PHP Login script not working

I have two users in a database, and when i try login it just stays on the index page. If one user is in the database, you can login fine, but with two users it just redirects to the index page. Whats the issue.

<?php

include("connect.php");

$user开发者_StackOverflow社区name = $_POST["username"];
$password = $_POST["password"];

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

echo $username;
echo $password;

if (empty($_POST['username']) || empty($_POST['password']))
{
    //$_SESSION["login_error"] = "1";
    echo 'error code 1';
    header ('Location: ../index.php');
}

//$password = sha1($password);

$sql = "SELECT * FROM users";
$result = mysql_query($sql);
if (!$result) die('Invalid query: ' . mysql_error());

$userid = "";

while ($row3 = mysql_fetch_array($result, MYSQL_ASSOC))
{

    if(($username == $row3["username"]) && ($password == $row3["password"]))
    {
            $userid = $row3["id"];
            $_SESSION["userid"] = $userid;

            //$online = mysql_query("UPDATE numbers SET online='1' WHERE id='".$userid."'") 
            //or die(mysql_error());  

            //$type = mysql_query("UPDATE numbers SET type='facetime' WHERE id='".$userid."'") 
            //or die(mysql_error()); 
            echo $userid;
            echo 'error code 2';
            header ('Location: ../control_panel.php');
    }
        else
        {
            $userid = "";
            $_SESSION["userid"] = "";
            header ('Location: ../index.php');
            echo 'error code 3';
        }

        //debug
        //echo $password;
        //$useridvar = $_SESSION["userid"];
        //echo $useridvar;
}
        if ($_SESSION["userid"]=="")
    {
        header ('Location: ../index.php');
        echo 'error code 4';
    }



    //else
    //{
    //  $userid = "";
    //  $_SESSION["userid"]= "";
    //  header ('Location: ../login.php');
    //}

?>

---

Your code is very bad. You are looping through the entire users table? That's awful. Try this:

<?php

include("connect.php");

$username = $_POST["username"];
$password = $_POST["password"];

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

if (empty($_POST['username']) || empty($_POST['password']))
{
    header ('Location: ../index.php?emptyusernameorpassword');
    die();
}

$result = mysql_query("SELECT * FROM users where username = '".$username."' and password = '".$password."' LIMIT 1") or die('Invalid query: ' . mysql_error());
$row3 = mysql_fetch_assoc($result);

if(mysql_num_rows($result) != 0)
{
    $_SESSION["userid"] = $row3["id"];

    header ('Location: ../control_panel.php');
    die();
}
else
{
    $_SESSION["userid"] = "";
    header ('Location: ../index.php?invaliduserorpassword');
    die();
}

?>

---

Well, other answers already point to your main mistake: "Don't output anything before sending headers". Develroot also says that you should not loop through all the records of users table.

But if you are still interested in the reason why with two users you are redirected to the index, then this is the answer:

In your loop you planned that you will loop through all the records of the users table, and if you find the right one, you will redirect to the right place, and if you find a bad one, you redirect to the index.

So, depending on the order of the records in the table, your code usually does this:

• record 1: good user? Yes. Then set "Location" to "panel"
• record 2: good user? No. Overwrite the "Location", set to "index".

If you would break your loop after finding the good user, your code would work. (Inefficiently, but would work).

Of course, you really should design this procedure in the way Develroot suggests.

---

You cannot have output before issuing a 'header' command.

Also you need to issue an 'exit' straight after the header command.

---

Your calls to the header() function are preceded by calls to echo(). As far as I know, adding HTTP headers will not work if your script generated output before. Also, I think that the Location HTTP header requires an absolute path beginning with http:// or /. Then you should probably add exit() calls right after your calls to header() to prevent any other header information from being added later on.

---

i can't see where you called session_start(); this should be the first line in ur code if you want to use $_session['var'] in any script, you should start session first using session_start(), then every header() call should be followed by 'exit;' without '' i.e exit; else the script will continue to execute and won't load the link specified in the header.

---

Have you checked your error logs?

You're echoing text and then sending headers, this wont work.

Make sure in your php.ini you've set display_errors 1 And at the top of your file error_reporting(-1);