Why doesn't my PHP script work?


#1

Hello, I am trying to make a login system so that only people with a username and password may login to parts of the website. The problem is, when I use the script below, it sends me to a white page whatever I type in the login box. This is the script:


<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'berntbilpleie');
define('DB_USER','root');
define('DB_PASSWORD','root');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
function SignIn()
{
session_start(); //starting the session for user profile page
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM brukernavn where brukernavn = '$POST[user]' AND passord = '$POST[pass]'") or die(mysql_error());
$row = mysql_fetch_array($query);
if(!empty($row['brukernavn']) AND !empty($row['passord']))
{
$_SESSION['brukernavn'] = $row['passord'];
header("Location: ADM_hovedside");
}
else
{
header("Location:logginn.php");
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>

I can't seem to find out what the issue is. Help would be much appreciated. Thanks!


#2

Here is your code with a bit of formatting and indent:

<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'berntbilpleie');
define('DB_USER', 'root');
define('DB_PASSWORD', 'root');
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db = mysql_select_db(DB_NAME, $con) or die("Failed to connect to MySQL: " . mysql_error());
function SignIn()
{
    session_start(); //starting the session for user profile page
    if (!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
        {
        $query = mysql_query("SELECT * FROM brukernavn where brukernavn = '$POST[user]' AND passord = '$POST[pass]'") or die(mysql_error());
        $row = mysql_fetch_array($query);
        if (!empty($row['brukernavn']) AND !empty($row['passord'])) {
            $_SESSION['brukernavn'] = $row['passord'];
            header("Location: ADM_hovedside");
        } else {
            header("Location:logginn.php");
        }
    }
}
if (isset($_POST['submit'])) {
    SignIn();
}
?>

First, you should really use mysqli instead of mysql functions. Google it, it will be easy enough to find why, but long story short, it's newer MySQL driver and it's more secure.
This line:

$query = mysql_query("SELECT * FROM brukernavn where brukernavn = '$POST[user]' AND passord = '$POST[pass]'")

Should be like this:

// Either this
$query = mysql_query("SELECT * FROM brukernavn where brukernavn = '{$POST[user]}' AND passord = '{$POST[pass]}'") or die(mysql_error());

// Or this
$query = mysql_query("SELECT * FROM brukernavn where brukernavn = '" . $POST[user] . "' AND passord = '" . $POST[pass] . "'") or die(mysql_error());

In your place, I would use 2nd style.

It's bad practice to store password in session under username, but it's your call I guess.
And I guess your redirect fails because:

header("Location: ADM_hovedside");

Should redirect to:

header("Location: ADM_hovedside.html");
// Or
header("Location: ADM_hovedside.php");
// Or something else

I'm not a 100% sure, but I believe that you need to give path to page you want to redirect to to header() inside Location parameter.


#3

to redirect to a file you can omit the extension.but it's better to have.


#4

At first do what @igorcaletacar said

also make sure in your logginn.php file you've name attribute for submit button.

<button type="submit" name='submit' >Login</button>

you should have name attribute that contains submit as value because of

if (isset($_POST['submit'])) {
    SignIn();
}

#5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.