here am trying to get username and password from the database and if their result is found then redirect to some page but mysqli_num_rows returns 0 always i dunno why `
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM `login` WHERE username = '$username' AND password = '$password'";
$run = mysqli_query($con,$query);
if (mysqli_num_rows($run) == 1) {
header("location: login.php");
}}?>
`
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "ornament"; // My local DB Name
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$username = "test"; // $_POST["username"] value
$password = "test"; // $_POST["password"] value
$sql = "SELECT * FROM `ornament` WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1) {
echo "correct";
} else {
echo "wrong";
}
mysqli_close($conn);
?>
</body>
</html>
OUTPUT:
correct
I have a database name and table name are same, But for me it's working fine.
NOTE: Please check the whether you are using correct password while getting from POST.
Any how you got a solution, Have a great day
Thanks
Muthu
Related
I have looked at similar questions on here and have found none that help me with this issue.
I have a database which contains a user table for name, email and password.
My HTML is a very basic form:
<form action = "" method = "post">
<label>Email :</label><input type = "text" name = "email" >
<label>Password :</label><input type = "password" name = "password" />
<input type = "submit" value = " Submit "/>
</form>
My php is:
$servername = "localhost";
$username = "student_user";
$password = "";
$db_name = "Student_db";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $db_name);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if($_SERVER["REQUEST_METHOD"] == "POST") {
$email - mysqli_real_escape_string($conn,$_POST['email']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
$sql = ("SELECT * FROM user WHERE u_email = '$email' and u_password = '$password'");
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $email and $mypassword, table row must be 1 row
if($count == 1) {
echo "Login Successful";
}else {
echo "Login Unsuccessful";
}
}
When I enter the correct generic email and password I have in the database, it still echos that the login is unsuccessful. I'm not sure why.
$email - replace with $email =
$servername = "localhost";
$username = "student_user";
$password = "";
$db_name = "Student_db";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $db_name);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if($_SERVER["REQUEST_METHOD"] == "POST") {
$email = mysqli_real_escape_string($conn,$_POST['email']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
$sql = ("SELECT * FROM user WHERE u_email = '$email' and u_password = '$password'");
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $email and $mypassword, table row must be 1 row
if($count == 1) {
echo "Login Successful";
}else {
echo "Login Unsuccessful";
}
}
There is issue with your assignment operator in your php code.
You are using
$email - mysqli_real_escape_string($conn,$_POST['email']);
Which is wrong you have to use
$email = mysqli_real_escape_string($conn,$_POST['email']);
you are using "-" insted of "="
Still loggin in even if the username and password is incorrect and also logins even if the value is null
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "login";
$conn = mysqli_connect($hostname, $username, $password, $dbname);
if (!$conn) {
die ("unable to connect");
}
if ($_POST) {
$uname = $_POST ["username"];
$pass = $_POST ["password"];
$sql = "SELECT * FROM users WHERE username = '$uname' AND password = '$pass' LIMIT 1 ";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1){
include("graph.php");
} else {
echo "Incorrect";
}
}
?>
First of all and very important it that you are open to SQL Injection attack, so you should use prepared statements, here is how should use your code, but instead of echo "Incorrect"; you should render different answer for each case:
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "login";
$conn = mysqli_connect($hostname, $username, $password, $dbname);
if (!$conn) {
die ("unable to connect");
}
if (isset($_POST["username"]) && isset($_POST["password"])) { // Check if you have posted data via POST
$uname = $_POST["username"];
$pass = $_POST["password"];
$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1 ";
if($stmt = $conn->prepare($sql)) { // Check for MySQL errors
$stmt->bind_param('ss', $uname, $pass);
if ($stmt->execute()) {
$stmt->close();
include("graph.php");
} else { // There is a problem with your SELECT // bind params
echo "Incorrect";
}
} else { // You should handle mysql errors here
echo "Incorrect";
}
} else { // You don't have POST data
echo "Incorrect";
}
?>
Prepared statements
Like #Kuya notice you have and many other problems, there is a lot of tutorials in Google about implementation of login system.
You must check the post request with isset() in php like this :
<?php
if (isset($_POST["username"] && isset($_POST["password"]))) {
//..... Your code here
}else {
echo "Incorrect password or username";
}
?>
I was trying to make a page where you can log in and then change your nickname or/and password. Everything in mySQL database, but when I try to save the id to session variable, it doesn't work. Any suggestions?
I am using XAMPP, users is my table in database users, I'm not posting login form code, because it's very simple.
Everything is connected, code doesn't give any warnings or errors.
login.php (fragment):
$sql = "SELECT * FROM users WHERE nickname = '$myusername' and pass = '$mypassword' and confirmed = 1";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$logged = true;
while($row = mysqli_fetch_assoc($result)) {
echo "id: " . $row["id"];
$_SESSION['currentId'] = $row["id"];
echo 'Id: ' . $_SESSION['currentId'];
}
}else {
$error = "Your Login Name or Password is invalid";
}
}
change.php (whole):
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "Users";
$currentId = $_SESSION['currentId'];
if($currentId<1){echo 'No Id.';}
else {echo 'CurrentId: ';
echo $currentId;}
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully <br>";
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$aCUname = mysqli_real_escape_string($conn,$_POST['CUname']);
$aCUpass = mysqli_real_escape_string($conn,$_POST['CUpass']);
$sql = "UPDATE users SET nickname = '$aCUname', pass = '$aCUpass' WHERE id = '$currentId';";
$result = mysqli_query($conn,$sql);
echo 'Updated successfully.';
}
?>
Thanks for help.
I got a solution. I just had to delete
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
from login.php. Thanks to #Shashikumar Misal !
How can i convert this statement into mysqli. i tried converting it but is not working. what am i missing. I want to connect to a login form.
This is the code i converted.
<?php
include('admin/dbcon.php');
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
/* teacher */
$query_teacher = mysql_query("SELECT * FROM teacher WHERE username='$username' AND password='$password'")or die(mysql_error());
$num_row_teacher = mysql_num_rows($query_teacher);
$row_teahcer = mysql_fetch_array($query_teacher);
/* admin */
$query_admin = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'")or die(mysql_error());
$num_row_admin = mysql_num_rows($query_admin);
$row_admin = mysql_fetch_array($query_admin);
if ($num_row_teacher > 0){
$_SESSION['id']=$row_teahcer['teacher_id'];
echo 'true';
}else if ($num_row_admin > 0){
$_SESSION['id']=$row_admin['user_id'];
echo 'true_admin';
}else{
echo 'false';
}
?>
This is the converted mysqli but i cannot still log on am i missing something. I will be very grateful if you can help me solve this.
<?php
// establishing the MySQLi connection
$con = mysqli_connect("localhost","root","","retreat");
if (mysqli_connect_errno())
{
echo "MySQLi Connection was not established: " . mysqli_connect_error();
}
// checking the user
session_start();
$username = mysqli_real_escape_string($con,$_POST['username'];
$password = mysqli_real_escape_string($con,$_POST['password'];
/* teacher */
$query_teacher = "SELECT * FROM teacher WHERE username='$username' AND password='$password'";
$num_row_teacher = mysqli_query($con,$query_teacher);
$row_teahcer = mysqli_num_rows($num_row_teacher);
/* admin */
$query_admin = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$num_row_admin = mysqli_query($con,$query_admin);
$row_admin = mysqli_num_rows($num_row_admin);
if ($row_teahcer > 0){
//$_SESSION['user_email']=$email;
$_SESSION['']=$row_teacher['teacher_id'];
echo 'true';
}else if ($num_row_admin > 0){
$_SESSION['id']=$row_admin['user_id'];
echo 'true_admin';
}else{
echo 'false';
}
?>
<?php
//db details
$dbHost = 'localhost';
$dbUsername = 'root';
$dbPassword = '';
$dbName = 'retreat';
//Connect and select the database
$db = new mysqli($dbHost, $dbUsername, $dbPassword, $dbName);
if ($db->connect_error) {
die("Connection failed: " . $db->connect_error);
}
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
/* teacher */
$query = $db->query("SELECT * FROM teacher WHERE username='$username' AND password='$password'")or die(mysqli_error());
$num_row_teacher = mysqli_num_rows($query);
$row_teahcer = mysqli_fetch_array($query);
/* admin */
$query_admin = $db->query("SELECT * FROM users WHERE username='$username' AND password='$password'")or die(mysqli_error());
$num_row_admin = mysqli_num_rows($query_admin);
$row_admin = mysqli_fetch_array($query_admin);
if ($num_row_teacher > 0){
$_SESSION['id']=$row_teahcer['teacher_id'];
echo 'true';
}else if ($num_row_admin > 0){
$_SESSION['id']=$row_admin['user_id'];
echo 'true_admin';
}else{
echo 'false';
}
enter code here
?>
Your are missing
$row_teahcer=mysqli_fetch_array($num_row_teacher);
$row_admin=mysqli_fetch_array( $num_row_admin);
Its a simple registration with username and password, but when I try to insert it to the database it always fails and I don't know why, can someone help me with this?
include "db.php";
if (isset($_POST['submit']))
{
$username= $_POST['leguser'] ;
$password= $_POST['legpass'] ;
$pwhash = password_hash($password, PASSWORD_DEFAULT) ;
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
echo var_dump ($username);
echo var_dump ($password);
echo var_dump ($pwhash);
$sql = "SELECT * FROM tbl_users WHERE fld_username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows === 1) {
echo "<script>alert('Username already used!');</script>"; }
else
{
$q = "INSERT INTO `tbl_users` (`fld_username`) VALUES ('$username')";
$result = mysql_query($q);
if ($result) {
echo 'success';
} else {
echo 'failure';
}
}
This is the code of the database connection (db.php)
<?php
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = '';
$DB_NAME = 'rsi_db';
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
die('Connection failed [' . $conn->connect_error . ']');
}
By the way I only want to input only one data on the database which is the username, for me not to get complicated with every data that I want to put in the future.