I have a quick login form that i made for school the only problem is that when i try and login everything worked perfectly when i want to log into the first user (Username: hbutler Password: password) However when i try to login to my other accounts i get the page refresh which i have set it do if it is incorrect here is my code :
<?PHP
//Create the connection…
//("where the database is", 'Database login' , 'database password' , "Database name")
$con=mysqli_connect("", 'root', 'root', "Social");
//Check our connection…
if (mysqli_connect_errno($con))
{
echo " Sorry Mate";
}
$username = $_POST['username'];
$password = $_POST['pawd'];
$result = mysqli_query($con, "SELECT * FROM User_info");
$row = mysqli_fetch_array($result);
$value = $row['username'];
if($value == "$username")
{
$result = mysqli_query($con, "SELECT * FROM User_info WHERE username ='$username'");
$row = mysqli_fetch_array($result);
$value = $row['password'];
if($value == "$password")
{
$sql=("UPDATE user_check SET user = '1', name = '$username'");
header( 'Location: feed.php' ) ;
}
else
{
header( 'Location: social.php' ) ;
}
}
else
{
header( 'Location: social.php' ) ;
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
?>
Which gets the form data from the previous page i do not know why this is happening and i have tryed changing the php to this :
$result = mysqli_query($con, "SELECT username FROM User_info");
$row = mysqli_fetch_array($result);
if($row == "$username")
Yet that doesnt work either any suggestions?
the problem is that, after your first query, to get the info from db, you are taking only the first row of the table,
$row = mysqli_fetch_array($result);
then comparing it with the submitted username, that's why you can't login with any other username, the solution is to add a WHERE clause to the first query,
$result = mysqli_query($con, "SELECT * FROM User_info WHERE username ='".$username."'");
then compare passwords that would be easier, but still, there are better ways to do the authentication. but for your example this should do.
Modify your code as below:
<?PHP
//Create the connection…
//("where the database is", 'Database login' , 'database password' , "Database name")
$con=mysqli_connect("", 'root', 'root', "Social");
//Check our connection…
if (mysqli_connect_errno($con))
{
echo " Sorry Mate";
}
$username = $_POST['username'];
$password = $_POST['pawd'];
$result = mysqli_query($con, "SELECT count(*) as count FROM User_info WHERE username ='$username' and password='$password'");
while( $rows = mysqli_fetch_array($con, $result) )
{ //Check for SQL INJECTION
if( $rows['count'] == 1 )
{
//$sql=("UPDATE user_check SET user = '1', name = '$username'");
//header( 'Location: feed.php' ) ;
//Other Operations
}
else
{
header( 'Location: social.php' ) ;
}
}
mysqli_close($con);
?>
Related
I've created a below script, which is intentionally not secure, in order to learn a bit more about cyber security.
session_start();
if($_SESSION['userSession']) {
header("location: home.php");
}
if($_POST) {
$username = $_POST['username'];
$password = $_POST['password'];
$con = mysqli_connect("localhost", "myUsername", "myPassword", "myDatabase");
if(!$con) {
die("Error: " . mysqli_connect_error());
}
$query = "SELECT * FROM users WHERE username = '$username' && password='$password'";
$result = mysqli_query($con, $query);
$numResults = mysqli_num_rows($result);
if($numResults == 1) {
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$_SESSION['userSession'] = $row['id'];
header("location: home.php");
} else {
echo "Error Logging In";
}
mysqli_close($con);
}
As you can see, I have not escaped the user input and the password has not been hashed.
Therefore, I am presuming that this should be an easily hackable login. However, I have attempted to use the below input in both of the username and password fields, but always get the output "Error Logging In".
password' OR '1' = '1'";
How can I try to bypass/hack my login script?
If we use sql statement directly to fetch username and password field then it can be bypass with ' OR '1' = '1 pattern, because when you put ' OR '1' = '1 in username and password field that values carry forward to sql statement and in that statement ' or '1' = '1 is true for all the cases and that's a reason login can bypass.
I want to know the error on this php coding, just wondering where is the mistake in this coding I skipped html part for page input design as I want to know the php part only,
, Im trying to use this for users to enter the username and password to login to the website and this particular website should be password protected password
<?php>
if isset($_POST=['submit']));
{
$inputuser = $_POST['user'];
$inputpass = $_POST['pass'];
$user = "root";
$password = "";
$database = "Tutorial";
$connect = mysql_connect("localhost",$user,$password);
#mysql_select_db($database) or ("database not found");
$query = " SELECT * FROM 'users' WHERE 'user' = i $inputuser";//for query specific data
$querypass = "SELECT * FROM 'users' WHERE 'user' = $ i $inputpass'";
$result = mysql_query($query);
$resultpass = mysql_query($querypass);
$row = mysql_fetch_array($result);
$rowpass = mysql_fetch_array($resultpass);
$serveruser = $row["user"];
$serverpass = $row["password"];
if($serveruser&&$serverpass){
if (!$result) {
die("username and password is invalid");
}
echo "<br> <center>database output</b></center><br><br>";
mysql_close();
echo $inputpass;
echo $serverpass;
if ($inputpass == $serverpass) {
header('location: Home.php');
} else {
header('location: fail.php');
}
}
try this way:
$query="SELECT * FROM users WHERE user='" . mysql_real_escape_string( $inputuser ) . "' AND psw='" . mysql_real_escape_string( $inputpsw ) . "'";
$qr=mysql_query($query) or die (mysql_error());
if(mysql_num_rows($qr)>0) //admitting that usernames and psw are unique
{
//success
header('location:home.php');
}
else //no rows=no username responding to $inputusername
{
header('location:fail.php');
}
I am newbie to php and I was just building simple login page with php here is my code:
<?php
$username=$_POST['uname'];
$password=$_POST['pass'];
$con=mysqli_connect("localhost","root","","myblog");
$sql="SELECT username,password FROM users WHERE username='$username' AND password='$password'";
if(mysqli_query($con,$sql)) {
echo "login successful";
} else {
echo "login failed";
}
?>
The problem is I am getting "login successful" message even with the wrong credentials(random inputs).
Please someone guide me.
you dont have to check if query was succesfull, but if result has some rows..
$answer = mysqli_query($con,$sql)
if( mysqli_num_rows($answer)>0 ) { ... there is such record... }
try this
<?php
include "connect.php";
if ($_SERVER['REQUEST_METHOD'] == "POST"){
$email = filter_var( $_POST['email'] , FILTER_SANITIZE_EMAIL) ;
$password = $_POST['password'] ;
$token = $_POST['token'] ;
$stmt = $con->prepare("SELECT * FROM users WHERE email = ? AND password = ?") ;
$stmt->execute(array($email , $password));
$user = $stmt->fetch() ;
$row = $stmt->rowcount() ;
if ($row > 0) {
$id = $user['id'] ;
$stmt2 = $con->prepare("UPDATE users SET token = ? WHERE id = ? ") ;
$stmt2->execute(array($token , $id )) ;
$ username = $user['username'] ;
$email = $user['email'] ;
$password = $user['password'] ;
echo json_encode(array('id' => $id , 'username' => $username ,'email' =>
$email ,'password' => $password , 'status' => "success"));
}else {
echo json_encode (array('status' => "faild" , 'email' => $email ,
'password' => $password) );
}
}
?>
try this
you have to check whether result produced or not ... Instead of query correct or not..
<?php
$username=$_POST['uname'];
$password=$_POST['pass'];
$con=mysqli_connect("localhost","root","","myblog");
$sql="SELECT username,password FROM users WHERE username='$username' AND password='$password'";
$result =mysqli_query($con,$sql);
$count = mysqli_num_rows($result);
if($count>0)
{
echo "login successful";
}
else
{
echo "login failed";
}
?>
Try to do it like this. use mysqli_num_rows()
$result = mysqli_query($con,$sql);
if(mysqli_num_rows($result) >0){
echo "login successful";
}else {
echo "login failed";
}
try this
<?php
$username=$_POST['uname'];
$password=$_POST['pass'];
$username = mysql_real_escape_string(stripslashes($username));
$password = mysql_real_escape_string(stripslashes($password));
$con=mysqli_connect("localhost","root","","myblog");
$sql="SELECT username,password FROM users WHERE username='$username' AND password='$password' LIMIT 1 ";
$result = mysqli_query($con,$sql);
if($row = mysqli_fetch_assoc($result))
{
echo "login successful";
}
else
{
echo "login failed";
}
?>
Your Condition is not proper, also use LIMIT 1 whenever you trying to fetch exact one result.
You should pass your post variable through mysql_real_escape_string and stripslashes to prevent from sql injections
As a task my teacher has given me (highschool year 10) to create a login form using html and php as we have just started to learn PHP i have made progress and this is my first attempt. I will go into more secure options later.
<?PHP
//Create the connection…
//("where the database is", 'Database login' , 'database password' , "Database name")
$con=mysqli_connect("", 'root', 'root', "Social");
//Check our connection…
if (mysqli_connect_errno($con))
{
echo " Sorry Mate";
}
$username = $_POST[username];
$password = $_POST[pawd];
$result = mysqli_query($con, "SELECT * FROM User_info");
$row = mysqli_fetch_array($result);
$value = $row['username'];
if($value == "$username")
{
$result = mysqli_query($con, "SELECT * FROM User_info");
$row = mysqli_fetch_array($result);
$value = $row['password'];
if($value == "$password")
{
$sql=("UPDATE user_check SET user = '1' ");
$sql=("UPDATE user_check SET name = '$username' ");
header( 'Location: feed.php' ) ;
}
else
{
header( 'Location: social.php' ) ;
}
}
else
{
header( 'Location: social.php' ) ;
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
?>
Where it says
$sql=("UPDATE user_check SET user = '1' ");
$sql=("UPDATE user_check SET name = '$username' ");
The first one will work and update the database to 1 however the second one doesn't i have checked the name of the column changed the name of the variable $sql and $username and it still won't work is there any suggestions? Thankyou in advance :D
You first compare $_POST['username'] to the username column from the result, but then you try to update the name column in the database. My guess is that:
$sql = ("UPDATE user_check SET name = '$username' ");
should be:
$sql = ("UPDATE user_check SET username = '$username' ");
This looks strange:
$sql=("UPDATE user_check SET user = '1' ");
$sql=("UPDATE user_check SET name = '$username' ");
The second line will overwrite the value stored in the previous first one.
Try putting a
die($sql)
before the line where you call the SQL, to see if what you think you are running is what you are running.
How would I make this work, I asked before and didn't get a correct answer. This code is the user login, so when they log in I want username and avatar to be trackable through out the site. So far I just have username. I have tried methods and have failed every time.
$username = $_POST['username'];
$password = sha1($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $sql) or die('Error querying database.');
$count=mysqli_num_rows($result);
if ($count == 1)
{
$row = mysqli_fetch_array($result);
while ($_SESSION['username'] = $row['username'])
{
session_start();
header('Location: index.php');
}
}
else
{
echo 'Invalid Logins';
}
mysqli_close($conn);
?>
Supposing you have avatar stored in the avatar field in the database:
if ($count == 1)
{
session_start();
$row = mysqli_fetch_array($result);
$_SESSION['username'] = $row['username'];
$_SESSION['avatar'] = $row['avatar'];
header('Location: index.php');
}
else
{
echo 'Invalid Logins';
}