如何解决PHP中的登录错误

Question

I have made a login page in php. for database i have used here mysql. If i want to login it is always showing the message username password wrong ...but there is already exist the username and password. So i cannot find out what is the problem.

http://jsfiddle.net/Sazal/my4wvnvt/

this is my login design page..

here is below the checklogin.php code..

// userName and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['pwd'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE userName='$myusername' and pass='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1 ){
// Register $myusername, $mypassword and redirect to file "login_success.php"
//session_register("myusername");
//$_SESSION['login_user']=$myusername; // Initializing Session
//$_SESSION['myusername']=$myusername;
//$_SESSION['password']=$mypassword;
//session_register("mypassword");
header("location:home.php");
}
else {
//echo "Wrong Username or Password";
header("Location:index.php?errorMssg=".urlencode("Wrong Username or Password"));
}
?>

Answer 1

Your form elements have no name attributes. You cannot rely on an "id" alone.

<input type="text" class="form-control" id="username" placeholder="Enter username">

and

<input type="text" class="form-control" id="pwd" placeholder="Enter password">

You need to add them, since you are declaring

$myusername=$_POST['username'];
$mypassword=$_POST['pwd'];

Modify to:

<input name="username" type="text" class="form-control" id="username" placeholder="Enter username">

and

<input name="pwd" type="text" class="form-control" id="pwd" placeholder="Enter password">

---

I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack .

---

Sidenote: You should also add exit; after each header.

Ie:

if($count==1 ){
    header("location:home.php");
    exit;
}
else {
//echo "Wrong Username or Password";
    header("Location:index.php?errorMssg=".urlencode("Wrong Username or Password"));
    exit;
}

---

• Consider using mysqli with prepared statements , or PDO with prepared statements , they're much safer .

---

A few things to also consider is that your column(s) length should be long enough to accomodate your data as is the column type.

When storing password hashes, I myself use VARCHAR to its fullest; 255.

I admit it's an overkill, but that's just me.

Answer 2

Try:

<input name="username"...>

Not:

<input id="username"...>

Same for password.

It's the value of the "name" attribute that indexes the $_POST array.

Also, try a var_dump($_POST); in your php script, to test what you actually receive from your html form, before searching errors on the mysql side.

Answer 3

Your input fields has no name attributes use name="" using id's and class's does not sent the values of the filed via post request
without name attribute the input field you can't get data via post request