Login script not working as required

Question

I am new to php and tried to develop a login script but when i enter values it is not working. I cant even find the errors because when i click on submit it just refreshes the page

Here is my code

<?php include "../utilities/config.php"; 

foreach($_GET as $key=>$value)
{
${$key} = trim($value);
}
$error = '';
if($checking_member_availability == 'yes'){
if(empty($user_name)){
    $error .= "Please enter user name.<br />";
}
if(empty($password)){
    $error .= "Please enter password.<br />";
}
if(empty($error)){
        $sql = "select * from `".SITE_TABLE_PREFIX."user` where     email='".$user_name."' and pwd='".$password."'";
        $resultUser  = mysql_query($sql) or die(mysql_error().$sql);
        if(mysql_num_rows($resultUser)>0){
        $rowUser  = mysql_fetch_array($resultUser);
        $error .= '';
        $_SESSION['email']=$user_name;
        }else{
        $error .= "Please check Email and Password.";
    }
}

if(empty($error)){

    echo "myaccount.php";
}
else{
    echo "<font color='#A01D49'>$error</font>";
}
}
?>

Please can anyone help me I have spent a lot of time without success

Here is the html code

<script type="text/javascript" language="javascript">
function validation()
{
var password = trim(document.form1.password.value);
var user_name = trim(document.form1.user_name.value);
var type = trim(document.form1.type.value);
http.open("GET", "processor.php?checking_member_availability=yes&password="+
                    escape(password)+"&user_name="+   escape(user_name)+"&type=" + escape(type)  , true);
http.onreadystatechange = handleHttpResponse;
http.send(null);
return false;
}
</script>
</head>
<table width="241" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td><table width="100%" border="0" cellspacing="0" cellpadding="0" <?php   if($_SESSION['user_id']!=''){?> style="display:none;"<?php }?>>
              <tr>
                <td align="left" valign="top" class="loginBg">
                    <img src="img/logintxt.jpg" alt = '' width='100' height='29' border='0'>
                </td>
              </tr>
              <tr>
                <td align="left" valign="top" class="login"><form name="form1" id="form1" action="" method="post" onSubmit="return validation();">
                    <table width="100%" border="0" cellspacing="0" cellpadding="0">
                     <tr><td colspan="3"><span id="user"></span></td></tr>
                      <tr>
                        <td align="left" valign="middle" class="height"><label class="boldtxt">Email:</label></td>
                        <td align="left" valign="middle" class="heightMid"><input type="text" name="email" id="email" />
                        </td>
                      </tr>
                      <tr>
                        <td align="left" valign="middle"><label class="boldtxt">Password:</label></td>
                        <td align="left" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
                            <tr>
                              <td align="left" valign="top"><input type="password" name="password" id='password' class="loginfld" />
                              </td>
                              <td align="left" valign="middle"><input type="image" src="img/submit.jpg" class="submit" onClick="return validation();" />
                              </td>
                            </tr>
                          </table></td>
                      </tr>
                      <tr>
                        <td align="left" valign="top">&nbsp;</td>
                        <td align="left" valign="top"><a href="forget_password.php" class="normalTxt">Forgot your password?</a><br />
                        </td>
                      </tr>
                    </table>
                  </form></td>
              </tr>
            </table></td>
        </tr>
        <tr>
          <td align="left" valign="top">
          <table width="100%" border="0" cellspacing="0" cellpadding="0">
                    <tr>
                      <td align="left" valign="top"><a href="provider_registration.php"><img src="images/applybut.jpg" alt="" border="0" class="apply" /></a></td>
                    </tr>
                    <tr>
                      <td align="left" valign="top">
                      <?=$value?>
                      </td>
                    </tr>
                    <tr>
                        <td align="left" valign="top">&nbsp;</td>
                    </tr>
                    <tr>
                      <td align="left" valign="top">&nbsp;</td>
                    </tr>
                </table>
          </td>
        </tr>
      </table>

Your code is vulnerable for SQl injections. Check out PDO or mysqli and learn how to use prepared statements (not hard at all, but saves you a lot of trouble in the future!). And it looks like you rely on register_globals. Dont do that, just turn register_globals off. — Green Black, Nov 15 '12 at 15:43
As a side note, With your for loop blindly saving form values to internal variables, and your select statement piping those values in to your sql, you have left yourself open to a world of hurt. Seriously, just pull out the $_GET values you need, specifically save them to variables and use mysql_real_escape_string to sanitize your inputs a bit. — stephenbayer, Nov 15 '12 at 15:49
thanks stephenbayer but I am really new to php, I have just build this code looking at few tutorials. — rajan mehta, Nov 15 '12 at 15:51

score 1 · Answer 1 · answered Nov 15 '12 at 15:57

1

ok, you have an echo statement with a file name:

   echo "myaccount.php";

First of all, are you sure that is what you want to do? I believe that will echo the string "myaccount.php". I believe you would want to include "myaccount.php"

secondly, you have referenced the form field "user_name" in your javascript, but the field name you are trying to access is named "email". That might be part of the issue as well.

answered Nov 15 '12 at 15:57

stephenbayer

12,373
15
63
98

You also seem to be doing your validation in a complicated way, there are javascript libraries available like jQuery, which have already been written to do the asynchronous call you are trying to make. – stephenbayer Nov 15 '12 at 16:00
I wanted to develop a login system with email as username and password. I searched on the net for few articles and out of that articles i developed this whisch is sort of login code. I am not able to correct the problem. It would be reallly great and I would be realy thankful if you can alter this code and make it run. I know i am asking lot fro yourll but I am really stressed out with this. – rajan mehta Nov 15 '12 at 16:10

Grim... · Answer 2 · 2012-11-15T15:58:05.387

0

You are using form method="post", yet looking for $_GET.

Either use method="get" or $_POST!

As you have gathered from the comments there are several other issues with your code with regards to security. Don't be disheartened - everyone was a beginner once. However, you really should read up on SQL Injection and stop assigning all the $_GET values to strings - name each of them in full, ie:

$user_name = trim($_GET['user_name']);

Good luck, and stick with it!

[edit]Ah, as Stephen rightly points out in the comments, the JS uses get to submit the post, so it's actually the field name of 'email' that's the problem.

edited Nov 15 '12 at 15:58

answered Nov 15 '12 at 15:52

Grim...

16,518
7
45
61

1

the form is post, but the javascript passes it by GET, so isn't the issue I would believe, I think it has more to do with the "username" field being named "email", and then the javascript looking for the form name of "user_name" – stephenbayer Nov 15 '12 at 15:54
Thanks grim. Can you help me in getting this fixed with sql injections like can u edit this code in the manner that login form is in working condition and no sql injection problem too. I am sorry i know i am asking for lot but I am really messed up with that – rajan mehta Nov 15 '12 at 15:59
Hi Rajan - I'm happy to help but you should really create a new question so it will help other people in the future. – Grim... Nov 15 '12 at 16:00
but what should be my new question like – rajan mehta Nov 15 '12 at 16:06
Grim I asked a new question ad Working Login System. Can u pls now help me with this. thanks in advance – rajan mehta Nov 15 '12 at 16:23

Login script not working as required

2 Answers2

Linked

Related