Login.php error

[Mylo Sepz]

<?php
include("includes/db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']); 
$password=mysql_real_escape_string($_POST['password']); 
$password=md5($password); // Encrypted Password
$sql = "SELECT `uid` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysql_query($sql) or die(mysql_error());  
$tmp = mysql_fetch_assoc( $result );
$count = count( $tmp ); 

// If result matched $username and $password, table row must be 1 row
if($count==1)
{
header("location: home.php");
}
else 
{
$error="Your Login Name or Password is invalid";
}
}
?>
<form action="signin.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>

dari script diatas apakah ada yang salah? saya coba masuk dengan username dan password yang salah malah masuk ke home.php

 

[dpnux]

itu di taruh dimana mas?

di dalam block if sebelum redirect welcome.php mas. Saya ambil potongan kode dari post yang pertama ya, dimulai dari $count.

$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1)
{
    $data = mysql_fetch_array($result);
    $_SESSION['user_id'] = $data['uid'];
    header("location: welcome.php");
}
else 
{
   $error="Your Login Name or Password is invalid";
}

 

[Doel]

saya coba elaborasi. mudah-mudahan bener ... tolong koreksi bila ada yang salah

<?php
include("includes/db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
    // username and password sent from Form
    $username=mysql_real_escape_string($_POST['username']); 
    $password=mysql_real_escape_string($_POST['password']);  
    $password=md5($password); // Encrypted Password

    // penambahan LIMIT 1 karena hanya butuh 1 row (dengan catatan: tidak ada duplikasi entri)
    // untuk menghindari "whole table scanning", gunakan indeks.
    // (mis.: ALTER TABLE `users` ADD INDEX `login` ( `username`,`password` )
    $sql = "SELECT `uid` FROM `users` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1";
    $result = mysql_query($sql) or die(mysql_error());

    // cast boolean. 1 (true) = matched, 0 (false) = not matched
    // ref: http://php.net/manual/en/language.types.boolean.php
    if( mysql_num_rows( $result ) )
    {
        // $data = mysql_fetch_array( $result );
        // print_r( $data ) menghasilkan : Array ( [0] => 2134 [uid] => 2134 )
        $data = mysql_fetch_assoc( $result );
        // print_r( $data ) menghasilkan : Array ( [uid] => 2134 )

        // simpan UserID ke dalam superglobal array SESSION
        $_SESSION['user_id'] = $data['uid'];
        header("location: home.php");
    } 
    else  
    { 
        $error="Your Login Name or Password is invalid"; 
    } 
} 
?> 
<form action="signin.php" method="post"> 
<label>UserName :</label> 
<input type="text" name="username"/><br /> 
<label>Password :</label> 
<input type="password" name="password"/><br/> 
<input type="submit" value=" Login "/><br /> 
</form>

 

[dpnux]

Mantap. Bener kok mas codingnya, pasti sudah tidak ada kendala .

 

[Mylo Sepz]

heh terimakasih semuanya yang udah reply matap dah codingnya problem resolved semoga yang lagi punya masalah seperti ini bisa mencoba coding-coding diatas

 

[BennyKusman]

thread closed ya..
si mas Doel ini emang jago tapi ngga sungkan untuk membantu