Error in login logout system

Question

When I am submitting the form then I am landing on login.php and getting so many errors.

I have put errors on following link: https://docs.google.com/document/d/1AqwZ71iAQgZGMU-W0Go6czbpgGenF_f7ucgmEFw0AHo/edit

I am newbie and struggling for last 5 hours with above code. I have following pages in my login logout system:

db.php

<?php 
$conn=new mysqli('localhost','root','','people');
?>

index.php

    <?php
    session_start();
    ?>
    <html>
    <head></head>
    <body>
    <form method="post" name="login" action="login.php">
    <label for="name" class="labelname"> Username </label>
    <input type="text" name="username" id="userid" required="required" /><br />
    <label for="name" class="labelname"> Password </label>
    <input type="password" name="password" id="passid" required="required"  /><br />
    <input type="submit" name="submit" id="submit"  value="Login" />
    </form>
    </body>
</html>

login.php

<?php 
include('db.php');
session_start();
{
    $user=mysqli_real_escape_string($_POST['username']);
    $pass=mysqli_real_escape_string($_POST['password']);
    $fetch=mysqli_query("SELECT id FROM `user` WHERE 
                         username='$user' and password='$pass'");
    $count=mysqli_num_rows($fetch);
    if($count!="")
    {
    session_register("sessionusername");
    $_SESSION['login_username']=$user;
    header("Location:profile.php"); 
    }
    else
    {
       header('Location:index.php');
    }}
?>

logout.php

<?php
session_start();
if(session_destroy())
{
header("Location: index.php");
}
?>

session.php

<?php
include('db.php');
session_start();
$check=$_SESSION['login_username'];
$session=mysqli_query("SELECT username FROM `user` WHERE username='$check' ");
$row=mysqli_fetch_array($session);
$login_session=$row['username'];
if(!isset($login_session))
{
header("Location:index.php");
}
?>

profile.php

<?php
include('db.php');
session_start();
$check=$_SESSION['login_username'];
$session=mysqli_query("SELECT username FROM `user` WHERE username='$check' ");
$row=mysqli_fetch_array($session);
$login_session=$row['username'];
if(!isset($login_session))
{
header("Location:index.php");
}
?>

Hey @user3811050, thanks for your question. Are you able to provide details of the errors you're getting? It's a bit hard to troubleshoot without them. Thanks! — StackExchange What The Heck, Jan 03 '15 at 18:34
Storing passwords in plaintext is unacceptable. Please don't do that for the sake of your users' safety. (Plain MD5/SHA1 is not ok either. Use e.g. bcrypt or scrypt or AT LEAST salted SHA-256!) — ThiefMaster, Jan 03 '15 at 18:35
@ThiefMaster, baby steps. Let's figure out how to do basic PHP first! — Aroll605, Jan 03 '15 at 18:38
@Aroll605: Since you asked, [SQL injection that gets around mysql_real_escape_string()](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string). — The Blue Dog, Jan 03 '15 at 18:53
@TheBlueDog Yeah, big time. I deleted all my comments about what OP wasn't doing, and what they should have done. The question could have easily been avoided. It's been asked so many times, I've lost count. Just a bad question all around, if you ask me ;-) am sure OP probably used my comments and accepted the one below. — Funk Forty Niner, Jan 03 '15 at 19:05

score 0 · Accepted Answer · answered Jan 03 '15 at 19:46

0

I think there is something wrong with your db.php file. You are only supposed to pass 3 parameters,viz, servername, username and password, whereas I see you are passing 4, one being blank.

Please check if

 <?php

$conn=new mysqli('localhost','root','people'); ?>

or

 <?php

$conn=new mysqli('localhost','',''); ?>

works.

answered Jan 03 '15 at 19:46

user299567

26
3

Third one is blank because it contains no password and fourth is database name – user3811050 Jan 04 '15 at 07:32

Error in login logout system

1 Answers1