Login system don't want to log on web page
Question
I created a login system for my web page. On localhost when i enter my username and password and click to login it works. When i do it on the live site, nothing happend.
Here is my code:
<?php
if(isset($_POST['username']) && isset($_POST['password'])){
$password=$_POST['password'];
$username=$_POST['username'];
$password_hash=md5($password);
if(!empty($username) && !empty($password)){
$query= "SELECT id FROM studenti WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password_hash)."'";
if($query_run=mysql_query($query)){
$query_num = mysql_num_rows($query_run);
if($query_num==0){
echo '<div class="text1">Pogresan Username/Password</div>';
}else if ($query_num==1){
$user_id=mysql_result($query_run,0, 'id');
$_SESSION['user_id']=$user_id;
header('Location : index.php');
}
}
}else{
echo '<div class="text2">Morate upisati Username i Password</div>';
}
}
?>
Here you can try it EXAMPLE Registraion works ok, and all users are in datebase, also my password field in datebase is 35 char long.. (md5). I don't see where is problem..
This is code of registration :
<?php
require 'core.php';
require 'connectdb.php';
if(!loggedin()){
if(
isset($_POST['password']) && isset($_POST['password_again'])&& isset($_POST['username'])&& isset($_POST['ime'])&& isset($_POST['prezime'])){
$password=$_POST['password'];
$password_again=$_POST['password_again'];
$username=$_POST['username'];
$ime=$_POST['ime'];
$prezime=$_POST['prezime'];
$password_hash=md5($password);
if(!empty($password) && !empty($password_again)&& !empty($username)&& !empty($ime)&& !empty($prezime)){
if($password!=$password_again){
echo '<div class="text2">Passwordi se ne poklapaju :)</div>';
}else{
$query="SELECT username FROM studenti WHERE username='$username'";
$query_run = mysql_query($query);
if(mysql_num_rows($query_run)==1){
echo '<div class="text2">Korisnicko ime'.' '.$username.' '.'vec postoji</div>';
}else{
$query="INSERT INTO studenti VALUES ('','".mysql_real_escape_string($username)."','".mysql_real_escape_string($password_hash)."','".mysql_real_escape_string($ime)."','".mysql_real_escape_string($prezime)."')";
if($query_run=mysql_query($query)){
header('Location: uspjeh.php');
}else{
echo '<div class="text2">Dogodila se greska, probaj kasnije!</div>';
}
}
}
}else{
echo '<div class="text4">Popuni sva polja</div>';
}
}
?>
Here is my all code in pastebin My server use PHP version 5.3.26 so i don't need to use mysqli_connect();
1 answers
solution1
0 2014-01-10 14:23:12
You are missing connectdb.php in the first file (require/include)! Maybe you got no database connection.
You must set session_start() at the beginning of each file that uses the $_SESSION[] variable.
And you should switch to mysqli or PDO , because mysql is deprecated and will be removed in newer versions of PHP.
With mysql_real_escape_string() you only got basic security. Take a look at prepared statements (mysqli) / prepared statements (PDO) .
And you must escape values in every query, including "SELECT". (For example the $username )
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.