Code help

Ok I am a newbie trying to teach myself PHP. I am trying to create a login system and am on day 3 trying to figure what is wrong. I am getting no error messages but am being directed back to the main_login. Can someone please help?
[php]

<?php $mysqli = mysqli_connect("127.0.0.1", "root", "", "mydatabase") or die(mysqli_error()); session_start(); if (!isset($_session['user_id'])){ if ((!isset($_POST['username'])) || (!isset($_POST['password']))) { header("Location: http://127.0.0.1/Project1/scripts/main_login.php"); exit; $username = mysqli_real_escape_string($mysqli, $_POST['username']); $password = mysqli_real_escape_string($mysqli, $_POST['password']); $sql = "SELECT user_id, username FROM mydatabase WHERE username = '".$username."' AND password = PASSWORD('".$password."')"; $result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli)); if (mysqli_num_rows($result) == 1) { $result = mysqli_fetch_array($results); $user_id = $result['user_id']; $_SESSION['user_id'] = $user_id; $_SESSION['username'] = $username; header("location: http://127.0.0.1/Project1/scripts/page1.php"); } else { header("location: http://127.0.0.1/Project1/scripts/main_login.php"); exit; } } } mysqli_close(mysqli); ?>

[/php]

This should help you out a little-bit…not guaranteeing that it will work for I didn’t test it. It should be close though if it doesn’t or a few modifications…well I pretty sure you will have to modify it. :wink:

notice form action=“login.php” …so the name of the file would have to be login.php
[php]<?php
session_start();
// A nice password hashing library:
// Find it here: https://github.com/ircmaxell/password_compat/blob/master/lib/password.php
// You will have to hash your user’s password in the registration file, but that is a different
// lesson.
// Read the Documentation for further help and how to use the pashing hashing library:

$mysqli = new mysqli(“127.0.0.1”, “my_user”, “my_password”, “mydatabase”);

/* check connection */
if (mysqli_connect_errno()) {
printf(“Connect failed: %s\n”, mysqli_connect_error());
exit();
}
// The above could go in a utility file for example require(“includes/common.php”);

require(“includes/common.php”);
include(‘includes/password.php’);
// Get Input from usually from a form:
if (isset($_POST[‘action’]) && $_POST[‘action’] == ‘login’) {

$username = $_POST['username'];
$password = $_POST['password']; // needs to be hased see above

// It uses a prepared statment, but you could had just used 
// mysqli_real_escape_string for Username and just did username='username' 
   //  I think (I might be mixing up my mysqli and PDO  :D) in the query:
if ($stmt = $mysqli->prepare("SELECT user_id, username, password FROM mydatabase WHERE username=?")) {

	/* bind parameters for markers */
	$stmt->bind_param("s", $username);

	/* execute query */
	$stmt->execute();

	/* bind result variables */
	$stmt->bind_result($row['user_id'], $row['username'], $row['password']);

	/* fetch value */
	$stmt->fetch();	   

	/* close statement */
	$stmt->close();
} 

// The Above checks to see if the username is in the databese 
// The Belows checks the password.
if($row)
{
	// Like already stated above this will have to be
	// more secure, please refere above:	
	if ($password == $row['password']) {
		$loginOK = true;
	} else {
		echo 'Login Failed';
		$loginOK = false;	
	}
	
}	

if ($loginOK) {
            // You never want to store any critical data in $_SESSION
	unset($row['password']);
	// Format is this : $_SESSION['user']['username'] for example...
	$_SESSION['user'] = $row;
	// redirect to a members page of some sort:	
	header("Location:members.php"); 
	exit;
}

}

?>

Username:

Password:

[/php]

Thank you sir for your help. After modifications I am getting an unexpected end of file error @ ?>.

[php]

<?php session_start(); $mysqli = new mysqli("127.0.0.1", "root", "", "mydatabase"); if ($mysqli->connect_errno) { printf("Connect failed: %s\n", $mysqli->connect_error); exit(); } if (isset($_POST['action']) && $_POST['action'] =='login') { $username = $_POST['username']; $password = $_POST['password']; if ($stmt = $mysqli->prepare("SELECT user_id, username FROM clients WHERE username = '$username')) { $stmt->bind_param(%s, $username); $stmt->execute(); $stmt->bind_result($row[user_id], $row[username], $row[password]); $stmt->fetch(); $stmt->close(); } } if($row) { if ($password == $row[password]) { $loginOK = true; } else { echo 'Login Failed'; $loginOK = false; } } if ($loginOK) { unset($row[password]); $_SESSION[username] = $row; header('Location:members.php'); exit; } ?>[/php]

This is my error codes:

SCREAM: Error suppression ignored for
( ! ) Parse error: syntax error, unexpected end of file in C:\wamp\www\Project1\scripts\checklogin.php on line 50

Alrighty! I finally got passed the login. This is such a testy code with the ’ ', " ", ( ), { } but I am detemined to learn it. Thank you so much for your help. I am sure I will be back REAL soon.

Kay :smiley:

Ok, well it’s logging in regarless of what I enter for the username and password. UGGGGH!!

Sponsor our Newsletter | Privacy Policy | Terms of Service