Solved

PHP Password Protect form needs password entered twice before working

Posted on 2013-11-07
4
45 Views
Last Modified: 2016-05-27
Im using php to bulid a site , i  have a login page where i have to  insert user and password and added to a session , the problem is i have to type the user name and the password twice until it redirect me to main page.

<?php
ob_start();
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Language" content="ar-sa">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<head>
<title>
Login Form 
</title>
<body bgcolor="#B4DA2D" topmargin="0" leftmargin="0">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
	<tr>
		<td>&nbsp;</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		<div align="center">
			<table border="0" width="620" cellspacing="0" cellpadding="0">
				<tr>
					<td>
				<img border="0" src="images/logo.jpg" width="400" height="195"></td>
					<td width="70">&nbsp;</td>
					<td width="255">
					<table border="0" width="255" cellspacing="0" cellpadding="0">
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
				<font face="Arial" style="font-size: 11pt; font-weight: 700" color="#4E5255">
							Log <span lang="en-us">i</span>n</font></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
<form action='' method="post">
<table>
<tr><td>
                                        <font face="Arial" style="font-size: 9pt" color="#999999">
                                        <span id="lblUsername" class="labelspacing">
										User name</span></font>: </td><td><input type='text' name='username'  /></td></tr>
<tr><td>

                                        <font face="Arial" color="#999999">
                                        <span id="lblUsername0" class="labelspacing">
										<font style="font-size: 9pt">Password</font></span></font>: </td><td><input type='password' name='password' /></td></tr>
<tr><td></td><td><input type='submit' name='submit' value='LOGIN' /></td></tr>
</table>
</form>
							</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td><span lang="en-us">
<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
if ($username && $password) {

$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

if (mysql_num_rows($finduser) ==0) {
      echo "User Name or User Password wrong!";
      }

    if (mysql_num_rows($finduser) !=0) {
        while ($row = mysql_fetch_assoc($finduser)){
           $uname = stripslashes($row['username']);
           $upass = stripslashes($row['password']);
           $privilege = stripslashes($row['privilege']);
        }
        if ($uname == $uname AND $upass == $upass AND $privilege == 1 ){
        $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}
    
	if ($uname == $uname AND $upass == $upass AND $privilege == 2 ){
	    $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}

}

}else{
echo "Please , Enter the fields!";
}
}

mysql_close($con);

ob_end_flush();
?>
	</span></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
					</table>
					</td>
				</tr>
			</table>
		</div>
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		&nbsp;</td>

	</table>
</body>
</head>
</html>

Open in new window

Edited to place the code in the code snippet.
0
Comment
Question by:wm2011
4 Comments
 
LVL 30

Assisted Solution

by:Marco Gasi
Marco Gasi earned 250 total points
ID: 39630180
Don't think this can solve the problem, but I would rewrite your code this way, more compact and more readable:

<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
	if ($username && $password) {

		$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

		if (mysql_num_rows($finduser) !=0) {
			while ($row = mysql_fetch_assoc($finduser)){
			   $uname = stripslashes($row['username']);
			   $upass = stripslashes($row['password']);
			   $privilege = stripslashes($row['privilege']);
			}
			$_SESSION['sessionname'] = $uname;
			$_SESSION['sessionpass'] = $upass;
			$_SESSION['sessionpriv'] = $privilege;
			if ($privilege == 1){
				echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
			}else if ($privilege == 2) {
				echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
			}else{
				echo "User Name or User Password wrong!";
			}
		}else{
			  echo "User Name or User Password wrong!";
		}

	}else{
		echo "Please , Enter the fields!";
	}
}

mysql_close($con);

ob_end_flush();
?>

Open in new window


Secondly, I suggest to abandon mysql extension which is deprecated and to use mysqli or PDO.

Cheers
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 39630213
Here is the design pattern for what you're trying to do.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Here is the explanation of why PHP is doing away with MySQL support and what you must do to keep your site running in the future.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Creating and Managing Databases with phpMyAdmin in cPanel.
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now