javascript and php - login script [closed]

Question

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.

Closed 8 years ago.

I am begginer in programming, I commented the rows, where I dont understand the code. And the connection to database is ok, so I do not understand why it is not working.

HERE IS LOGIN.PHP

<?php

include("connectiondbs.php");
include("javascript.js");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$u=$_POST['username'];
$p=$_POST['password'];

$sql="SELECT userID FROM users WHERE login='$u' and password='$p'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);

$active=$row['active'];            //I AM NOT SURE ABOUT THIS ONE

$count=mysql_num_rows($result);

if($count==1)
{
session_register("username");
session_register("password");     //HAS TO BE THE PASSWORD IN REGISTER?
$_SESSION['login_user']=$u;

header("location:succesfulllogin.php");  // HAS TO BE THIS FILE? OR I CAN GO TO THE MENU.HTML RIGHT NOW

}
else {
echo "Wrong Username or Password";
}}
?>

<form action="" method="post">
<label>Login :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Submit "/><br />
</form>

JAVASCRIPT.JS

<script Language="JavaScript">
    <!-- 
        function check_empty_field()
        {
        if (form.username.value == "" || form.password.value == "")
        {
           alert("Please fill in the password or login field.");
           return (false);
        }
        return (true);
        }
        -->
</script>

succesfulllogin.php

<?php
session_start();
if(!session_is_registered(username)){
header("location:login.php");
}
else{
header ("location:menu.html");
}
?>

Answer 1

To start, your javascript isn't being run. You're creating the function, but not calling it, and it doesn't interact with the PHP in any way. You can do that by changing your form tag to this:

<form action="login.php" method="post" onsubmit="return check_empty_field()">

Now the function check_empty_field runs whenever you submit the form. If it returns true, the form gets submitted and the PHP runs. Otherwise, it doesn't. For the function, change it to this (I put in some jQuery because it makes it 10x easier, if you're new to programming you should definitely look into it):

<script Language="JavaScript">
  <!--
    function check_empty_field()         // This is called when the submit
    {                                    // button is pressed
      if (form.username.value == "" || form.password.value == "")
      {
        alert("Please fill in the password or login field.");
        return false;                    // This doesn't submit the form
      }
      else
      {
        return true;                     // This submits the form
      }
    }
  -->
</script>

The jQuery makes a lot of this much easier, which is why I added it in. You can find more about it here. Of course, you'd have to put this at the top of your page, to make the jQuery work:

<script language="javascript" src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.0.1.min.js"></script>

This gets the jQuery definitions from the Microsoft CDN. It's rather reliable. It would be better to just put jQuery on your site, though, and then put in the path to the file.

Next, the PHP has some issues. Some have been covered by others, and pay attention to the previous answer, but to point out a few issues, session_register is not used anymore. Now you set session variables with $_SESSION['variablename'] = 'value'. You also have other issues to worry about, like validation and such. You should Google that.

If you want to know more about any of this, feel free to comment. I also can provide you with sources so you can learn more about the different parts of the code I used.

Answer 2

You don't have to go to successfullogin.php......as long as you put this at the top of your menu.html file.....which means you would rename it to menu.php file. This will just deter people from going straight to menu.php....without being logged in.

<?php
session_start();
if(!session_is_registered(username)){
header("location:login.php");};?>

And...no you dont have to store the password in session, unless its being read somewhere else later down the line in your site. Check to make sure, but I doubt it is. You probably don't need to store it. So you can probably remove this line....

    session_register("password");     //HAS TO BE THE PASSWORD IN REGISTER?

You are also correct in being skeptical about this line......doesnt seem to be doing anything....you can probably remove it as well...

   $active=$row['active'];            //I AM NOT SURE ABOUT THIS ONE