Login.php error


Status
Not open for further replies.
PHP:
<?php
include("includes/db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']); 
$password=mysql_real_escape_string($_POST['password']); 
$password=md5($password); // Encrypted Password
$sql = "SELECT `uid` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysql_query($sql) or die(mysql_error());  
$tmp = mysql_fetch_assoc( $result );
$count = count( $tmp ); 

// If result matched $username and $password, table row must be 1 row
if($count==1)
{
header("location: home.php");
}
else 
{
$error="Your Login Name or Password is invalid";
}
}
?>
<form action="signin.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>

dari script diatas apakah ada yang salah? saya coba masuk dengan username dan password yang salah malah masuk ke home.php
 
itu di taruh dimana mas?

di dalam block if sebelum redirect welcome.php mas. Saya ambil potongan kode dari post yang pertama ya, dimulai dari $count.

PHP:
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1)
{
    $data = mysql_fetch_array($result);
    $_SESSION['user_id'] = $data['uid'];
    header("location: welcome.php");
}
else 
{
   $error="Your Login Name or Password is invalid";
}
 
saya coba elaborasi. mudah-mudahan bener ... tolong koreksi bila ada yang salah :)

PHP:
<?php
include("includes/db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
    // username and password sent from Form
    $username=mysql_real_escape_string($_POST['username']); 
    $password=mysql_real_escape_string($_POST['password']);  
    $password=md5($password); // Encrypted Password

    // penambahan LIMIT 1 karena hanya butuh 1 row (dengan catatan: tidak ada duplikasi entri)
    // untuk menghindari "whole table scanning", gunakan indeks.
    // (mis.: ALTER TABLE `users` ADD INDEX `login` ( `username`,`password` )
    $sql = "SELECT `uid` FROM `users` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1";
    $result = mysql_query($sql) or die(mysql_error());

    // cast boolean. 1 (true) = matched, 0 (false) = not matched
    // ref: http://php.net/manual/en/language.types.boolean.php
    if( mysql_num_rows( $result ) )
    {
        // $data = mysql_fetch_array( $result );
        // print_r( $data ) menghasilkan : Array ( [0] => 2134 [uid] => 2134 )
        $data = mysql_fetch_assoc( $result );
        // print_r( $data ) menghasilkan : Array ( [uid] => 2134 )

        // simpan UserID ke dalam superglobal array SESSION
        $_SESSION['user_id'] = $data['uid'];
        header("location: home.php");
    } 
    else  
    { 
        $error="Your Login Name or Password is invalid"; 
    } 
} 
?> 
<form action="signin.php" method="post"> 
<label>UserName :</label> 
<input type="text" name="username"/><br /> 
<label>Password :</label> 
<input type="password" name="password"/><br/> 
<input type="submit" value=" Login "/><br /> 
</form>
 
thread closed ya..
si mas Doel ini emang jago :) tapi ngga sungkan untuk membantu
 
Status
Not open for further replies.
Back
Top