tags:

views:

104

answers:

2
+1  Q: 

login using session in php 

<?php
ob_start();
include("db_connect.php");
$tbl_name='login';
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
 $myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$encrypted_mypassword = crypt($mypassword,'ctk'); 

 $sql="SELECT * FROM $tbl_name WHERE u_name='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_register("myusername");
session_register("encrypted_mypassword");
header("location:edit-grid.php");
}
else {header("location:main_login.php?a=Login Failed Try Again!!");
//echo "Wrong Username or Password";
}
ob_end_flush();
?>

i have a login page shown above, in localhost it works fine,but shows an error in firebug: Failed to load source for: http://localhost/emp_tracker/main/checklogin.php

In server that is when it is hosted it does not re-direct it fails(session fails),

A: 

Even i had the same issue, but could not figure out the actual reason. Some points which might help are, 1) There should be no output before header. ie. no echo or html 2) Also check if there is proper semicolon at end of each php statement wherever required. 3) After searching on google, it seems the issue might only show up in older version of firebug. (Not sure) 4) Try running each line of code at a time. i.e see if username and passowrd are posted properly by echoing. Also database connection is proper and the query results are as expected.

Do you get a 500 internal server error on server?

noobcode  2010-09-21 06:13:16
i changed the code to this:
mayuri  2010-09-21 06:41:00
Now you removed `session_start` and `session_register` is deprecated. You should use `$_SESSION`, like you did before. See: http://www.php.net/manual/en/function.session-register.php
captaintokyo  2010-09-21 06:49:39
+1  A: 

Updated answer

This code should work:

session_start();
include("db_connect.php");

$myusername = mysql_real_escape_string($_POST['myusername']);
$mypassword = crypt($_POST['mypassword'], 'ctk'); 
$mypassword = mysql_real_escape_string($mypassword);

$sql = "SELECT * FROM `login` WHERE `u_name` = '$myusername' and `password` = '$encrypted_mypassword'";
$result = mysql_query($sql);

if(mysql_num_rows($result) == 1)
{
    $_SESSION['myusername'] = $myusername;
    $_SESSION['encrypted_mypassword'] = $encrypted_mypassword;
    header("Location: http://servername/folder/edit-grid.php");
}
else
{
    header("Location: http://servername/folder/main_login.php?a=Login Failed Try Again!!");
}

Original answer

The line below doesn't make sense. You already started the session at the beginning of your script. Also session_start doesn't take any arguments. Removing it may solve your problem.

session_start('myusername');

Also, you should use the full URL when redirecting:

HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself.

Source: http://www.php.net/manual/en/function.header.php

Edit: There is another mistake in your script. It's in this line:

$_SESSION['myusername']=$result['myusername'];

You use $result['myusername'];, but you should fetch the results first. Like this:

$row = mysql_fetch_assoc($result);
$_SESSION['myusername'] = $row['u_name'];
captaintokyo  2010-09-21 06:26:17
`crypting` a `mysql_real_escaped` password may change the value of the password and prevent a login. First `crypt`, then `escape`.
deceze  2010-09-21 07:03:08
@deceze, thanks, missed that one.
captaintokyo  2010-09-21 07:06:04
i replaced your code in sever, but its still not working, it checks the db, i mean when i gave wrong id,password it shows error message but for right it does not redirect in firebug its showing moved temporarily
mayuri  2010-09-21 07:23:17
@captaintokyo FTFY.
deceze  2010-09-21 07:24:42
@mayuri what is the exact URL you are redirecting to?
captaintokyo  2010-09-21 07:54:13
http://xyz.com/main/edit-grid.php
mayuri  2010-09-21 08:38:50
Does it work if you go to that URL, without being redirected to it? Can you show us the code in edit-grid.php that checks if a user is logged in?
captaintokyo  2010-09-21 09:08:27
<?php session_start(); if(isset($_SESSION['myusername'])) { ?> <html>.... </html><?php }?> edit-grid.php file that checks login session
mayuri  2010-09-21 10:03:53
This code does work on localhost, right? Sorry, but I don't know what else I can do for you. Maybe you should contact your host and ask them what is going on.
captaintokyo  2010-09-21 11:21:04
ya it works in localhost, but in server it shows failed to load?.
mayuri  2010-09-21 11:39:47
I need more info to help you... Can you post the full/exact error message here? What is the URL in your browser when you get the error message? Is that the URL you expected? Again: can you see edit-grid.php if you enter the URL directly in you browser? Are you sure you uploaded edit-grid.php correctly?
captaintokyo  2010-09-21 13:04:35
http://svr.seekseoservices.com/main/main_login.php this the domain i am hosting , edit-grid.php is uploaded correctly
mayuri  2010-09-21 13:08:46
edit-grid.php directly is not coming because session is not created, but when i remove session and try its working correctly,i mean its redirecting.
mayuri  2010-09-21 13:14:43
How do you know the problem is with the session?? There could be an error on edit-grid.php that doesn't have anything to do with sessions! Again: Can you post the full/exact error message here? What is the URL in your browser when you get the error message?
captaintokyo  2010-09-21 13:24:53
when i remove the session, it redirests so i think its due to session.
mayuri  2010-09-21 13:26:28
Well, what **EXACTLY** happens when you fill in the correct username and password? Which URL to you see in your browser after submitting the login form? What is the full/exact error message? If you don't answer these questions I cannot help you. (No guarantee that I can help you if you do answer these question ;-))
captaintokyo  2010-09-21 13:40:03
@captaintokyo.. when i enter correct user name and password,the page does not redirect to next page,instead it redirects to main page that means remain in same page, in firebug it shows "Failed to load source for: http://svr.seekseoservices.com/main/checklogin.php"
mayuri  2010-09-23 05:52:02

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases