Login system

Question

Login system

Navigation

#1 by (5 votes)
#2 by (3 votes)
#3 by (2 votes)

7

I made a site where I have implemented this file that belongs to the login but it does not work for me

<script type="text/javascript">


function loginsuccessufully(){
    setTimeout("window.location='backoffice/view.php'", 3000);
}

function loginfalhou(){
    setTimeout("window.location='../historia.php'", 3000);
}
</script>

<? php  include('backoffice/db-config.php') ?>
<? php

$nome = $_POST['nome'];
$password = $_POST['password'];
$db = mysql_query("SELECT * FROM 'users' WHERE nome = '$nome' and password = '$password' ") or die(mysql_error());
$num_row = mysql_num_rows($row);

if($num_row < 1){
    session_start();
    $_Session['nome']=$_POST['nome'];
    $_Session['password']=$_POST['password'];
    echo"tas dentro";
    echo" <script>loginsuccessufully()</script>";

} else{
    echo"Login falhoe";
    echo" <script> loginfalhou() </script>";

}
?>

Do not give me any errors just run the last echo

php

asked by anonymous 24.04.2014 / 15:45

3 answers

5

1. Change the database adapter (recommended)

You should use PDO or instead of mysql .

2. Treatment of content provided by $ _POST (recommended)

Never pass magic request variables ( $ _ POST

24.04.2014 / 16:09

3

Errors Found:

$db = mysql_query("SELECT * FROM 'users' WHERE nome = '$nome' and password = '$password' ") or die(mysql_error());
$num_row = mysql_num_rows($row);

You put $db in mysql_query and mysql_num_rows($row) , it would be mysql_num_rows($db) .

Improved code:

<script type="text/javascript">
    function loginsuccessufully(){
        setTimeout("window.location='backoffice/view.php'", 3000);
    }
    function loginfalhou(){
        setTimeout("window.location='../historia.php'", 3000);
    }
</script>

<?php 
    include('backoffice/db-config.php') 
    $nome      = $_POST['nome'];
    $password  = $_POST['password'];
    $query     = mysql_query("SELECT * FROM 'users' WHERE nome = '{$nome}' and password = '{$password}' limit 1") or die(mysql_error());    

    if(mysql_num_rows($query) == 1){
        session_start();
        $_Session['nome']=$_POST['nome'];
        $_Session['password']=$_POST['password'];
        echo "tas dentro";
        echo" <script>loginsuccessufully()</script>";
    } else{
        echo"Login falhoe";
        echo" <script> loginfalhou() </script>";
    }
?>

Note: This is not the ideal code for the solution, because it contains mysql _ * which is deprecated (use PDO or #), the use of $ _POST that should be used filter_input .

24.04.2014 / 16:02

Meaning of (void *) Convert date dd / mm / yyyy to yyyy-mm-dd'T'HH: mm: ss

score 2 · Accepted Answer

Do not use single quotes in table names, only in values.

$db = mysql_query("SELECT * FROM 'users' WHERE nome = '$nome' and password = '$password' ") or die(mysql_error());
$num_row = mysql_num_rows($row);

Pass the variable $db to mysql_num_rows () instead of $row

$db = mysql_query("SELECT * FROM users WHERE nome = '$nome' and password = '$password' ") or die(mysql_error());
$num_row = mysql_num_rows($db);