Sahil Anand
Reputation: 1
comparing form input to the database
file.html
<div id="id00" class="login">
<form class="modal-content animate" action="chat1.php" method="POST">
<div class="cross">
<span onclick="document.getElementById('id01').style.display='none'" class="close" title="Close Modal">×</span>
</div>
<div class="form">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" required>
<button type="submit">submit</button>
</div>
</form>
</div>
chat1.php
<?php
ob_start();
$username = "root";
$password = "";
$hostname = "localhost";
$dbname = "login";
$dbhandle = mysqli_connect($hostname, $username, $password, $dbname) or die("unable to connect to MySQL");
if(isset($_POST["username"],$_POST["password"]))
{
$user = $_POST["username"];
$pass = $_POST["password"];
$result1 = mysqli_query("SELECT password FROM login WHERE username = '".$user."'");
$result2 = mysqli_query("SELECT username FROM login WHERE password = '".$pass."'");
if($user == $result2 && $pass == $result1)
{
$_SESSION["logged_in"] = true;
$_SESSION["naam"] = $name;
}
else
{
echo "incorrect username/password";
}
}
?>
I need to check the username and password with the datatbase and allow login.In my code its always giving me incorrect. can anyone help me out?
enter code here
Upvotes: 0
Views: 64
Answers (2)
A B Catella
Reputation: 308
Please try this code
<?php
session_start();
$username = "root";
$password = "";
$hostname = "localhost";
$dbname = "login";
$dbhandle = mysqli_connect($hostname, $username, $password, $dbname) or die("unable to connect to MySQL");
if(isset($_POST["username"],$_POST["password"]))
{
$user = $_POST["username"];
$pass = $_POST["password"];
$result1 = mysqli_query("SELECT username, password FROM login WHERE username = '".$user."' and password = '".$pass."'");
if(mysqli_num_rows($result1))
{
$result = mysqli_fetch_row($result1);
$_SESSION["logged_in"] = true;
$_SESSION["naam"] = $result['username'];
$redirect="yoursuccessurl.php";
}
else
{
$redirect="yourfailureurl.php";
}
}
header("location: ".$redirect);
?>
Note all these codes are open to sql injection
Upvotes: 1
Mithilesh Gupta
Reputation: 2930
You never select username from password reason being: many users can have have same password and for security reasons passwords should be hashed and stored.
This line is a bad query.
$result2 = mysqli_query("SELECT username FROM login WHERE password = '".$pass."'");
What you should do is
$result1 = mysqli_query("SELECT password FROM login WHERE username = '".$user."'");
if($pass == $result1)
{
$_SESSION["logged_in"] = true;
$_SESSION["naam"] = $name;
}
Upvotes: 0
Related Questions
- How to compare User Input to Custom WordPress Database Table
- Check mysql DB on input using JS
- compare database entry with form
- PHP Validation from database
- How to compare form input with database record?
- Comparing a value inside database with input value
- Compare form data against database and perform an action
- Comparing PHP User input with a mysqli database
- How to check input values against SQL database BEFORE submission?
- The best way to compare a database row with a submitted form data