Html LogIn form not functioning
Posted
by Tony C
on Stack Overflow
See other posts from Stack Overflow
or by Tony C
Published on 2009-07-28T14:52:45Z
Indexed on
2010/05/25
0:01 UTC
Read the original article
Hit count: 284
Ok, I have a login form that looks like this:
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td width="112"><b>Login</b></td>
<td width="188"><input name="login" type="text" class="textfield" id="login" /></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Login" /></td>
</tr>
</table>
</form>
Now, This form is on a page in a directory called members. When i put it on a page in the home directory and change the action to "members/login-exec.php" When I try to logIn it just refreshes the page, but the name of the page in the browser changes to the actions taking place in the form.
Any ideas on making this work guys?
EDIT, heres the login-exec.php code:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
session_write_close();
header("location: members.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>
© Stack Overflow or respective owner