Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I need to confirm if is email and password correct , but it work with any password I enter. What's the problem? Here is the code:
<?php
if(isset($_POST['submit'])){
$email = mysql_real_escape_string($_POST['email']);
$pass = $_POST['password'];
$hash = hash("sha512", $pass);
$hash1 = hash("whirpool", $hash);
$hash2 = hash("sha384", $hash1);
$password = $hash2;
$query=mysql_query("SELECT * FROM register WHERE email='$email' AND password='$password'") or die(mysql_error());
$count=mysql_num_rows($query);
if($count==1){
while ($row=mysql_fetch_array($query)) {
$username=$row['username'];
$heslo=$row['password'];
$_SESSION['valid'] = $username;
if(isset($_SESSION['valid'])){
$realtime = date("d-m-Y h:i:s");
$session = $_SESSION['valid'];
echo "<script> window.location.replace('index.php');
</script>";
header("Location: index.php");
}else{
echo "Přihlášení neproběhlo správně";
}
}
}
}
?>
The problem you're facing is that you mispelled "whirpool" it should be "whirlpool"
I have changed the code a bit, and this seems to be working. The curly brackets order is the one messing it up for you, as the else points to the incorrect if.
I have added comments throughout the script, so you can see what I'm trying to say.
mysql_connect('localhost','user','pass');
mysql_select_db('test');
# You can use your post methods, I've used these for testing.
$email = mysql_real_escape_string('email');
$pass = $_GET['pw'];
$hash = hash("sha512", $pass);
$hash1 = hash("whirlpool", $hash);
$hash2 = hash("sha384", $hash1);
$pass = $hash2;
# Now you can see the PW input
echo $pass."<br>";
# Nonsense
$password = $pass;
# By using $sql you can echo your query to see what results would it yield upon running it.
$sql = "SELECT * FROM test WHERE em='$email' AND pw='$password'";
$query=mysql_query($sql) or die(mysql_error());
$count=mysql_num_rows($query);
# Echo stuff to see what their results are
echo $sql."<br>";
echo $count."<br>";
# Let's see if we all got it right?
if($count==1){
while ($row=mysql_fetch_array($query)) {
$username=$row['un'];
$heslo=$row['pw'];
$_SESSION['valid'] = $username;
if(isset($_SESSION['valid'])){
$realtime = date("d-m-Y h:i:s");
$session = $_SESSION['valid'];
# Commented out for testing purposes. I mean the header.
echo "all is well";
//header("Location: index.php");
} // this closes the if(isset...
} // this closes the while loop
# Note that the curly brackets have changed. Now the else points correctly to the other branch if $count is not equal to 1.
} else {
echo "Přihlášení neproběhlo správně";
}
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I'm trying to open up my "index.php" file when I log-in on my website with the correct info but I keep getting errors.
Here's my code:
<?php
session_start();
include 'dbase.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM user WHERE uid = '$uid' AND pwd = '$pwd'";
$result = $conn->query($sql);
if (!$row = mysqli_fetch_assoc($result))
{
echo "Your username or password is incorrect!";
}
else
{
echo fgets($index);
}
You should also consider using prepared statements and PDO. Prepared statements will help prevent against SQL Injection
Your dbase.php will be like
try {
$db = new PDO('mysql:host=localhost;dbname=yourDBName', 'username', 'password');
} catch (PDOException $e) {
echo $e->getMessage();
}
Then your implementation
include 'dbase.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM `user` WHERE `uid` = :uid AND `pwd` = :pwd";
$statement = $db->prepare($sql);
$userData = [
'uid'=>$uid,
'pwd'=>$pwd
];
$statement->execute($userData);
if($statement->rowCount() > 0){
header('Location: index.php');
exit();
}else{
echo "Your username or password is wrong!";
}
In else condition block, redirect to index file
if (!$row = mysqli_fetch_assoc($result))
{
echo "Your username or password is incorrect!";
}
else
{
header("location: index.php");
exit();
}
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
The problem is that everytime (also when I type in the right username and password combination) the error message "Failed 2" appears.
<?php
if (isset($_POST["login-submit"])) {
if(!empty($_POST["username"]) && !empty($_POST["password"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$username = mysql_set_charset($username);
$password = mysql_set_charset($password);
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$result = mysql_query("select * from user where username = '$username' and password = '$password'");
$row = mysql_fetch_array($result);
if($row["username"] == $username && $row["password"] == $password) {
//header("Location: index.php");
echo "<p>Login</p>";
} else {
echo "<p>Failed 2</p>";
}
} else {
echo "<p>Failed 1</p>";
}
}
?>
A Possible problem could be:
You are comparing plain password (from $_POST) with password that
might be encrypted in the database. If this is the case make sure you
encrypt your request password before you compare with saved password
It could be the case that you have saved your username or password with trailing spaces. If this is the case make sure you trim your data before doing comparison
Try to var_dump or print $row (also $_POST) and see what you are getting for more information
I'd recommend using PDO (PHP Data Objects) to run parameterized SQL queries.
It protects you against SQL injection and it speeds up your queries.
Then you can write something like this:
$db = db($server, $user, $pass, $db);
$sql = "select * from user where username =:username and password=:password";
$stmt = $db->prepare($sql);
$stmt->bindParam("user", $yourPostUsername);
$stmt->bindParam("pass", $yourPostPassword);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_OBJ);
if ($result) {
echo "<p>Login</p>";
} else {
echo "<p>Failed 2</p>";
}
Thanks for your helpful answers. I changed to mysqli. Now the code works. Here it is:
<?php
if (isset($_POST["login-submit"])) {
if(!empty($_POST["username"]) && !empty($_POST["password"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$login = "select * from user where username = '$username' and password = '$password'";
$result = mysqli_query($db, $login);
$count = mysqli_num_rows($result);
if ($count == 1) {
//header("Location: index.php");
echo "<p>Login</p>";
} else {
echo "<p>Failed 2</p>";
}
} else {
echo "<p>Failed 1</p>";
}
}
?>
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I wrote a PHP code with MySQL for a login form.
Now I heard it's better to use MySQLi - so I tried to rewrite the code. This is my working MySQL code:
$username = $_POST["username"];
$password = md5($_POST["password"]);
$query = "SELECT username, password FROM accounts WHERE username LIKE '$username' LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_object($result);
if($row->password == $password)
{
echo "<h3>Hallo $username</h3>";
$_SESSION["username"] = $username;
echo "Login succesfully:";
}
else
{
echo "Login not succesfully";
}
To use MySQLi I tried to change it to the following:
$username = $_POST["username"];
$password = md5($_POST["password"]);
$query = "SELECT username, password FROM accounts WHERE username LIKE '$username' LIMIT 1";
$result = mysqli_query($query);
$row = mysqli_fetch_object($result);
if($row->password == $password)
{
echo "<h3>Hallo $username</h3>";
$_SESSION["username"] = $username;
echo "Login succesfully:";
}
else
{
echo "Login not succesfully";
}
But unfortunately this does not work.
You need to pass database connection string to mysqli_query() as first parameter and the SQL string as second parameter.
In your case, you are passing only one parameter.
That is why it is not working.
Corrected code:
$result = mysqli_query($con,$query);
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
This is my attempt at a basic mysqli php login script (im only learning, so please dont be too harsh).
Can anyone see why it would be bringing up 0 rows every time and failing to login?
<?php
$con = mysqli_connect("localhost","user","pass","database");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL, Please contact an Administrator";
}
$username = mysqli_real_escape_string($_POST['username']);
$password = mysqli_real_escape_string($_POST['password']);
$query = "SELECT * FROM users WHERE user_name='$username' AND pass_phrase='$password'";
$result = mysqli_query($con, $query);
$row_cnt = mysqli_num_rows($result);
if (!$row_cnt == 0) {
echo "Usename/Password Combination Failed";
} else {
echo "Welcome " . $_POST['username'];
}
mysqli_close($con);
?>
You need to pass DB connection to mysqli_real_escape_string() as an added parameter.
What you're presently using:
$username = mysqli_real_escape_string($_POST['username']);
$password = mysqli_real_escape_string($_POST['password']);
What you should be using:
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
Plus, if if (!$row_cnt == 0) doesn't work after making those changes, try a reverse approach:
I.e.:
$row_cnt = mysqli_num_rows($result);
if ($row_cnt > 0) {
echo "Welcome " . $_POST['username'];
} else {
echo "Usename/Password Combination Failed";
}
Consider adding or die(mysqli_error($con)) to mysqli_query() to signal errors in code.
Sidenote:
I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.
I recommed you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function.
For PHP < 5.5 use the password_hash() compatibility pack.
Footnotes:
Consider looking into using:
Prepared statements, or PDO with prepared statements, they're much safer.
Try removing ! or == 0 from your if condition at the bottom. Or even better:
if ($row_cnt) {
// Welcome
} else {
// Notify about authentication failure
}
Also, it's a good practice to hash your password/pass phrase.
This is very basic approach for login, assuming you have user table with id, username, and password :
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$errors = array();
if(!$_POST['username']) //check if username has been filled
{
$errors[] = 'bla bla text for empty username notice';
}
else
{
$username = mysqli_real_escape_string($conn, trim($_POST['username']));
}
if(!$_POST['password'])//check if password has been filled
{
$errors[] = 'bla bla text for empty password notice';
}
else
{
$password = mysqli_real_escape_string($conn, trim($_POST['username']));
}
if(empty($errors)) //no errors appears
{
$query = "SELECT * FROM tablename WHERE user_name = '$username' AND password = SHA1('$password')";
$result = #mysqli_query($conn, $query);
if(mysqli_num_rows($result) == 1)
{
//if one database row (record) matches the input:
// Start the session, fetch the record and insert the three values in an array
session_start();
$_SESSION = mysqli_fetch_array($result, MYSQLI_ASSOC);
header("direct to after login page");
}
else
{
// No match was made
$errors[] = 'Sorry no record match with the data you have submitted';
}
}
else
{
// If there was a problem.
echo mysqli_connect_error($conn);
}
}
You need to fix the quoting in your query. Right now you are trying to login as a user with user name $username and password $password and most likely no such combination exists. Also unless you are allowing two users to have the same username you should just query based on the username and then compare the hashed password provided with the stored hashed password.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I am trying to make login page. i store some data in the database. when i enter the data then it will show the error which i don't know y is coming because i define the index.....
php code
//var_dump($_POST);
// Grab User submitted information
$user = $_POST["username"];
$pass = $_POST["password"];
if(empty($user) && empty($pass))
{
$msg = "Pleae enter username and password";
}
else
{
// Connect to the database
$con = mysql_connect("localhost","root","","jj");
// Make sure we connected succesfully
if(! $con)
{
session_start();
$_SESSION['Logged in'] = true;
die('Connection Failed'.mysql_error());
}
// Select the database to use
mysql_select_db("jj");
$qry = "SELECT username, password FROM login WHERE username = '".$user."' and password = '".$pass."'";
echo $qry;
$result = mysql_query($qry);
//var_dump($result);
$row = mysql_fetch_array($result);
//var_dump($row); //check the row
if($row["username"]==$user && $row["password"]==$pass)
{
$msg = "You are a validated user.";
session_start();
$_SESSION['username'] = $row["username"];
$_SESSION['logged_in'] = true;
header("Location: Iphoneunlockingcenter.html");
die();
}
else
{
$msg ="Sorry, your credentials are not valid, Please try again.";
}
}
}
?>
when i try to login then error comes
which the pic is showing
you have to use ISSET.
try replace this
$user = $_POST["username"];
$pass = $_POST["password"];
by
if(isset($_POST["username"]) and isset($_POST["password"])){
$user = mysql_real_escape_string($_POST["username"]); //escape your variables
$pass = mysql_real_escape_string($_POST["password"]);
}
else {
$user = '';
$pass = '';
}