Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 days ago.
Improve this question
It keeps redirecting me to index.php even though I log in as an admin
My code:
<?php
include "koneksi.php";
$username= $_POST['username'];
$password = $_POST['password'];
$login = mysqli_query ($koneksi,"SELECT * FROM petugas where username ='$username'and password = '$password'");
$cek = mysqli_num_rows($login);
if ($cek >0) {
$level = mysqli_fetch_assoc ($login);
if ($level["level"]=="admin"){
session_start();
$_SESSION["status"] = "login";
$_SESSION["user"] ="admin";
header ("location:crudsiswa.php");
}
else if ($level["level"]=="petugas"){
session_start();
$_SESSION["status"] = "login";
$_SESSION["user"] = "petugas";
header("location:entrypembayaran.php");
}
else if ($level["level"]=="siswa"){
session_start();
$_SESSION["status"] = "login";
$_SESSION["user"] = "siswa";
header("location:lihathistorypembayaran.php");
}
}else{
header("location:index.php? aksi=gagal");
}
?>
Thanks for helping me!
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I've got the following code but i can't get the user to log into their account, in the database the length of the password its stored as is 35. I have var_dump the password variable to see what is inserted into it and its the same value as the password stored in the database. Any help, appreciate it
<?php
include_once("config.php");
session_start();
$message = "";
if (isset($_POST['username'])) {
$username = ($_POST['username']);
$password =md5($_POST['password']);
$password = ($password);
$sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($query);
$userid = $row[0];
$checkuser = $row[5];
$checkpassword = $row[4];
$type = $row[1];
$name = $row[2];
$surname = $row[3];
if ($username != $checkuser || $password != $checkpassword) {
$message = " username or password entered is incorrect.";
}
if ($username == $checkuser && $password == $checkpassword) {
$_SESSION['username'] = $username;
$_SESSION['type'] =$type;
$_SESSION['name'] = $name;
$_SESSION['surname'] = $surname;
$_SESSION['userid'] = $userid;
if($_SESSION['type'] == "admin") {
header("Location: adminindex.php");
} else {
header("Location: index.php");
}
}
}
?>
There may or may not be an issue with the fact that you're not using prepared statements, but you're definitely leaving yourself open to SQL injection.
Prepared statement example:
$stmt = $conn->prepare("SELECT * FROM user WHERE username =? AND password=?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
See: http://php.net/manual/en/mysqli.prepare.php
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
I have a login script written in PHP. If the username or password is incorrect, it will echo 'Username or password is invalid', which is currently what's happening (even though the username and password is correct)
Here's my PHP code:
<form method="POST">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" name="submit">
</form>
<?php
$con = mysqli_connect("localhost","dbuser","dbpass","dbname");
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
$logincheck = mysqli_connect($con, "SELECT * FROM `users` WHERE username='$username' and password='$password'");
$result = mysqli_query($con, $logincheck);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
if($count == 1){
$_SESSION['login_user'] = $username;
header('Location: index.php');
}else{
echo "Username or password is invalid.";
}
}
?>
Some error in fetching data and may be use forgot to use md5 if password is encrypted so make sure first
if(isset($_POST['submit']))
{
$con = mysqli_connect("localhost","root","","test");
$username = $_POST['username'];
$password = md5($_POST['password']);
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($con,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
if(mysqli_num_rows($result) == 1)
{
$_SESSION['login_user'] = $username;
header('Location: index.php');
}
else
{
echo "Username or password is invalid.";
}
}
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I wrote a PHP code with MySQL for a login form.
Now I heard it's better to use MySQLi - so I tried to rewrite the code. This is my working MySQL code:
$username = $_POST["username"];
$password = md5($_POST["password"]);
$query = "SELECT username, password FROM accounts WHERE username LIKE '$username' LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_object($result);
if($row->password == $password)
{
echo "<h3>Hallo $username</h3>";
$_SESSION["username"] = $username;
echo "Login succesfully:";
}
else
{
echo "Login not succesfully";
}
To use MySQLi I tried to change it to the following:
$username = $_POST["username"];
$password = md5($_POST["password"]);
$query = "SELECT username, password FROM accounts WHERE username LIKE '$username' LIMIT 1";
$result = mysqli_query($query);
$row = mysqli_fetch_object($result);
if($row->password == $password)
{
echo "<h3>Hallo $username</h3>";
$_SESSION["username"] = $username;
echo "Login succesfully:";
}
else
{
echo "Login not succesfully";
}
But unfortunately this does not work.
You need to pass database connection string to mysqli_query() as first parameter and the SQL string as second parameter.
In your case, you are passing only one parameter.
That is why it is not working.
Corrected code:
$result = mysqli_query($con,$query);
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I am able to pass the user name but i cant pass the id for some reason. going from page 1 to page 2. In page 2 i echo $result in the html body. The name on the login screen will be passed over but the id is blank when i show it. comes up id:name:myName
page1
<?php
session_start();
if(isset($_POST['submit'])) {
$dbu = "myName";
$dbp = "abc123";
$uid = "1111";
$name = $_POST['user'];
$pass = $_POST['pass'];
if($name == $dbu && $pass == $dbp)
{
$_SESSION['user'] = $name;
$_SESSION['id'] = $uid;
header("Location: test.php");
}
else
{ header("Location: unsuccessful.php"); }
}
?>
page2
<?php
session_start();
if(isset($_SESSION['id']))
{
$uid = $SESSION['id'];
$name = $_SESSION['user'];
$result = " id:".$uid."user:".$name;
}
else
{ $result = "not logged in"; }
?>
change to this:
from ::
$uid = $SESSION['id'];
To
$uid = $_SESSION['id'];
You are just complicating issues. Are you initializing login variables within php codes or are you sending it from a form inputs.
Any way create table as follows and try to login with the code below. you will be okay.
This code has been tested and it will work for you
create table users(id int primary key auto_increment, username varchar(100), password varchar(100));
insert into users(username,password) values('sectona','sectona09');
<?php
$db = new PDO (
'mysql:host=localhost;dbname=sectona_db;charset=utf8',
'root', // username
'root89' // password
);
?>
<?php
session_start();
require("pdo.php");
$uname=$_POST["uname"];
$pass=$_POST["pass"];
$statement = $db->prepare('
SELECT * FROM users
WHERE username = :username
AND password = :password
');
$statement->execute(array(
':username' => $uname,
':password' => $pass));
if ($row = $statement->fetch()) {
// Ensure that session fixation attack is not possible
session_regenerate_id();
$_SESSION['SESS_USERNAME'] = $row['username'];
$_SESSION['SESS_PASSWORD'] = $row['password'];
echo '<script>
window.setTimeout(function() {
window.location.href = "welcome.php";
}, 2000);
</script>';
}else{
echo '<font color=red size=2><b>Wrong Login Account</b></font>';
}
?>
welcome.php
<?php
session_start();
Welcome <?php echo $_SESSION['SESS_USERNAME']; ?>
?>
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I am trying to make login page. i store some data in the database. when i enter the data then it will show the error which i don't know y is coming because i define the index.....
php code
//var_dump($_POST);
// Grab User submitted information
$user = $_POST["username"];
$pass = $_POST["password"];
if(empty($user) && empty($pass))
{
$msg = "Pleae enter username and password";
}
else
{
// Connect to the database
$con = mysql_connect("localhost","root","","jj");
// Make sure we connected succesfully
if(! $con)
{
session_start();
$_SESSION['Logged in'] = true;
die('Connection Failed'.mysql_error());
}
// Select the database to use
mysql_select_db("jj");
$qry = "SELECT username, password FROM login WHERE username = '".$user."' and password = '".$pass."'";
echo $qry;
$result = mysql_query($qry);
//var_dump($result);
$row = mysql_fetch_array($result);
//var_dump($row); //check the row
if($row["username"]==$user && $row["password"]==$pass)
{
$msg = "You are a validated user.";
session_start();
$_SESSION['username'] = $row["username"];
$_SESSION['logged_in'] = true;
header("Location: Iphoneunlockingcenter.html");
die();
}
else
{
$msg ="Sorry, your credentials are not valid, Please try again.";
}
}
}
?>
when i try to login then error comes
which the pic is showing
you have to use ISSET.
try replace this
$user = $_POST["username"];
$pass = $_POST["password"];
by
if(isset($_POST["username"]) and isset($_POST["password"])){
$user = mysql_real_escape_string($_POST["username"]); //escape your variables
$pass = mysql_real_escape_string($_POST["password"]);
}
else {
$user = '';
$pass = '';
}