0

i have created a simple signup and login form. The signup form is successfull. i have fetch the mail and password from database using php and mysql. Can anyone help me to solve the problem?.

Login Form:

<?php
include('connect.php');
$mail=$_POST['mail'];
$password=$_POST['password'];
$sql=mysql_query("SELECT count(*) FROM user WHERE mail='$mail' and     password='$password'") 
or die(mysql_error());
$result=mysql_fetch_array($sql);
if ($result>0) {
$_SESSION["mail"]=$mail;
$_SESSION["password"]=$password;
session_write_close();
header('Location:dash.php');    
}
else{
  echo"Failed to login !";
}
 ?> 
   <form method="POST"> 
    <input type="email" name="mail" placeholder="E-mail" class="form-  control" style="color:red;"><br><br>
    <input type="password" name="password" placeholder="Enter Password" class="form-control"><br><br>
    <button class="btn btn-lg btn-danger col-md-offset-5">LogIn</button><br><br>
</form>
Dave
  • 3,073
  • 7
  • 20
  • 33
Ram.k
  • 21
  • 5
  • The problem is i had not redirected to dash.php . when i click login the page just reloads. – Ram.k Oct 03 '16 at 14:24
  • 4
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[a Kitten is strangled somewhere in the world](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Oct 03 '16 at 14:24
  • So look up the attributes of a `
    ` tag. Its one of those you need. SO != Basic HTML tutorial site
     – RiggsFolly Oct 03 '16 at 14:27
  • 2
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Oct 03 '16 at 14:27
  • 1
    please dont store plain text passwords: PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) – RiggsFolly Oct 03 '16 at 14:28
  • Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly Oct 03 '16 at 14:29
  • i think you have not call session_start(); before writing session variable – Sanjiv Dhakal Oct 03 '16 at 15:10

0 Answers0