Log in

View Full Version : I NEED HELP MY LOGIN.PHP redirects to blank page logon.php


rayzyy
08-31-2014, 09:40 PM
logon.php


<?php

$host="localhost"; // Host name
$username="****"; // Mysql username
$password="*****"; // Mysql password
$db_name="******"; // Database name
$tbl_name="login"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$tellerUserName=$_POST['tellerUserName'];
$tellerPassword=$_POST['tellerPassword'];

$sql="SELECT * FROM $tbl_name WHERE user_name='$tellerUserName' and user_password='$tellerPassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $l_username and $l_password, table row must be 1 row

if($count==1){

// Register $l_username, $l_password and redirect to file "login_success.php"
@session_register("tellerUserName");
@session_register("tellerPassword");
$_SESSION['tellerUserName'] = $_POST['tellerUserName']; // store username
header("location:index.php");

}
else {
header("location:login.php?loginFailed=true&reason=password");
}

?>



Login.php



<script type="text/javascript">
function validateForms()
{
var a=document.getElementById('tellerUserName').value;
var b=document.getElementById('tellerPassword').value;
if (a==null || a=="")
{
alert("Username must be filled out");
document.getElementById('tellerUserName').focus();
return false;
}
if (b==null || b=="")
{
alert("Password must be filled out");
document.getElementById('tellerPassword').focus();
return false;
}
}
</script>
</head>
<body>
<form name="login" method="post" action="logon.php" onSubmit="return validateForms()" id="login" >
<div id="preContainer">
<div class="header">
<div class="logo"></div>
<div class="grayBar2 clear"> </div>
</div>
keyboard
09-01-2014, 02:43 AM
Welcome to the forums!
Are there any errors when you run your code? Or is the page just blank.

From skimming over your code I can't see anything, but there are a couple of issues.
1. You are not escaping the values from your form! This means people could mysql inject into your database
2. Mysql is being depricated. You should use mysqli instead.
rayzyy
09-01-2014, 04:15 AM
i am new to php, am using php 5.4.32, the first code it brought was to change session_register, ichanged it to @session_register, now it brings out no error code, just a blank page, and the sql version is 5.5.37-cll,
rayzyy
09-01-2014, 04:24 AM
do u mean i should change mysql in the script to mysqli. eg mysql_connect("$host", "$username", "$password")or die("cannot connect");
will now be mysqli_connect("$host", "$username", "$password")or die("cannot connect");
keyboard
09-01-2014, 04:25 AM
Error codes are very useful while debugging code. Remove the @ symbol and then check the error.
You shouldn't actually need either of the @session_register lines. Try deleting them.

You need to escape your values before running them in a mysql query. Look at mysql_real_escape_string (www.google.com#q=mysql real escape string)
rayzyy
09-01-2014, 04:40 AM
i removed the 2 session_register and changed all mysql to mysqli and i got this [01-Sep-2014 04:35:47 UTC] PHP Fatal error: Call to undefined function mysqli_query() in /home/nwsob/public_html/2/1/sgpbo/admin-teller/logon.php on line 18

*I have used this script with another host and it function properly*
keyboard
09-01-2014, 04:45 AM
Chances are then that your host doesn't have mysqli installed. You'll need to use mysql instead then.
Bionic
09-02-2014, 04:55 PM
php 5.4 does NOT include the use of mysql OR mysqli you MUST use PDO or downgrade your PHP version to 5.3 there is NOT other option.
james438
09-02-2014, 08:24 PM
php 5.4 does NOT include the use of mysql OR mysqli you MUST use PDO or downgrade your PHP version to 5.3 there is NOT other option.

I'm not sure where you got that idea.

MySQL functions were deprecated in php 5.5.x ref (http://php.net/manual/en/migration55.deprecated.php). This does not mean it was removed, only that it is strongly discouraged and that you should use MySQLi or PDO instead. MySQL is probably going to be removed in version 6.0 which has been in development for many years now and as far as I can see there is still no release date for it. The 5.x series came out in 2004.

See this post (http://www.dynamicdrive.com/forums/showthread.php?74543-Updating-deprecated-code-for-MySQL-5-5&p=297484#post297484) for more information.