GeneralCan GeneralCan - 1 month ago 5
PHP Question

PHP - login script

I have this login script, but for some reason its not working. I checked the database, the form, and I have re-written the script in like 5 different ways; however, they all have the same problem, it does not start the session. Here is the code:


//connect and select DB
mysql_connect ("localhost", "root", "") or die ('Error: ' . mysql_error());
mysql_select_db('usr_info')or die ("cannot select DB :(");

//transfer values sent from form
$usrname = $_POST['usrname'];
$passwrd = $_POST['passwrd'];

//injection protection
$usrname = stripslashes($usrname);
$passwrd = stripslashes($passwrd);
$usrname = mysql_real_escape_string($usrname);
$passwrd = mysql_real_escape_string($passwrd);

$sql = "SELECT * FROM usrs
WHERE usremail='$usrname'
and passwrd='".md5($_POST['passwrd'])."'";
$result = mysql_query($sql);

//count the number of rows found with the given info
$count = mysql_num_rows($result);

//the matched result must be equal to 1
if ($count == 1) {
$_SESSION['u_name'] = $usrname;
header("Location: ../../landing.php");
else {
echo "Wrong Username or Password";

this is the form im using:

<div id="login-signup" class="letters2"><a href="javascript:blankfunction()">Login | Signup</a></div>
<div id="point-1" class="point-1"><img src="site-wide/point-1.png" width="405" height="131" />
<div id="login-form">
<form id="login" method="POST" action="site-wide/effects/login.php">
<label for="username"></label>
<input type="text" name="usrname" id="usrname" value="email" onfocus="clearMe(this);" onblur="unClearMe(this);"/>
<label for="passwrd"></label>
<input type="password" name="passwrd" id="passwrd" value="password" onfocus="clearMe(this);" onblur="unClearMe(this);"/>
<input type="image" src="site-wide/submit.png" name="submit" id="submit" value="login"/>

this is the usrs table in my db:


Field Type Null Default Comments
ID int(4) No
usrfname varchar(15) No
usrlname varchar(15) No
usremail varchar(45) No
passwrd varchar(8) No
usrage int(3) No
usrgender varchar(7) No

I found the answer xD .. the problem was the database. the password field only had 8 characters whereas the actuall md5 password had over 15. so all i did was increase the number of characters the field can handle and viola!


Works fine on my end, just adding what jogesh_p suggested.

Please check if the session has been started prior to continue with the rest of the script. May it be throwing any error? Set the error_reporting like that:

if (!session_start()) {
    die("The session hasn't been started!");

This way you can check if there's any error before proceeding.