PHP Password Protect form needs password entered twice before working

Im using php to bulid a site , i  have a login page where i have to  insert user and password and added to a session , the problem is i have to type the user name and the password twice until it redirect me to main page.

<?php
ob_start();
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Language" content="ar-sa">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<head>
<title>
Login Form 
</title>
<body bgcolor="#B4DA2D" topmargin="0" leftmargin="0">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
	<tr>
		<td>&nbsp;</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		<div align="center">
			<table border="0" width="620" cellspacing="0" cellpadding="0">
				<tr>
					<td>
				<img border="0" src="images/logo.jpg" width="400" height="195"></td>
					<td width="70">&nbsp;</td>
					<td width="255">
					<table border="0" width="255" cellspacing="0" cellpadding="0">
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
				<font face="Arial" style="font-size: 11pt; font-weight: 700" color="#4E5255">
							Log <span lang="en-us">i</span>n</font></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
						<tr>
							<td>
<form action='' method="post">
<table>
<tr><td>
                                        <font face="Arial" style="font-size: 9pt" color="#999999">
                                        <span id="lblUsername" class="labelspacing">
										User name</span></font>: </td><td><input type='text' name='username'  /></td></tr>
<tr><td>

                                        <font face="Arial" color="#999999">
                                        <span id="lblUsername0" class="labelspacing">
										<font style="font-size: 9pt">Password</font></span></font>: </td><td><input type='password' name='password' /></td></tr>
<tr><td></td><td><input type='submit' name='submit' value='LOGIN' /></td></tr>
</table>
</form>
							</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td>
&nbsp;</td>
						</tr>
						<tr>
							<td><span lang="en-us">
<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
if ($username && $password) {

$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

if (mysql_num_rows($finduser) ==0) {
      echo "User Name or User Password wrong!";
      }

    if (mysql_num_rows($finduser) !=0) {
        while ($row = mysql_fetch_assoc($finduser)){
           $uname = stripslashes($row['username']);
           $upass = stripslashes($row['password']);
           $privilege = stripslashes($row['privilege']);
        }
        if ($uname == $uname AND $upass == $upass AND $privilege == 1 ){
        $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}
    
	if ($uname == $uname AND $upass == $upass AND $privilege == 2 ){
	    $_SESSION['sessionname'] = $uname;
        $_SESSION['sessionpass'] = $upass;
        $_SESSION['sessionpriv'] = $privilege;
        echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
	}else{
	echo "User Name or User Password wrong!";
	}

}

}else{
echo "Please , Enter the fields!";
}
}

mysql_close($con);

ob_end_flush();
?>
	</span></td>
						</tr>
						<tr>
							<td>&nbsp;</td>
						</tr>
					</table>
					</td>
				</tr>
			</table>
		</div>
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">
		&nbsp;</td>

	</table>
</body>
</head>
</html>

Open in new window

Edited to place the code in the code snippet.
wm2011Asked:
Who is Participating?
 
Ray PaseurConnect With a Mentor Commented:
Here is the design pattern for what you're trying to do.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Here is the explanation of why PHP is doing away with MySQL support and what you must do to keep your site running in the future.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
 
Marco GasiConnect With a Mentor FreelancerCommented:
Don't think this can solve the problem, but I would rewrite your code this way, more compact and more readable:

<?php
ob_start();
session_start();
				
$con = mysql_connect("localhost","","") or die();
$sel = mysql_select_db("db_name",$con) or die();


$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));


if ($_POST['submit']){
	if ($username && $password) {

		$finduser = mysql_query("SELECT * FROM users_info WHERE username='".$username."' AND password='".$password."'") or die ("mysql error");

		if (mysql_num_rows($finduser) !=0) {
			while ($row = mysql_fetch_assoc($finduser)){
			   $uname = stripslashes($row['username']);
			   $upass = stripslashes($row['password']);
			   $privilege = stripslashes($row['privilege']);
			}
			$_SESSION['sessionname'] = $uname;
			$_SESSION['sessionpass'] = $upass;
			$_SESSION['sessionpriv'] = $privilege;
			if ($privilege == 1){
				echo'<script> window.location="http://www.mysite/sub/main_page.php"; </script> ';
			}else if ($privilege == 2) {
				echo'<script> window.location="http://www.mysite/sub/sub_page.php"; </script> ';
			}else{
				echo "User Name or User Password wrong!";
			}
		}else{
			  echo "User Name or User Password wrong!";
		}

	}else{
		echo "Please , Enter the fields!";
	}
}

mysql_close($con);

ob_end_flush();
?>

Open in new window


Secondly, I suggest to abandon mysql extension which is deprecated and to use mysqli or PDO.

Cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.