Search code examples
phphtmlsqlauthenticationundefined-index

PHP Login System

So i am having a slight problem with my PHP login system.When trying to login it continues to say username/password incorrect although it is stored in the database and there is an undefined index. Login page

<?php include("header.php"); ?>
<?php
if(isset($_POST["user_login"]) && isset($_POST["password_login"])){
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]);
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]);
$password_login_md5 = md5($password_login);
$sql = mysql_query("SELECT id FROM `users` WHERE username='$user_login'AND       password='$password_login_md5' LIMIT 1");

$userCount = mysql_num_rows($sql);
if($userCount == 1){
while($row = mysql_fetch_array($sql)){
  $id = $row["id"];
}
if (isset($_SESSION["user_login"]) && isset($_POST["user_login"])){
$_SESSION["user_login"] = $user_login;
header("Location: home.php");
exit();
}
}else{
echo '<div class="echo">Username/Password is incorrect</div>';
exit();
}
}
?>

Header page

<?php
mysql_connect("localhost","root") or die("Couldnt connect");
mysql_select_db("pageslip") or die("Couldnt slect db");
?>
<?php
session_start();
if(isset($_SESSION['user_login'])){
$user = $_SESSION["user_login"];
}
else
{
//header("Location: home.php");
}
?>

Logout Page

<?php
session_start();
session_destroy();
header("Location: index.php");
?>

Home Page

<?php
include("header.php");
if(isset($_SESSION["user_login"]) && isset($_POST["user_login"])){
echo $_SESSION["user_login"];
}
?>

I am currently not worrying about the password hash just yet and it would be helpful to stay on topic of the problem and to get a direct solution.

Solution

  • Note:: I am using mysqli_ instead of mysql_, But dont think mysqli_ automatically secure your applications. You need to learn more.

    You did not give the name for the first file, i am assuming its login.php, and neither you show us your form so i created my own short form. for you to understand it you can change it according to your need.

    The sort form i created is here

    <form action="login.php" method="POST">
<!--As i gave the file name login.php, if your file name is different you 
can change it.-->
    Username:<input type="text" name="user_login"><br/>
    Password:<input type="password" name="password_login"><br>
    <input type="submit">
</form>

    Now from here your code start

    For Login.php (you can change the file name. as you want)

    <?php include("header.php"); ?>
<?php
if(isset($_POST["user_login"]) && isset($_POST["password_login"])){
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]);
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]);
//$password_login_md5 = md5($password_login); i removed this line as you say you 
//are not worry about the security, at this time. 
$sql = mysqli_query($con,"SELECT id FROM `users` WHERE username='$user_login'AND password='$password_login' LIMIT 1")or die(mysqli_error($con));

$userCount = mysqli_num_rows($sql);
if($userCount == 1){
while($row = mysqli_fetch_array($sql)){
  $id = $row["id"];

  $_SESSION['user_login']=$_POST['user_login'];
}
if (isset($_SESSION["user_login"]) && isset($_POST["user_login"])){
$_SESSION["user_login"] = $user_login;
header("Location: home.php");
exit();
}
}else{
echo '<div class="echo">Username/Password is incorrect</div>';
exit();
}
}
?>

    **Reason:**its always showing this message that username/password incorrect, is this Because that how you coded means your query is not returning any thing. is not because you entered wrong username or password in your form. thats only means you did not execute your query properly.

    ** Header page.** 

    <?php
$con=  mysqli_connect('localhost', 'root', '', 'pageslip') or die(mysqli_error($con));

?>
<?php
session_start();
if(isset($_SESSION['user_login'])){
$user = $_SESSION["user_login"];
}
else
{
//header("Location: home.php");
}
?>

    Logout page. 

    <?php
session_start();
session_destroy();
header("Location: index.php");
?>

    Home page.

    <?php
include("header.php");
if(isset($_SESSION["user_login"]) ){
echo $_SESSION["user_login"];
}

?>

//**Note: ** I change this line 
//if(isset($_SESSION["user_login"]) && isset($_POST["user_login"])){ 
//to this if(isset($_SESSION["user_login"]) ){
//Means i removed this part && isset($_POST["user_login"]) 
//Reason i am explaining below

    Reason:: on the home page you cant access the $_post, variable, Post request are only available for action page like if form action="loging.php" you can not access it on any other page.

    In my view you are thinking because you started a session thats mean you can access the post request. not this is not how the session work. in session you can store the value, and can access it on other pages. but not the post request. means it being destroyed after you left the page. and as in your case you are redirecting the user to the home page, thats means there will nothing in the $_post; so thats why i removed it.

    To understand it better do two thing in home page, first use var_dump($_session); and check the result it will produce the array, and use var_dump($_post); it will give the result like this array(0) { } means there is nothing in the $_post for the homepage.

    Hope you get the idea.

    And you got one more problem undefined index.

    This is not the big problem. i am assuming you got this problem in the form section. It simply means you have not defined the index. simple add this on the top of the form like this. $_post['user_login']="";

    it will go away, repeat this for every undefined index error.