?
Solved

PHP Password Protect form needs password entered twice before working

Posted on 2013-11-07
4
Medium Priority
?
53 Views
Last Modified: 2016-05-27
Im using php to bulid a site , i  have a login page where i have to  insert user and password and added to a session , the problem is i have to type the user name and the password twice until it redirect me to main page.

<?php
ob_start();
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Language" content="ar-sa">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<head>
<title>
Login Form 
</title>
<body bgcolor="#B4DA2D" topmargin="0" leftmargin="0">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
	<tr>
		<td>&nbsp;</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		<div align="center">
			<table border="0" width="620" cellspacing="0" cellpadding="0">
				<tr>
					<td>
				<img border="0" src="images/logo.jpg" width="400" height="195"></td>
					<td width="70">&nbsp;</td>
					<td width="255">
					<table border="0" width="255" cellspacing="0" cellpadding="0">
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
				<font face="Arial" style="font-size: 11pt; font-weight: 700" color="#4E5255">
							Log <span lang="en-us">i</span>n</font></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
<form action='' method="post">
<table>
<tr><td>
                                        <font face="Arial" style="font-size: 9pt" color="#999999">
                                        <span id="lblUsername" class="labelspacing">
										User name</span></font>: </td><td><input type='text' name='username'  /></td></tr>
<tr><td>

                                        <font face="Arial" color="#999999">
                                        <span id="lblUsername0" class="labelspacing">
										<font style="font-size: 9pt">Password</font></span></font>: </td><td><input type='password' name='password' /></td></tr>
<tr><td></td><td><input type='submit' name='submit' value='LOGIN' /></td></tr>
</table>
</form>
							</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td><span lang="en-us">
<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
if ($username && $password) {

$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

if (mysql_num_rows($finduser) ==0) {
      echo "User Name or User Password wrong!";
      }

    if (mysql_num_rows($finduser) !=0) {
        while ($row = mysql_fetch_assoc($finduser)){
           $uname = stripslashes($row['username']);
           $upass = stripslashes($row['password']);
           $privilege = stripslashes($row['privilege']);
        }
        if ($uname == $uname AND $upass == $upass AND $privilege == 1 ){
        $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}
    
	if ($uname == $uname AND $upass == $upass AND $privilege == 2 ){
	    $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}

}

}else{
echo "Please , Enter the fields!";
}
}

mysql_close($con);

ob_end_flush();
?>
	</span></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
					</table>
					</td>
				</tr>
			</table>
		</div>
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		&nbsp;</td>

	</table>
</body>
</head>
</html>

Open in new window

Edited to place the code in the code snippet.
0
Comment
Question by:wm2011
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 31

Assisted Solution

by:Marco Gasi
Marco Gasi earned 1000 total points
ID: 39630180
Don't think this can solve the problem, but I would rewrite your code this way, more compact and more readable:

<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
	if ($username && $password) {

		$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

		if (mysql_num_rows($finduser) !=0) {
			while ($row = mysql_fetch_assoc($finduser)){
			   $uname = stripslashes($row['username']);
			   $upass = stripslashes($row['password']);
			   $privilege = stripslashes($row['privilege']);
			}
			$_SESSION['sessionname'] = $uname;
			$_SESSION['sessionpass'] = $upass;
			$_SESSION['sessionpriv'] = $privilege;
			if ($privilege == 1){
				echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
			}else if ($privilege == 2) {
				echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
			}else{
				echo "User Name or User Password wrong!";
			}
		}else{
			  echo "User Name or User Password wrong!";
		}

	}else{
		echo "Please , Enter the fields!";
	}
}

mysql_close($con);

ob_end_flush();
?>

Open in new window


Secondly, I suggest to abandon mysql extension which is deprecated and to use mysqli or PDO.

Cheers
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1000 total points
ID: 39630213
Here is the design pattern for what you're trying to do.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Here is the explanation of why PHP is doing away with MySQL support and what you must do to keep your site running in the future.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By, Vadim Tkachenko. In this article we’ll look at ClickHouse on its one year anniversary.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question