Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I'm trying to open up my "index.php" file when I log-in on my website with the correct info but I keep getting errors.
Here's my code:
<?php
session_start();
include 'dbase.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM user WHERE uid = '$uid' AND pwd = '$pwd'";
$result = $conn->query($sql);
if (!$row = mysqli_fetch_assoc($result))
{
echo "Your username or password is incorrect!";
}
else
{
echo fgets($index);
}
You should also consider using prepared statements and PDO. Prepared statements will help prevent against SQL Injection
Your dbase.php will be like
try {
$db = new PDO('mysql:host=localhost;dbname=yourDBName', 'username', 'password');
} catch (PDOException $e) {
echo $e->getMessage();
}
Then your implementation
include 'dbase.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM `user` WHERE `uid` = :uid AND `pwd` = :pwd";
$statement = $db->prepare($sql);
$userData = [
'uid'=>$uid,
'pwd'=>$pwd
];
$statement->execute($userData);
if($statement->rowCount() > 0){
header('Location: index.php');
exit();
}else{
echo "Your username or password is wrong!";
}
In else condition block, redirect to index file
if (!$row = mysqli_fetch_assoc($result))
{
echo "Your username or password is incorrect!";
}
else
{
header("location: index.php");
exit();
}
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
The problem is that everytime (also when I type in the right username and password combination) the error message "Failed 2" appears.
<?php
if (isset($_POST["login-submit"])) {
if(!empty($_POST["username"]) && !empty($_POST["password"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$username = mysql_set_charset($username);
$password = mysql_set_charset($password);
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$result = mysql_query("select * from user where username = '$username' and password = '$password'");
$row = mysql_fetch_array($result);
if($row["username"] == $username && $row["password"] == $password) {
//header("Location: index.php");
echo "<p>Login</p>";
} else {
echo "<p>Failed 2</p>";
}
} else {
echo "<p>Failed 1</p>";
}
}
?>
A Possible problem could be:
You are comparing plain password (from $_POST) with password that
might be encrypted in the database. If this is the case make sure you
encrypt your request password before you compare with saved password
It could be the case that you have saved your username or password with trailing spaces. If this is the case make sure you trim your data before doing comparison
Try to var_dump or print $row (also $_POST) and see what you are getting for more information
I'd recommend using PDO (PHP Data Objects) to run parameterized SQL queries.
It protects you against SQL injection and it speeds up your queries.
Then you can write something like this:
$db = db($server, $user, $pass, $db);
$sql = "select * from user where username =:username and password=:password";
$stmt = $db->prepare($sql);
$stmt->bindParam("user", $yourPostUsername);
$stmt->bindParam("pass", $yourPostPassword);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_OBJ);
if ($result) {
echo "<p>Login</p>";
} else {
echo "<p>Failed 2</p>";
}
Thanks for your helpful answers. I changed to mysqli. Now the code works. Here it is:
<?php
if (isset($_POST["login-submit"])) {
if(!empty($_POST["username"]) && !empty($_POST["password"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$login = "select * from user where username = '$username' and password = '$password'";
$result = mysqli_query($db, $login);
$count = mysqli_num_rows($result);
if ($count == 1) {
//header("Location: index.php");
echo "<p>Login</p>";
} else {
echo "<p>Failed 2</p>";
}
} else {
echo "<p>Failed 1</p>";
}
}
?>
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I've got the following code but i can't get the user to log into their account, in the database the length of the password its stored as is 35. I have var_dump the password variable to see what is inserted into it and its the same value as the password stored in the database. Any help, appreciate it
<?php
include_once("config.php");
session_start();
$message = "";
if (isset($_POST['username'])) {
$username = ($_POST['username']);
$password =md5($_POST['password']);
$password = ($password);
$sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($query);
$userid = $row[0];
$checkuser = $row[5];
$checkpassword = $row[4];
$type = $row[1];
$name = $row[2];
$surname = $row[3];
if ($username != $checkuser || $password != $checkpassword) {
$message = " username or password entered is incorrect.";
}
if ($username == $checkuser && $password == $checkpassword) {
$_SESSION['username'] = $username;
$_SESSION['type'] =$type;
$_SESSION['name'] = $name;
$_SESSION['surname'] = $surname;
$_SESSION['userid'] = $userid;
if($_SESSION['type'] == "admin") {
header("Location: adminindex.php");
} else {
header("Location: index.php");
}
}
}
?>
There may or may not be an issue with the fact that you're not using prepared statements, but you're definitely leaving yourself open to SQL injection.
Prepared statement example:
$stmt = $conn->prepare("SELECT * FROM user WHERE username =? AND password=?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
See: http://php.net/manual/en/mysqli.prepare.php
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I wrote a PHP code with MySQL for a login form.
Now I heard it's better to use MySQLi - so I tried to rewrite the code. This is my working MySQL code:
$username = $_POST["username"];
$password = md5($_POST["password"]);
$query = "SELECT username, password FROM accounts WHERE username LIKE '$username' LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_object($result);
if($row->password == $password)
{
echo "<h3>Hallo $username</h3>";
$_SESSION["username"] = $username;
echo "Login succesfully:";
}
else
{
echo "Login not succesfully";
}
To use MySQLi I tried to change it to the following:
$username = $_POST["username"];
$password = md5($_POST["password"]);
$query = "SELECT username, password FROM accounts WHERE username LIKE '$username' LIMIT 1";
$result = mysqli_query($query);
$row = mysqli_fetch_object($result);
if($row->password == $password)
{
echo "<h3>Hallo $username</h3>";
$_SESSION["username"] = $username;
echo "Login succesfully:";
}
else
{
echo "Login not succesfully";
}
But unfortunately this does not work.
You need to pass database connection string to mysqli_query() as first parameter and the SQL string as second parameter.
In your case, you are passing only one parameter.
That is why it is not working.
Corrected code:
$result = mysqli_query($con,$query);
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I need to confirm if is email and password correct , but it work with any password I enter. What's the problem? Here is the code:
<?php
if(isset($_POST['submit'])){
$email = mysql_real_escape_string($_POST['email']);
$pass = $_POST['password'];
$hash = hash("sha512", $pass);
$hash1 = hash("whirpool", $hash);
$hash2 = hash("sha384", $hash1);
$password = $hash2;
$query=mysql_query("SELECT * FROM register WHERE email='$email' AND password='$password'") or die(mysql_error());
$count=mysql_num_rows($query);
if($count==1){
while ($row=mysql_fetch_array($query)) {
$username=$row['username'];
$heslo=$row['password'];
$_SESSION['valid'] = $username;
if(isset($_SESSION['valid'])){
$realtime = date("d-m-Y h:i:s");
$session = $_SESSION['valid'];
echo "<script> window.location.replace('index.php');
</script>";
header("Location: index.php");
}else{
echo "Přihlášení neproběhlo správně";
}
}
}
}
?>
The problem you're facing is that you mispelled "whirpool" it should be "whirlpool"
I have changed the code a bit, and this seems to be working. The curly brackets order is the one messing it up for you, as the else points to the incorrect if.
I have added comments throughout the script, so you can see what I'm trying to say.
mysql_connect('localhost','user','pass');
mysql_select_db('test');
# You can use your post methods, I've used these for testing.
$email = mysql_real_escape_string('email');
$pass = $_GET['pw'];
$hash = hash("sha512", $pass);
$hash1 = hash("whirlpool", $hash);
$hash2 = hash("sha384", $hash1);
$pass = $hash2;
# Now you can see the PW input
echo $pass."<br>";
# Nonsense
$password = $pass;
# By using $sql you can echo your query to see what results would it yield upon running it.
$sql = "SELECT * FROM test WHERE em='$email' AND pw='$password'";
$query=mysql_query($sql) or die(mysql_error());
$count=mysql_num_rows($query);
# Echo stuff to see what their results are
echo $sql."<br>";
echo $count."<br>";
# Let's see if we all got it right?
if($count==1){
while ($row=mysql_fetch_array($query)) {
$username=$row['un'];
$heslo=$row['pw'];
$_SESSION['valid'] = $username;
if(isset($_SESSION['valid'])){
$realtime = date("d-m-Y h:i:s");
$session = $_SESSION['valid'];
# Commented out for testing purposes. I mean the header.
echo "all is well";
//header("Location: index.php");
} // this closes the if(isset...
} // this closes the while loop
# Note that the curly brackets have changed. Now the else points correctly to the other branch if $count is not equal to 1.
} else {
echo "Přihlášení neproběhlo správně";
}
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I am trying to make login page. i store some data in the database. when i enter the data then it will show the error which i don't know y is coming because i define the index.....
php code
//var_dump($_POST);
// Grab User submitted information
$user = $_POST["username"];
$pass = $_POST["password"];
if(empty($user) && empty($pass))
{
$msg = "Pleae enter username and password";
}
else
{
// Connect to the database
$con = mysql_connect("localhost","root","","jj");
// Make sure we connected succesfully
if(! $con)
{
session_start();
$_SESSION['Logged in'] = true;
die('Connection Failed'.mysql_error());
}
// Select the database to use
mysql_select_db("jj");
$qry = "SELECT username, password FROM login WHERE username = '".$user."' and password = '".$pass."'";
echo $qry;
$result = mysql_query($qry);
//var_dump($result);
$row = mysql_fetch_array($result);
//var_dump($row); //check the row
if($row["username"]==$user && $row["password"]==$pass)
{
$msg = "You are a validated user.";
session_start();
$_SESSION['username'] = $row["username"];
$_SESSION['logged_in'] = true;
header("Location: Iphoneunlockingcenter.html");
die();
}
else
{
$msg ="Sorry, your credentials are not valid, Please try again.";
}
}
}
?>
when i try to login then error comes
which the pic is showing
you have to use ISSET.
try replace this
$user = $_POST["username"];
$pass = $_POST["password"];
by
if(isset($_POST["username"]) and isset($_POST["password"])){
$user = mysql_real_escape_string($_POST["username"]); //escape your variables
$pass = mysql_real_escape_string($_POST["password"]);
}
else {
$user = '';
$pass = '';
}