Problem with login script

[accoun80]

I'm trying to set up a simple login system. Every time, I enter the correct credentials it tells me that they're wrong. What can I do to fix it?
This is the full code:
of the login form:

PHP Code:

<html>
 <head>
  <title>Login Test</title>
 </head>
 <body>
  <h2>Login Test</h2>
  <form method="post"  action="login_test/login.php">
  <p>Username: <input type="text" name="Username"/></p>
  <p>Password: <input type="password" name="Password"/></p> 
  <p><input type="submit" value="Login" /></p>
  </form>
 </body>
</html> 


;
of login_test/login.php:

PHP Code:

<?php

 ob_start();
 $host="localhost"; 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name 


// Connect to server and select databse.
 mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
 mysql_select_db("$db_name")or die("cannot select DB");


// Define $myusername and $mypassword 
 $myusername=$_POST['myusername']; 
 $mypassword=$_POST['mypassword']; 


// To protect MySQL injection (more detail about MySQL injection)
 $myusername = stripslashes($myusername);
 $mypassword = stripslashes($mypassword);
 $myusername = mysql_real_escape_string($myusername);
 $mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
 $result=mysql_query($sql);


// Mysql_num_row is counting table row
 $count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
 session_register("myusername");
 session_register("mypassword"); 
 header("location:status.php");
 }
 else {
 echo "Wrong Username or Password";
 }

ob_end_flush();
 ?>

.
Please help would be greatly appreciated.

[mraz]

i think your mistake is linking the submitted data on the form does not match with the validation script.

try changing like below so that it matches with your validation script.

My PHP is kinda rusty anyways so i'm here to learn as well..

PHP Code:

  <p>Username: <input type="text" name="myusername" id="myusername"/></p>
  <p>Password: <input type="password" name="mypassword" id="mypassword"/></p> 


PHP Code:

// Define $myusername and $mypassword 
 $myusername=$_POST['myusername']; 
 $mypassword=$_POST['mypassword']; 


[misson]

@accoun80: Read the following, as your script has many of the same issues:

• Problem with encrypting passwords.
• Re: Undefined variable: adminEmail in line 50 activation email not getting sent!?
• Create User Accounts
• Database problem
• Re: Page redirection problem
• Re: [PHP] MySQL and PHP
• Display all that would be secret while Mysql is broken

Partial list of issues to look for:

• outdated mysql extension
• md5 considered broken
• no password salt
• or die
• SELECT *
• session fixation vulnerability
• missing <label> elements in form
• tight coupling of separate concerns
• DB connection handled in main script

Also, session_register is deprecated in PHP 5.3 and removed in 5.4. Use session_start, session_regenerate_id, $_SESSION.

[accoun80]

Can someone give me a link for a tutorial that works. please? I have been trying different ones for ages now and not one has worked.

[essellar]

Did you read the links misson posted? If you follow the one titled "Creating User Accounts", you'll find a link to a decent registration/login script at Github by callumacrae. Apart from the fact that it emails passwords in clear text to the user (never do that; email is too vulnerable), it's not at all bad from either a security or a code-quality standpoint. The whys and wherefores are in a couple of big long postings in that thread and in "Problem with encrypting passwords".

[misson]

About the only thing I have to add is that if you're planning on writing a login or account system for your site, stop. The only reason to write your own is for self-education, and whatever results shouldn't be used on a production site. Systems already exist that will be more secure than whatever you come up with. SSO (single sign-on) looks promising. Better still would be to use something like OpenID.

[accoun80]

About the only thing I have to add is that if you're planning on writing a login or account system for your site, stop. The only reason to write your own is for self-education, and whatever results shouldn't be used on a production site. Systems already exist that will be more secure than whatever you come up with. SSO (single sign-on) looks promising. Better still would be to use something like OpenID.

I need a login system where people don't register. It will work like a network only people with login and password will be able to see it. Please someone help.