File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes PHP and the fly likes difficulty in login in one attempt Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Mongo DB Applied Patterns this week in the MongoDB forum
or a resume review from Five Year Itch in the Jobs Discussion forum!
JavaRanch » Java Forums » Languages » PHP
Reply Bookmark "difficulty in login in one attempt" Watch "difficulty in login in one attempt" New topic
Author

difficulty in login in one attempt

Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 902
posted private message
0
Quote
Hello Everyone, i created a login page, but i am facing some difficulties into that.
my login page is working but in two attempts. i mean when i m trying to login using, it's not logged in and giving me again the login page, but when i am trying to login second time with the same username an password, it's logged in/working.
can anyone tell me the problem, here is my code:

index.php




Page which appear after login:





core.inc.php



connect.inc.php

Devaka Cooray
Saloon Keeper

Joined: Jul 29, 2008
Posts: 2691
    
    3

I like...
Chrome Eclipse IDE IntelliJ IDE
posted private message
0
Quote
Where is your login form located? Is it in index.php or in some other file?

Side note: Your code looks vulnerable for SQL Injection.

Author of ExamLab (Download) - the free mock exam kit for SCJP / OCPJP
Home Page -- Twitter Profile -- JavaRanch FAQ -- How to Ask a Question
Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 902
posted private message
0
Quote
yes it's index.php. and why it is vulnerable for sql injections can you explain please...
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19214

I like...
Android Eclipse IDE Opera
posted private message
0
Quote
If I post username ' OR '1'='1, your query becomes SELECT `id` FROM `users` WHERE `username`= '' OR '1' = '1' AND `password`= 'whatever here'. As a result (the OR taking precedence if I recall correctly), all records will be returned and I will definitely be able to login. That's just a "harmless" use. With the right input you can delete records, or even drop entire tables. Use mysql_real_escape_string or casting to numbers on every single value you use in any query.

SCJP 1.4 - SCJP 6 - SCWCD 5
How To Ask Questions How To Answer Questions
Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 902
posted private message
0
Quote
thank you for this explanation, as you said i replace code like this:


<?php
include("connect.inc.php");
if(isset($_POST['username'])&& isset($_POST['password']))
{

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

if(!empty($username)&& !empty($password))
{

$query = "SELECT `id` FROM `users` WHERE `username`= '$username' AND `password`= '$password'";
if($query_run = mysql_query($query))
{
$num_row = mysql_num_rows($query_run);
if($num_row == 0)
{
echo 'Invalid username and password.';
}
else
{
$user_id = mysql_result($query_run, 0, 'id');
$_SESSION['user_id']=$user_id;
$_SESSION['username']=$username;
header("Location: loggedin.php");
}
}
else
{

}
}
else
{
echo 'fill username and password.';
}
}
?>



is it ok..?
and please let me know if i should do any other updation to make my login page more secure...
Thank you...
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: difficulty in login in one attempt
 
Similar Threads
i need help on loggin account limit
Passing values between PHP pages without navigation
Send file to applet from PHP
Whats wrong in this .php file.
Javascript and PHP