CODEWITHSUNDEEP
phphtmlmysqlverify
swimmerbhs
swimmerbhs

Reputation: 21

php mysql not checking username and password on users table

The Sign in page does not seem to be working like it should. It wont verify the username and password on the Users table so it will not allow for log in.

PHP 

 if(isset($_POST['submit']))
 {
     $userName=$_POST['userName'];
     $passWord=$_POST['passWord'];
     $result=mysqli_query($con,"select *from Users where `userName` ='$userName' and `passWord` ='$passWord'");
     if($result)
     {
          //echo "Successfully deleted".$id;
          $count=mysqli_num_rows($result);       
          //echo $count;
     }
     if($count==1)
     {
          $_SESSION['username']=$username;
          $_SESSION['passWord']=$passWord;
          header("location:users.php");
     }
     else
     {      
          header("location:index.php");  
     }
 }
 ?>

HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <link href="index.css" rel="stylesheet" type="text/css" />
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Sign in</title>
</head>
<body>
  <div id="signin">
    [ <a href="signup.php">Sign Up</a> ]
    [ <a href="signin.php">Sign In</a> ]
  </div>
  <div id="clear"></div>
  <div class="navbar">
    <ul>
      <li><a href="concerts.php" target="_self">Concert</a></li>
      <li><a href="restaurants.php" target="_self">Restaurant</a></li>
      <li><a href="sports.php" target="_self">Sports</a></li>
    </ul>
  </div>
  <form name="signin" method="post" action="signin.php" id="form">
    Member Login <br /><br />
    Username<input name="userName" type="text"><Br />
    Password</td><input name="passWord" type="password"><br /><br />
    <input type="submit" name="submit" value="submit">
  </form>
</body>
</html>

This code is not getting the id_cust from the users table to store in the $id It is getting the right username from the signin page 

<?php 
$result=mysqli_query($con, "select * from Users where `userName` ='$userName'");
$row = mysqli_fetch_array($result);
$id = $row['id_cust'];

http://pastebin.com/RmBz1yL0

Upvotes: 0

Views: 1843

Answers (2)

Jay Bhatt
Jay Bhatt

Reputation: 5651

Try changing your code to below.

 if($result)
        {
            //echo "Successfully deleted".$id;
            $count=mysqli_num_rows($result);       
            //echo $count;

            if($count==1)
            {
                   $_SESSION['userName']= $userName;
                   $_SESSION['passWord'] = $passWord;
                  header("location:users.php");
           }
           else
           {      
                  header("location:index.php");  
           }

        }

Upvotes: 1

Albert221
Albert221

Reputation: 7092

select *from Users where `userName` ='$userName' and `passWord` ='$passWord'

replace with

select * from Users where `userName` ='$userName' and `passWord` ='$passWord'

Upvotes: 1

Related Questions