code for login and database connect in php

Question

It doesn't work and I've spent hours and half my hairs trying to work out why. I already had the form imbedded in my html index file with this code:

I want to create login and logout session

My table in mysql database is looking like this

CREATE TABLE member ( id int(10) NOT NULL auto_increment, userName varchar(50) NOT NULL, passWord varchar(50) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM    utf8_general_ci  AUTO_INCREMENT=3 ;

<?php

    // Inialize session

    session_start();
    // Include database connection settings
    $hostname = 'localhost';        // Your MySQL hostname. Usualy named as 'localhost',        so you're NOT necessary to change this even this script has already     online on the   internet.
    $dbname   = 'database'; // Your database name.
    $username = 'root';             // Your database username.
    $password = '';                 // Your database password. If your database has no           password, leave it empty.

     // Let's connect to host
     mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed,        perhaps the service is down!');
     // Select the database
      mysql_select_db($dbname) or DIE('Database name is not available!');


      // Retrieve username and password from database according to user's input
     $userName=mysql_real_escape_string($_POST['username']); 
     $password=mysql_real_escape_string($_POST['password']); 
     $passWord=md5($password); // Encrypted Password

       //*********retrieving data from Database**********

      $query = "SELECT * FROM member WHERE userName='$userName' and passWord='$passWord'";
      //$login = mysqli_query("SELECT userName,password FROM 'member' WHERE userName=          $_post['username'] AND passWord= $_post['password'])");
       // Check username and password match
      $res = mysql_query($query);

      $rows = mysql_num_rows($res);
      if ($rows==1) {
      // Set username session variable

      $_SESSION['userName'] = $_POST['username'];

     // Jump to secured page
      header("Location: securedpage.php");
     }
     else {
     // Jump to login page
     echo "user name and password not found";
     }
     exit;
     ?>

in this code while login it goes directly to user name and password not found even username and password is correct

Lots of red flags here - `mysql_` deprecation, plain-text password storage, no MySQL root password, etc. I'd suggest rethinking this from the ground up after Googling "PHP MySQL login" — jterry, Jan 28 '14 at 15:28
Why are you rolling your own authentication system using MD5, which is a serious red flag, instead of using [a development framework](http://codegeekz.com/best-php-frameworks-for-developers/) that would have already implemented this for you? — tadman, Jan 28 '14 at 15:32
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Oct 30 '19 at 22:51
**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Oct 30 '19 at 22:51

score 0 · Answer 1 · answered Jan 28 '14 at 15:56

Presume that you are using this only for learning purpose not for real application

You should check your DB setting and take care that all things are in place, then you need an form from where you will do post to this php file, here is small update:

<?php

    session_start();
    $hostname = 'localhost';
    $dbname   = 'yourdatabase';
    $username = 'root'; 
    $password = 'yourpassword';
    mysql_connect($hostname, $username, $password) or DIE('Connection to host isailed, perhaps the service is down!');
    mysql_select_db($dbname) or DIE('Database name is not available!');

    $userName=mysql_real_escape_string($_POST['username']); 
    $passWord=md5(mysql_real_escape_string($_POST['password'])); 
    $query = "SELECT id FROM member WHERE userName='$userName' and  passWord='$passWord'";
    $res = mysql_query($query);
    $rows = mysql_num_rows($res);
    if ($rows==1) 
    {
        $_SESSION['userName'] = $_POST['username'];
        header("Location: securedpage.php");
    }
    else 
    {
        echo "user name and password not found";
        // TODO - replace message with redirection to login page
        //  header("Location: securedpage.php");
    }

?>

This should works, but keep in mind this code has to be re written on different way otherwise this one have a big security issues etc..

small correction on db setup

CREATE TABLE member ( id int(10) NOT NULL auto_increment, userName varchar(50) NOT NULL, passWord varchar(50) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM;

score 0 · Answer 2 · answered May 22 '16 at 04:56

Here is the code.... modify and try

<?php
session_start();

$connect = mysql_connect('localhost', 'root', '') or die('Database could not connect');
$select = mysql_select_db('test', $connect) or die('Database could not select');

if (isset($_POST['submit'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    chckusername($username, $password);
}

function chckusername($username, $password){

    $check = "SELECT * FROM login WHERE username='$username'";
    $check_q = mysql_query($check) or die("<div class='loginmsg'>Error on checking Username<div>");

    if (mysql_num_rows($check_q) == 1) {
        chcklogin($username, $password);
    }
    else{
        echo "<div id='loginmsg'>Wrong Username</div>";
    }
}

function chcklogin($username, $password){

    $login = "SELECT * FROM login WHERE username='$username'  and password='$password'";
    $login_q = mysql_query($login) or die('Error on checking Username and Password');

    if (mysql_num_rows($login_q) == 1){
        echo "<div id='loginmsg'> Logged in as $username </div>"; 
        $_SESSION['username'] = $username;
        header('Location: member.php');
    }
    else {
        echo "<div id='loginmsg'>Wrong Password </div>"; 
        //header('Location: login-problem.php');
    }
}
?>

Could you elaborate on what you changed so readers don't have to do a diff to figure out what the problem was? — Noumenon, May 22 '16 at 05:03

code for login and database connect in php

2 Answers2