Getting PHP Errors, can anyone help?

[mattonfire]

<html>
<head><title>Login page</title></head>
<link rel="stylesheet" type="text/css" href="style.css">
<body>
	<div id="frm">
		<form action="process.php" method="POST">
			<p>
				<label>Username:</label>
				<input type="text" id="user" name="user"  />
			</p>
			<p>
				<label>Password:</label>
				<input type="password" id="pass" name="pass"  />
			</p>
			<p>
				<input type="submit" id="btn" name="login"  />
			</p>
		</form>
	</div>
</body>
</html>

<?php
$username = $_POST['username'];
$password = $_POST['password'];

$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

mysql_connect("localhost", "root", "");
mysql_select_db("login");

$result = mysql_query("SELECT * FROM users WHERE username = '$username' and password = '$password'")
			or die("Failed to Query Database.".mysql_error());
$row = mysql_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password ){
	echo "Login Successful. Welcome, ".$row['username'];
} else {
	echo "Login Failed. Please try again.";
}
?>

[truecrafting]

What are you using is that Notepad++

[mattonfire]

1 minute ago, truecrafting said:

What are you using is that Notepad++

Yeah, what would that change?

[truecrafting]

2 minutes ago, mattonfire said:

Yeah, what would that change?

Well sorry mate i can't help you i forgot how to code HTML it's almost been 2 years since i last touched notepad++ really sorry

[homeap5]

1 hour ago, mattonfire said:

 

<html>
<head><title>Login page</title></head>
<link rel="stylesheet" type="text/css" href="style.css">
<body>
	<div id="frm">
		<form action="process.php" method="POST">
			<p>
				<label>Username:</label>
				<input type="text" id="user" name="user"  />
			</p>
			<p>
				<label>Password:</label>
				<input type="password" id="pass" name="pass"  />
			</p>
			<p>
				<input type="submit" id="btn" name="login"  />
			</p>
		</form>
	</div>
</body>
</html>

<?php
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];

$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

mysql_connect("localhost", "root", "");
mysql_select_db("login");

$result = mysql_query("SELECT * FROM users WHERE username = '$username' and password = '$password'")
			or die("Failed to Query Database.".mysql_error());
$row = mysql_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password ){
	echo "Login Successful. Welcome, ".$row['username'];
} else {
	echo "Login Failed. Please try again.";
}
}
?>

 

First two errors are easy. In fact you can prevent them by configuring php different. Or use one "if" like in code above (should help).

 

Third error means that you're using new version if php without that function enabled.

Try to use mysqli_real_escape_string this instead

http://php.net/manual/en/mysqli.real-escape-string.php

 

or use your own str_replace code.

[vorticalbox]

$username = $_POST['username'];$password = $_POST['password'];
	

 

You are looking for username and password in the POST but their name in the form is user and pass

$username = $_POST['user'];$password = $_POST['pass'];
	

[homeap5]

20 minutes ago, vorticalbox said:

You are looking for username and password in the POST but their name in the form is user and pass.

Damn, you're right.

Anyway, these errors are not related to it, so both solutions should be used for this to work.

 

[mattonfire]

40 minutes ago, homeap5 said:

Third error means that you're using new version if php without that function enabled.

Try to use mysqli_real_escape_string this instead

http://php.net/manual/en/mysqli.real-escape-string.php

Changed my usage to mysqli instead of mysqli seems to be working better.

34 minutes ago, vorticalbox said:

 

$username = $_POST['username'];$password = $_POST['password'];
	

 

 

You are looking for username and password in the POST but their name in the form is user and pass

 

$username = $_POST['user'];$password = $_POST['pass'];
	

 

This worked. Thank you.

 

<?php

$con = mysqli_connect("localhost","root","","");

$username = $_POST['user'];
$password = $_POST['pass'];

$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);

$result = mysqli_query($con,"SELECT * FROM users WHERE username = '$username' and password = '$password'")
			or die("Failed to Query Database. ".mysqli_error($con));
$row = mysqli_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password ){
	echo "Login Successful. Welcome, ".$row['username'];
} else {
	echo "Login Failed. Please try again.";
}

?>

*EDIT*

Found it. You both get rep.

[leodaniel]

On 9/19/2018 at 6:15 PM, mattonfire said:

Changed my usage to mysqli instead of mysqli seems to be working better.

This worked. Thank you.

 

<?php

$con = mysqli_connect("localhost","root","","");

$username = $_POST['user'];
$password = $_POST['pass'];

$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);

$result = mysqli_query($con,"SELECT * FROM users WHERE username = '$username' and password = '$password'")
			or die("Failed to Query Database. ".mysqli_error($con));
$row = mysqli_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password ){
	echo "Login Successful. Welcome, ".$row['username'];
} else {
	echo "Login Failed. Please try again.";
}

?>

*EDIT*

Found it. You both get rep.

I assume you use PHP 7 right? Mysql has been removed as of PHP 7.0, use mysqli or PDO  

[mariushm]

the mysql_  functions are deprecated , mysqli "module" is supposed to be used, as it has more functionality and it's safer.

 

You can use mysqli as functions like mysqli_real_escape_string  or mysqli::real_escape_string ( string $escapestr ) 

See  http://php.net/manual/ro/mysqli.real-escape-string.php

 

Note that you need to have a connection created to the mysql server before you escape the variables, as escaping the strings depends on connection parameters to the database.

 

Also you get those warnings about username and passwords ....  if user doesn't enter name or password then browser won't send those with the request (instead of an empty string) so php won't great the entry in the _POST array

You can avoid logging errors doing something like this

 

$username =  (isset($_POST['username'])==TRUE) ? $_POST['username'] :  '';

 

it's a simple if then else  .. if the post entry exists then username becomes that entry else the variable becomes '' instead of  being NULL or something undefined (because _post entry doesn't exist ... and the warning isn't triggered because isset doesn't activate the warning text.

 

Oh, and there's $_GET and $_POST arrays ,  $_GET array gets filled with stuff sent through the url  like index.php?page=1 will get you a $_GET['page'] = 1;  See http://php.net/manual/en/reserved.variables.get.php

 

But note that by default, php will be configured to put both the GET and POST parameters and the cookies  in a single array called _REQUEST, so it may be better to get used to using _REQUEST in some situations, see http://php.net/manual/en/reserved.variables.request.php