Can someone please help me? My username is Blimeo and my password is "password" but when I put my credentials in, it says "Access denied" like I told it to. I am 100% sure that I configured my mySQL database correctly.
<html>
<body>
<?php
echo sha1('Blimeo');
if (isset($_REQUEST['attempt'])) {
$link = mysql_connect('localhost', 'root', 'password') or die('Could not connect to database');
$user = mysql_real_escape_string($_POST['user']);
$password = sha1(mysql_real_escape_string($_POST['password']));
mysql_select_db('test_users');
$query = mysql_query(
"SELECT user
FROM users
WHERE user = '$user'
AND password = '$password'
") or die(mysql_error());
mysql_fetch_array($query);
$total = mysql_num_rows($query);
if ($total > 0) {
session_start();
$_SESSION['user'] = 'blah';
header('location: dashboard.php');
}
else {
echo '<br>Access denied!';
}
}
?>
<form method="post" action="login.php?attempt">
Enter your username:<input type="text" name="user"/><br/>
Enter your password:<input type="password" name="password"/><br/>
<input type="submit"/>
</form>
</body>
</html>
UPDATE, 2016
Please only use existing login systems, which are provided out-of-the-box in nearly every PHP framework! There's absolutly no reason to write this by yourself, as user authentication is a big topic and it will take months (years) to write a serious, stable and modern login solution.
ORIGINAL TEXT, FROM 2012:
As login systems are a security issue and EVERYBODY makes the same mistakes over and over again, i can clearly say:
Take a professional script and work through the code to understand whats happening, what hashing and salting is and what problems session can have.
[removed outdating link]
Here are three projects that might be what you need:
https://github.com/panique/php-login-one-file
https://github.com/panique/php-login-minimal
https://github.com/panique/huge
First of all, you should start your session on the first line of the page.
You should as well update your code to use PDO statements instead of mysql functions. These are slower and mysqli prone.
Then, you need to check if the num rows returned is equal to 1 and not greater than 0. That would be a security issue, as your script can be manipulated to return more than 1 row, and then it would validate and enter the secure area.
The problem seems to me, that, your password doesn't match the db. echo the sha1 of your password and see if it matches the table.
It seems like where the script is breaking is when it's testing for the mysql_num_rows().
Right before:
if ($total > 0)
{
Perhaps try adding the following line to test and make sure that $total is indeed > 0:
echo $total;
Other than that, try testing the mysql query to make sure it'll return at least 1 row from the DB.
make database in mysql then run this code::
<table border="0" align="center" cellpadding="0" cellspacing="0" width="300">
<tr>
<td>
<form method="post" action="flogin.php">
<table width="100%" cellpadding="7" cellspacing="0" border="0">
<tr>
<td colspan="3"><center><strong>Insert Values In DataBase </strong></center><br /></td><br />
</tr>
<tr>
<td width="30%">Name</td>
<td width="10%">:</td>
<td width="60%"><input type="text" name="name" /></td>
</tr>
<tr>
<td width="30%">Last Name</td>
<td width="10%">:</td>
<td width="60%"><input type="text" name="lastname" /></td>
</tr>
<tr>
<td width="30%">Email</td>
<td width="10%">:</td>
<td width="60%"><input type="text" name="email" /></td>
</tr>
<tr>
<td colspan="3"><center><input type="submit" name="submit" /></center><br /></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
mysql_connect("localhost", "root", "") or die("can not connect to database");
mysql_select_db("flogin")or die("can not connect");
if (isset($_POST['submit'])){
$name=$_POST['name'];
$lastname=$_POST['lastname'];
$email=$_POST['email'];
$query=mysql_query("INSERT INTO info(name, lastname, email)VALUES('$name', '$lastname', '$email')");
if($query){
echo "successful";
echo "<br>";
echo "<a href='insert.php'>Back to main page</a>";
}
else {
echo "error";
}
}
?>
<?php
mysql_close();
?>
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 聊天终结者 的文章《Creating a login system in PHP》','https://www.manongdao.com/article-307025.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}