0

I am trying to make a login page for my website and it worked on xampp, but when I switched to a server, it wouldn't select a database. I'm also using a namecheaps hosting. Here is my php code: https://pastebin.com/tSBxJpy9 `

<?php

ob_start();
$host="localhost";  
$username="username";
$password="password";  
$db_name="suffix_login";
$tbl_name="members";
$link = mysqli_connect("localhost", "username", "password", "suffix_login");


mysqli_connect("$host", "$username", "$password", "login")or die("cannot connect");
mysqli_select_db("$link" ,"$db_name")or die("cannot select DB");


$myusername=$_POST['myusernamea'];
$mypassword=$_POST['mypassworda'];


$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($link ,$myusername);
$mypassword = mysqli_real_escape_string($link ,$mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysqli_query($link ,$sql);


$count=mysqli_num_rows($result);



if($count==1){


$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>`

Thanks in advance

Cœur
  • 32,421
  • 21
  • 173
  • 232
Slavsquat
  • 3
  • 2
  • **Never store plain text passwords!** Please use **[PHP's built-in functions](http://php.net/manual/en/function.password-hash.php)** to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)**. Make sure you **[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. – John Conde Jun 07 '18 at 11:44
  • 1
    What actual error do you get? What have you done to troubleshoot this? Have you verified your database name is correct and the database actually exists? – John Conde Jun 07 '18 at 11:44
  • Rewrite `mysqli_connect("localhost", "username", "password", "suffix_login");` as `mysqli_connect("localhost", "username", "password", "suffix_login") or die(mysqli_error())` and check the output.. – Romeo Sierra Jun 07 '18 at 11:46
  • I guessing, since there is no info aboit the reomte db, your host (localhost) could be wrong. Do you checked your remote credentials and settings? – Michael Jun 07 '18 at 11:47
  • Sorry for the late response but i tried adding 'or die(mysqli_error())' and it showed me a blank screen and before adding it it would say 'cannot select db' – Slavsquat Jun 07 '18 at 12:56

3 Answers3

2

There are 4 ways to select a database:

  • in the mysqli_connect() call (which you are already doing)
  • via mysqli_select_db() which is failing
  • within the SQL - mysqli_query($link, "use $dbname");
  • or by just referencing the database name as a prefix to the table: SELECT * FROM my_db.a_table

So in the code above mysqli_select_db is somewhat redundant. But the reason it is failing is that you quoted $link in your call to mysqli_select_db() which casts the $link object as a string, and breaks it in the process. Change your code to:

 mysqli_select_db($link,"$db_name")or die("cannot select DB");

and remove the second call to mysqli_connect()

And please DO NOT USE stripslashes() here.

And please learn how to salt and hash passwords.

symcbean
  • 45,607
  • 5
  • 49
  • 83
  • Sorry i didnt have much sleep so i missed some stuff and right now it trying to get it functional and then make it as secure as possible. – Slavsquat Jun 07 '18 at 14:37
0

You are passing strings in and not your variables, look:

$link = mysqli_connect("localhost", "username", "password", "suffix_login");

Also, the usual SQL Injection attack vulnerability is present. Try switching to using prepared statements and bound params. See here https://phpdelusions.net/pdo#prepared

delboy1978uk
  • 10,948
  • 2
  • 14
  • 31
0

Here's the fix:

<?php

ob_start();
$host="localhost";  
$username="username";
$password="password";  
$db_name="suffix_login";
$tbl_name="members";
$link = mysqli_connect($host, $username, $password, $db_name);

...
Majd Arbash
  • 89
  • 3