database - Code not working while trying to pull user login data from form in php -


i created registration form works fine in php project undertaking. attempt use form, login form in pull username , password data user verify against database. getting parsing errors , other errors. haven't started validation yet haven't got basics in ready.

i don't think i'm going right way or if it's silly mistake.

    <edit remove important info>     // check connection     if (mysqli_connect_errno())   {       echo "failed connect mysql: " . mysqli_connect_error(); }        if (isset($_session['logged'])){ //already logged in         //$url= 'x'; // page         exit(); //ends script if user logged in       } else { //not logged in or submitted          }          $user_name = mysqli_real_escape_string($con,$_post['username']);        $pass = mysqli_real_escape_string($con,$_post['password']);     $notify="";     if(isset($_post['notify_box'])){ $notify = $_post['notify_box'];         $query=mysqli_query($con,"select * `websiteusers` username ='$user_name' , password ='$pass'");       $count = $mysqli_num_rows($query); //checks db      $row = mysqli_fetch_array($query);       if($count==0){ //db empty       echo "sorry, password , username not in db. click here try again.";      }      else{ // pw , un match, user login success     $_session['logged']=1; //start session     $_session['username']=$user_name; //session data     }     // } // opening brace not found     mysqli_close($con);     exit();     } // opening brace not found    ?> 

edit

i found in form

<input name="user_name" type="varchar" >  

which should

<input name="user_name" type="text"> 

also, use

$pass = mysqli_real_escape_string($con,$_post['pass']);  

instead of

$pass = mysqli_real_escape_string($con,$_post['password']); 

yet i'm unsure password line, since using md5 , plain text.

you may have set to:

$pass=md5($_post['pass']); 

there few issues code.

you have missing quote @ end of '$user_name

where username ='$user_name 

which needs changed to:

where username ='$user_name' 

as missing semi-colon @ end of query. $query=mysqli_query("select....

and (for 1 thing) $username=form($_post['user_name']); invalid, since form considered function.

use $username=$_post['user_name']; or better yet:

$username=mysqli_real_escape_string($con,$_post['user_name']); 

a missing semi-colon @ end of $password=md5($_post['pass'])

a missing $con @ beginning of query.

which included in complete rewrite below.

line rewrite:

$query=mysqli_query($con, "select * `websiteusers` username ='$user_name' , password ='$pass'" ); 

plus, noticed you're storing passwords using md5. it's no longer recommended use this. using php's password function

complete rewrite:

n.b.: $url variable has not been defined anywhere else, i'm unsure of functionality. plus there 2 unused ending braces } @ end of code, commented out, along exit();

you may closing db connection prematurely placement of mysqli_close($con); should faced error message. left in place, commented out , moved @ end of script.

please give try, hoping things fall place should.

<?php     // create connection      $con=mysqli_connect("x","x","x","x");      session_start(); //starts  users session       // check connection     if (!$con) {         die('connect error: ' . mysqli_connect_errno());     }       //echo "1 record added";       if (isset($_session['logged'])){ //already logged in         $url= 'http://danu6.it.nuigalway.ie/sm4business/browse.html'; // page         exit(); //ends script if user logged in       } else { //not logged in or submitted          $username=mysqli_real_escape_string($con,$_post['user_name']);         $pass=md5($_post['pass']);       } // mysqli_close($con); // may being closed prematurely.      $query=mysqli_query($con,"select * `websiteusers` username ='$user_name' , password ='$pass'");       $r = $mysqli_num_rows($query); //checks db      $row = mysqli_fetch_array($query);       if($r==0){ //db empty       echo "sorry, password , username not in db. click here try again.";      }      else{ // pw , un match, user login success     $_session['logged']=1; //start session     $_session['username']=$user_name; //session data     }     // } // opening brace not found     // exit();     // } // opening brace not found      mysqli_close($con); // moved here   ?> 

Comments

Popular posts from this blog

php - regexp cyrillic filename not matches -

c# - OpenXML hanging while writing elements -

sql - Select Query has unexpected multiple records (MS Access) -