[php] Login

2K8 Group · Jun 12, 2008

I have problems with my login script you can see the problems here: http://2k8.x10hosting.com/test_area/login.php

And the code:

PHP:

<?php
include ('config.php'); 
if (isset($_POST['submitted'])) {
$errors = array();
}
if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['username']))) ) {
$username = $_POST['username'];
$username = mysql_real_escape_string($username);
$query = "SELECT username FROM users WHERE username = '$username'";
$result = mysql_query($query);
}
else  {
$errors[] = '<font color="red">The username you have entered is not on our database.</font>';
}
if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['password']))) ) {
$password = $_POST['password'];
$password = mysql_real_escape_string($password);
$query = "SELECT password FROM users WHERE username= '$username' AND password = '$password'";
$result = mysql_query($query); 
}
else {
$errors[] = '<font color="red">The password you have entered does not match the password on our database.</font>';
}
if (empty($errors)) {
session_register("username");
session_register("password"); 
header ("location:index.php");
}
else {  
echo "The following error(s) occured:<br />";
}        
foreach ($errors as $msg) {
echo " - <font color=\"red\">$msg</font><br />\n";
}
?>
<html>
<head>
</head>
<body>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<table>
<tr>
<td>Username:</td><td><input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" size="30" maxlength="30" /></td>
</tr>
<tr>
<td>Password:<td><input type="password" name="password" size="30" maxlength="30 /></td>
</tr>
<tr>
<td><input type="submit" name="sumbit" value="Login"></td><td><input type="hidden" name="submitted" value="TRUE" /></td>
</tr>
</table>
</form>
</body>
</html>

Someone help me please!

phpasks · Jun 12, 2008

2K8 Group said:

I have problems with my login script you can see the problems here: http://2k8.x10hosting.com/test_area/login.php

And the code:

PHP:

<?php
include ('config.php'); 
if (isset($_POST['submitted'])) {
$errors = array();
}
if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['username']))) ) {
$username = $_POST['username'];
$username = mysql_real_escape_string($username);
$query = "SELECT username FROM users WHERE username = '$username'";
$result = mysql_query($query);
}
else  {
$errors[] = '<font color="red">The username you have entered is not on our database.</font>';
}
if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['password']))) ) {
$password = $_POST['password'];
$password = mysql_real_escape_string($password);
$query = "SELECT password FROM users WHERE username= '$username' AND password = '$password'";
$result = mysql_query($query); 
}
else {
$errors[] = '<font color="red">The password you have entered does not match the password on our database.</font>';
}
if (empty($errors)) {
session_register("username");
session_register("password"); 
header ("location:index.php");
}
else {  
echo "The following error(s) occured:<br />";
}        
foreach ($errors as $msg) {
echo " - <font color=\"red\">$msg</font><br />\n";
}
?>
<html>
<head>
</head>
<body>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<table>
<tr>
<td>Username:</td><td><input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" size="30" maxlength="30" /></td>
</tr>
<tr>
<td>Password:<td><input type="password" name="password" size="30" maxlength="30 /></td>
</tr>
<tr>
<td><input type="submit" name="sumbit" value="Login"></td><td><input type="hidden" name="submitted" value="TRUE" /></td>
</tr>
</table>
</form>
</body>
</html>

Someone help me please!

PHP:

<?php 
ob_start();
session_start();
include ('config.php');
if(isset($_POST["sumbit"]))
{
    if (isset($_POST['submitted'])) {
    $errors = array();
    }
    if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['username']))) ) {
        $username = $_POST['username'];
        $username = mysql_real_escape_string($username);
        $query = "SELECT username FROM users WHERE username = '$username'";
        $result = mysql_query($query);
    }
    else  {
        $errors[] = '<font color="red">The username you have entered is not on our database.</font>';
    }
    if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['password']))) ) {
        $password = $_POST['password'];
        $password = mysql_real_escape_string($password);
        $query = "SELECT password FROM users WHERE username= '$username' AND password = '$password'";
        $result = mysql_query($query);
    }
    else {
        $errors[] = '<font color="red">The password you have entered does not match the password on our database.</font>';
    }
    if (empty($errors)) {
        //session_register("username");
        //session_register("password");
        $_SESSION["int_userid"]    =    user_id;

        header ("location:index.php");
    }
    else {  
        echo "The following error(s) occured:<br />";
    }        
    foreach ($errors as $msg) {
        echo " - <font color=\"red\">$msg</font><br />\n";
    }
}    
?>

2K8 Group · Jun 12, 2008

Thanks and have some rep.

[php] Login

2K8 Group

New Member

phpasks

New Member

2K8 Group

New Member

Free Web Hosting

Our Community

Legal