php?err_msg=1");  
    exit;
}
if($pwd == ""){
    header("location:index.php?err_msg=2");  
    exit;
}

$sql = "SELECT `username`,`password` FROM users WHERE `username`= '".$username."' and password= '".$pwd."'";
$result =  mysqli_query($sql);
if(mysqli_num_rows($result)>0){
     $_SESSION['txt_username']  =   $username;
    $_SESSION['txt_pwd']        =   $pwd;
    header("location:dashboard.php"); 
}
else{
    header("location:index.php?err_msg=3"); 
}
?>

answered Nov 27 '13 at 13:45

pankaj

69
4

How did you change it? – andy Nov 27 '13 at 13:54
thx a lot, i tried but it does not work with any of the username nd pass... could u plz help me wid my proj. if u have skype id plz tell me so that i can get in touch wid u thx :) – Hubbak Khan Nov 27 '13 at 14:08
thx a lot dude i tried once again it worked and now if i want to view username at admin panel so wats for it? thx a lot again........:) – Hubbak Khan Nov 27 '13 at 14:20
dude it works also widout "trim" can u tell me why u use trim here? – Hubbak Khan Nov 27 '13 at 14:42

Requesting Username & Password In PHP Session

5 Answers5