Coding bugs(plz help)

A

Anonymous

Guest
my problem is :whenever i log in ,it always shown 'You are not log in'.
Never show "You are logged in as :xxx"

For example:i do a testing,i input username:abc and password:1234 in "user" table.
Next,i try to log in using abc and 1234.But,still shown 'You are not log in'

can anyone tell me which part have bugs?or how i edit the code?

I already use a phpeditor to check bugs,but no warning shown.

Hope u able to help me.
TQ
------------------------------------------------------------------------------
Code: 
//login.html
<html>

<head>


<title>Login here</title>
</head>

<body>

<form method="POST" action="login.php">
	
	
	Username
	<input type="text" name="username" size="20"></p>
	Password
	<p><input type="text" name="password" size="20"></p>
	
 <input type="submit" value="Submit" name="B1">
 <input type="reset" value="Reset" name="B2"></p>
</form>

</body>

</html>
----------------------------------------------------------------------

//login.php

<?php
session_start();

if(isset($_POST['username'])&&isset($_POST['password']))
{

$username=$_POST['username'];
$password=$_POST['password'];

$db=new mysqli('localhost','root','','kelly'); 

if(mysqli_connect_errno()){
echo 'Connection to database failed:'.mysqli_connect_error();
exit();
}

$query='select* from user '
."where username='$username'"
 ."and password=sha1('$password')";

$result=$db->query($query);



if($result->num_rows >0)
{
$_SESSION['valid_user']=$username;
}

$db->close();
}
?>

<html>
<body>
<h1>Home Page</h1>
<?php

if(isset($_SESSION['valid_user']))
{
	echo'You are logged in as :'.$_SESSION['valid_user'].'<br />';
}
else
{
	echo'You are not log in';
}

?>

-----------------------------------------------------------------------//end
 
Note that sessions end (by default) if you close your browser. Is this the case !?
Check your php.ini for session.cookie_lifetime and perhaps session.gc_maxlifetime for an inactivity timeout case.
 
ur original query is this:
# $query='select* from user '
# ."where username='$username'"
# ."and password=sha1('$password')";

I think other things are ok but why dont u write a simple query and check like:
$query="select *from user where username='.$username' and password='.$password'";
the encryption can also be added.
I think this can solve the problem.If u are only to login then no session is required but if required to maintain logged status until logout then session is required.
 
Now i get it :)
cty said:
i input username:abc and password:1234 in "user" table.
Click to expand...
You have 1234 in your database table, but you're asking for a SHA1 of 1234.
 
You must log in or register to reply here.
Back
Top