login script returns blank page
-
I have written a login page but each time I login it returns a blank page even with a wrong password please help: the login page is as follows:
<body>
<form action="methods/login.php" method="post"> * <label>Username:</label><input type="text" name="username" size="10" value="" /> * <label>Password:</label><input type="password" name="password" size="10" value="" /> * <input type="submit" name="login" value="Log In" /> * <input type="submit" name="join" value="Join" /> </form></body>
</html>and the php login script is
any help will be greatly appreciated
-
I have written a login page but each time I login it returns a blank page even with a wrong password please help: the login page is as follows:
<body>
<form action="methods/login.php" method="post"> * <label>Username:</label><input type="text" name="username" size="10" value="" /> * <label>Password:</label><input type="password" name="password" size="10" value="" /> * <input type="submit" name="login" value="Log In" /> * <input type="submit" name="join" value="Join" /> </form></body>
</html>and the php login script is
any help will be greatly appreciated
I believe your MySql query may be failing, causing you to see nothing other then a blank page. Your code seems weird to me as you escape strings the same way as you do column names and table names, which is a nono for MySQL. If you want to escape table / column names use the query below instead.
"SELECT `id` FROM `users` WHERE username= '$username' AND password='$pass'"
-
I have written a login page but each time I login it returns a blank page even with a wrong password please help: the login page is as follows:
<body>
<form action="methods/login.php" method="post"> * <label>Username:</label><input type="text" name="username" size="10" value="" /> * <label>Password:</label><input type="password" name="password" size="10" value="" /> * <input type="submit" name="login" value="Log In" /> * <input type="submit" name="join" value="Join" /> </form></body>
</html>and the php login script is
any help will be greatly appreciated
The default PHP.INI error notify settings are set to NOT DISPLAY. Check out DEVELOPER SETTINGS in error notify and enable it. By default the production setting is recommended. Also instead of tightly locking your application to MySQL, use Adodb Abstraction Library for PHP (http://adodb.sourceforge.net/[^])
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
The woods are lovely, dark and deep, But I have promises to keep, And miles to go before I sleep, And miles to go before I sleep! -
I believe your MySql query may be failing, causing you to see nothing other then a blank page. Your code seems weird to me as you escape strings the same way as you do column names and table names, which is a nono for MySQL. If you want to escape table / column names use the query below instead.
"SELECT `id` FROM `users` WHERE username= '$username' AND password='$pass'"
I have changed the query script and done a var_dump it returns the values entered but it still does not run the query script even with a wrong password.
-
No idea how because if you dont enter any fields it returns the error of supply username and password? any help anyone ??
-
I have written a login page but each time I login it returns a blank page even with a wrong password please help: the login page is as follows:
<body>
<form action="methods/login.php" method="post"> * <label>Username:</label><input type="text" name="username" size="10" value="" /> * <label>Password:</label><input type="password" name="password" size="10" value="" /> * <input type="submit" name="login" value="Log In" /> * <input type="submit" name="join" value="Join" /> </form></body>
</html>and the php login script is
any help will be greatly appreciated
That should work I think. - Removed quotes from 'id' - I added "LIMIT 1" to your query to only return a maximum of one result. You should also: - "Salt your passwords" - Clean Input using mysql_real_escape_string()
-
That should work I think. - Removed quotes from 'id' - I added "LIMIT 1" to your query to only return a maximum of one result. You should also: - "Salt your passwords" - Clean Input using mysql_real_escape_string()
Thanks alot for all the input I have tried a couple of the solutions. I have had different outcomes with the same result. At the moment I am using Marc Firth's solution and getting "-Invalid username / password" with a wrong or correct password. With no values entered it returns "You must supply a username and password." Am not really good at reading and understanding the "IF" "ELSE" working but would appreciate if someone gives a clue to what to do.
-
Thanks alot for all the input I have tried a couple of the solutions. I have had different outcomes with the same result. At the moment I am using Marc Firth's solution and getting "-Invalid username / password" with a wrong or correct password. With no values entered it returns "You must supply a username and password." Am not really good at reading and understanding the "IF" "ELSE" working but would appreciate if someone gives a clue to what to do.
Try to output the hashed (sha1) password, and compare it to the one in the database. i.e. for user "joe" with password "bloggs" run the following code and compare the output to the mysql query below First get the hash you are creating when you log in (notice the "die"):
<?php
/**
** handles the login feature of the site
** check username and password with variables in the database
*/
require_once("../includes/ikobe.php");if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];$pass = sha1($password); die($pass); if (!empty($username) && !empty($password)) { $query = "SELECT id FROM users WHERE username = '$username' AND password='$pass' LIMIT 1"; $query\_run = mysql\_query($query); $query\_num\_row = mysql\_num\_rows($query\_run); if (mysql\_num\_rows($query\_run) == 0) { echo 'Invalid username / password combination'; } else { echo 'Ok.'; } } else { echo 'You must supply a username and password.'; }}
?>Then compare it to the one in the database:
The two results should match.
-
Thanks alot for all the input I have tried a couple of the solutions. I have had different outcomes with the same result. At the moment I am using Marc Firth's solution and getting "-Invalid username / password" with a wrong or correct password. With no values entered it returns "You must supply a username and password." Am not really good at reading and understanding the "IF" "ELSE" working but would appreciate if someone gives a clue to what to do.
This works (tested):
<?php
session_start();
mysql_connect('localhost', 'user', 'pass');
mysql_select_db('dbname');
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = sha1($_POST['password']);if (!empty($username) && !empty($password)) { $query\_run = mysql\_query("SELECT id, password FROM users WHERE username = '$username' AND password = '$password' LIMIT 1"); if (mysql\_num\_rows($query\_run) == 0) { echo 'Invalid username / password combination'; } else { echo 'Ok.'; } } else { echo 'You must supply a username and password.'; }}
?>Username:
" />Password:
" /> -
This works (tested):
<?php
session_start();
mysql_connect('localhost', 'user', 'pass');
mysql_select_db('dbname');
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = sha1($_POST['password']);if (!empty($username) && !empty($password)) { $query\_run = mysql\_query("SELECT id, password FROM users WHERE username = '$username' AND password = '$password' LIMIT 1"); if (mysql\_num\_rows($query\_run) == 0) { echo 'Invalid username / password combination'; } else { echo 'Ok.'; } } else { echo 'You must supply a username and password.'; }}
?>Username:
" />Password:
" />