Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.

Categories

0 like 0 dislike
208 views

I'm writing a script for login system for my project. I thought I am correct in coding this, but it gives me problem. And the problem is that it does not allow to log me in and redirects to login.php page. Below is the code;

<?php
	include('./include/connection.php');

$tabName = "adminuser";
$userName = $_POST['userName'];
$password = $_POST['password'];
if(empty($userName)){
    header('location: login.php');
    exit;
}
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = md5(mysql_real_escape_string($password));

$sqlQuery = "SELECT * FROM $tabName WHERE userName = '".$userName."' 
             AND password = '".$password."' LIMIT 1";
$sqlExe = mysql_query($sqlQuery);

$count = mysql_num_rows($sqlExe);

if($count > 0){
    header('location: index.php');
    $_SESSION['auth'] = 1;
}else{
    echo "Wrong Username or Password <br />".
    '<a href="login.php">Go back...</a>';
}
?>

Here is seesion code on "index.php" page

<?php
session_start();

if(!isset($_SESSION['auth']) or $_SESSION['auth'] != 1){
    header('location: login.php');
    exit;
    }
?>

Please correct me and let me know where im wrong. And please also tell me that, Is my code is sql injection safe?

asked by  
edited by

1 Answer

0 like 0 dislike
 
Best answer

Your code looks OK to me. The only thing is missing from your code.

you need this line after the <?php session_start();

This then should work.

answered by  
selected by
...