How should I link a PHP login script to a mysql database for verification?

Question

I am fairly new to the PHP programming language and am working on my first site using the language but I am having trouble with linking the log in page to the mysql database in order to carry out account verification and create cookies. How should I go about this as the code below has some trouble being executed.

<?php

$connection =  mysql_connect("localhost","root",) or die("Couldn't connect to server!");
mysql_select_db("irrigation",$connection)  or die("Couldn't connect to server!");

if ($_POST['login']){
    if ($_POST['username'] && $_POST['password']){
        $username = mysql_real_escape_string($_POST['username']);
        $username = mysql_real_escape_string(hash("sha512",$_POST['password']));
        $user = mysql_fetch_array(mysql_query("SELECT * FROM 'users' WHERE 'username' = '$username'"));
        if ($user == '0'){
            die("That username doesnt exist! Try making <i>$username</i>today!<a href='index.php'>&larr; Home </a>");
        }
        if ($user['password'] != $password){
            die("Incorrect Password!<a href='index.php'>&larr; Home </a>");
        }
        $salt = hash ("sha512",rand().rand().rand());
        setcookie("c_user",hash("sha512",$username),time()+ 24 * 60 *60,"/");
        $userID = $user['user_id'];
        mysql_query("UPDATE 'users' SET 'salt'='$salt' WHERE 'user_id'='$userID'");
        die("You are now logged in as $username");
            }
        }

echo " 
    <body style='font-family:verdana,sans-serif;'>
        <div style='width: 80%; padding; 10px; border:1px solid #e3e3e3;  background-color;#fff ; color #000;
            <br/>
            <form action=' ' method='post'>
                <table>
                    <tr>
                        <td>
                            <b> UserName: </b>
                        </td>
                        <td>
                            <input type='text' name='username' style='padding: 4px;'/>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <b>Password</b>
                        </td>
                        <td>
                            <input type='password' name='password' style='padding: 4px;'/>
                        </td>
                    </tr>
                    <tr>
                        <td>    
                            <input type='submit' value='Login'>
                        </td>
                    </tr>
                </table>
            </form>
            <br />
            <h6>
                No Account? <a href='register.php'> Register here!</a>
            </h6>
        </div>
    </body>

    ";
?>

Whenever I press the submit button, nothing happens.

Answer 1

Using the code you pasted here nothing is happening because you have a typo: <div style='width: 80%; padding; 10px; border:1px solid #e3e3e3; background-color;#fff ; color #000; <div style='width: 80%; padding; 10px; border:1px solid #e3e3e3; background-color;#fff ; color #000;

That div tag isn't being closed here. Just change that line to <div style='width: 80%; padding; 10px; border:1px solid #e3e3e3; background-color;#fff ; color #000;'> <div style='width: 80%; padding; 10px; border:1px solid #e3e3e3; background-color;#fff ; color #000;'> <div style='width: 80%; padding; 10px; border:1px solid #e3e3e3; background-color;#fff ; color #000;'> (note the '> added to the end) and your Login button should work.

Edit

To get your code working please fix these issues too:

1. Change $username = mysql_real_escape_string(hash("sha512",$_POST['password'])); into $password = mysql_real_escape_string(hash("sha512",$_POST['password'])); (notice the change to $password in the beginning)
2. Change <input type='submit' value='Login'> into <input type='submit' value='Login' name='login'> (adding name='login' ). This is needed to get the line if ($_POST['login']) working.

And as the others pointed it out:

There is no more support for mysql_* functions, they are officially deprecated , no longer maintained and will be removed in the future. You should update your code with PDO or MySQLi to ensure the functionality of your project in the future.

Answer 2

add name="login" to your submit button, the name attribute is what is used as the key in the POST array.

eg

<input type='submit' value='Login' name="login">

The form doesn't have an action either but when it's not supplied it should default to the same address but it might be better to remove the attribute completely.

You don't need to echo the html as a string either, you could just use HTML directly and use PHP in the places that it's needed.

You should read up about the deprecation of mysql_* functions too.

Answer 3

In your code you forgot <form action="pageName.php" method="POST"> . Give submit button name like <input type='submit' value='Login' name='submit'> .

Answer 4

You overwrite your $username variable with the password:

$username = mysql_real_escape_string($_POST['username']);
$username = mysql_real_escape_string(hash("sha512",$_POST['password']));

The second line should most probably be:

$password = ...

And, as already suggested, don't use the deprecated mysql_* functions, they will be removed from future PHP versions and your code will stop working. If you are still learning, learn directly with mysqli_* or PDO.