Solved

PHP Password Protect form needs password entered twice before working

Posted on 2013-11-07
4
51 Views
Last Modified: 2016-05-27
Im using php to bulid a site , i  have a login page where i have to  insert user and password and added to a session , the problem is i have to type the user name and the password twice until it redirect me to main page.

<?php
ob_start();
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Language" content="ar-sa">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<head>
<title>
Login Form 
</title>
<body bgcolor="#B4DA2D" topmargin="0" leftmargin="0">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
	<tr>
		<td>&nbsp;</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		<div align="center">
			<table border="0" width="620" cellspacing="0" cellpadding="0">
				<tr>
					<td>
				<img border="0" src="images/logo.jpg" width="400" height="195"></td>
					<td width="70">&nbsp;</td>
					<td width="255">
					<table border="0" width="255" cellspacing="0" cellpadding="0">
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
				<font face="Arial" style="font-size: 11pt; font-weight: 700" color="#4E5255">
							Log <span lang="en-us">i</span>n</font></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
<form action='' method="post">
<table>
<tr><td>
                                        <font face="Arial" style="font-size: 9pt" color="#999999">
                                        <span id="lblUsername" class="labelspacing">
										User name</span></font>: </td><td><input type='text' name='username'  /></td></tr>
<tr><td>

                                        <font face="Arial" color="#999999">
                                        <span id="lblUsername0" class="labelspacing">
										<font style="font-size: 9pt">Password</font></span></font>: </td><td><input type='password' name='password' /></td></tr>
<tr><td></td><td><input type='submit' name='submit' value='LOGIN' /></td></tr>
</table>
</form>
							</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td><span lang="en-us">
<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
if ($username && $password) {

$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

if (mysql_num_rows($finduser) ==0) {
      echo "User Name or User Password wrong!";
      }

    if (mysql_num_rows($finduser) !=0) {
        while ($row = mysql_fetch_assoc($finduser)){
           $uname = stripslashes($row['username']);
           $upass = stripslashes($row['password']);
           $privilege = stripslashes($row['privilege']);
        }
        if ($uname == $uname AND $upass == $upass AND $privilege == 1 ){
        $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}
    
	if ($uname == $uname AND $upass == $upass AND $privilege == 2 ){
	    $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}

}

}else{
echo "Please , Enter the fields!";
}
}

mysql_close($con);

ob_end_flush();
?>
	</span></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
					</table>
					</td>
				</tr>
			</table>
		</div>
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		&nbsp;</td>

	</table>
</body>
</head>
</html>

Open in new window

Edited to place the code in the code snippet.
0
Comment
Question by:wm2011
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 31

Assisted Solution

by:Marco Gasi
Marco Gasi earned 250 total points
ID: 39630180
Don't think this can solve the problem, but I would rewrite your code this way, more compact and more readable:

<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
	if ($username && $password) {

		$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

		if (mysql_num_rows($finduser) !=0) {
			while ($row = mysql_fetch_assoc($finduser)){
			   $uname = stripslashes($row['username']);
			   $upass = stripslashes($row['password']);
			   $privilege = stripslashes($row['privilege']);
			}
			$_SESSION['sessionname'] = $uname;
			$_SESSION['sessionpass'] = $upass;
			$_SESSION['sessionpriv'] = $privilege;
			if ($privilege == 1){
				echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
			}else if ($privilege == 2) {
				echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
			}else{
				echo "User Name or User Password wrong!";
			}
		}else{
			  echo "User Name or User Password wrong!";
		}

	}else{
		echo "Please , Enter the fields!";
	}
}

mysql_close($con);

ob_end_flush();
?>

Open in new window


Secondly, I suggest to abandon mysql extension which is deprecated and to use mysqli or PDO.

Cheers
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 39630213
Here is the design pattern for what you're trying to do.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Here is the explanation of why PHP is doing away with MySQL support and what you must do to keep your site running in the future.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Duplicated data in GROUP_CONCAT 2 49
Compiling PHP with Curl plus protocols 8 47
How to get chosen background-color on every line? 10 44
How can I send attachment with mail 5 24
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question