Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PHP Password Protect form needs password entered twice before working

Posted on 2013-11-07
4
Medium Priority
?
55 Views
Last Modified: 2016-05-27
Im using php to bulid a site , i  have a login page where i have to  insert user and password and added to a session , the problem is i have to type the user name and the password twice until it redirect me to main page.

<?php
ob_start();
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Language" content="ar-sa">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<head>
<title>
Login Form 
</title>
<body bgcolor="#B4DA2D" topmargin="0" leftmargin="0">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
	<tr>
		<td>&nbsp;</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		<div align="center">
			<table border="0" width="620" cellspacing="0" cellpadding="0">
				<tr>
					<td>
				<img border="0" src="images/logo.jpg" width="400" height="195"></td>
					<td width="70">&nbsp;</td>
					<td width="255">
					<table border="0" width="255" cellspacing="0" cellpadding="0">
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
				<font face="Arial" style="font-size: 11pt; font-weight: 700" color="#4E5255">
							Log <span lang="en-us">i</span>n</font></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
<form action='' method="post">
<table>
<tr><td>
                                        <font face="Arial" style="font-size: 9pt" color="#999999">
                                        <span id="lblUsername" class="labelspacing">
										User name</span></font>: </td><td><input type='text' name='username'  /></td></tr>
<tr><td>

                                        <font face="Arial" color="#999999">
                                        <span id="lblUsername0" class="labelspacing">
										<font style="font-size: 9pt">Password</font></span></font>: </td><td><input type='password' name='password' /></td></tr>
<tr><td></td><td><input type='submit' name='submit' value='LOGIN' /></td></tr>
</table>
</form>
							</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td><span lang="en-us">
<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
if ($username && $password) {

$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

if (mysql_num_rows($finduser) ==0) {
      echo "User Name or User Password wrong!";
      }

    if (mysql_num_rows($finduser) !=0) {
        while ($row = mysql_fetch_assoc($finduser)){
           $uname = stripslashes($row['username']);
           $upass = stripslashes($row['password']);
           $privilege = stripslashes($row['privilege']);
        }
        if ($uname == $uname AND $upass == $upass AND $privilege == 1 ){
        $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}
    
	if ($uname == $uname AND $upass == $upass AND $privilege == 2 ){
	    $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}

}

}else{
echo "Please , Enter the fields!";
}
}

mysql_close($con);

ob_end_flush();
?>
	</span></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
					</table>
					</td>
				</tr>
			</table>
		</div>
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		&nbsp;</td>

	</table>
</body>
</head>
</html>

Open in new window

Edited to place the code in the code snippet.
0
Comment
Question by:wm2011
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 31

Assisted Solution

by:Marco Gasi
Marco Gasi earned 1000 total points
ID: 39630180
Don't think this can solve the problem, but I would rewrite your code this way, more compact and more readable:

<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
	if ($username && $password) {

		$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

		if (mysql_num_rows($finduser) !=0) {
			while ($row = mysql_fetch_assoc($finduser)){
			   $uname = stripslashes($row['username']);
			   $upass = stripslashes($row['password']);
			   $privilege = stripslashes($row['privilege']);
			}
			$_SESSION['sessionname'] = $uname;
			$_SESSION['sessionpass'] = $upass;
			$_SESSION['sessionpriv'] = $privilege;
			if ($privilege == 1){
				echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
			}else if ($privilege == 2) {
				echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
			}else{
				echo "User Name or User Password wrong!";
			}
		}else{
			  echo "User Name or User Password wrong!";
		}

	}else{
		echo "Please , Enter the fields!";
	}
}

mysql_close($con);

ob_end_flush();
?>

Open in new window


Secondly, I suggest to abandon mysql extension which is deprecated and to use mysqli or PDO.

Cheers
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1000 total points
ID: 39630213
Here is the design pattern for what you're trying to do.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Here is the explanation of why PHP is doing away with MySQL support and what you must do to keep your site running in the future.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post looks at MongoDB and MySQL, and covers high-level MongoDB strengths, weaknesses, features, and uses from the perspective of an SQL user.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question