Reputation: 1311
Logging in with php using MySql database
I got a final project for my exam . I have to make a registration form and log in form , and then using php send tha data from registration to the database , and use it in logging . I've already done my registration , and it succesfully sends data to database . But i got a problem in login . It works if i send new data to database and write it down in input , but if i try to write old data it doesn't work , why ?
<?php
$link = mysqli_connect("localhost","root","root","test");
if(isset($_POST['logg'])){
$login = $_POST['login'];
$pasw = $_POST['password'];
if(empty($_POST['login'])||empty($_POST['password'])){
echo '<script language="javascript">';
echo 'alert("Lracnel dashty")';
echo '</script>';
}
else {
$sql = "SELECT `login` , `password`
FROM `contact_form` ";
$result = mysqli_query($link,$sql);
while ($lol = mysqli_fetch_assoc($result)) {
if($login==$lol['login']){
if($pasw==$lol['password']){
echo 'Welcome '.$lol['login'];
}
else{
echo 'Wrong password';
}
}
else{
echo 'Wrong login';
break;
}
}
}
}
?>
Upvotes: 0
Views: 392
Answers (2)
Reputation:
I suggest you to use PDO to query the database, I've modified your code to add a WHERE clause and to use the password_verify() php function, this mean that you will hash your password before saving it into the database, you also need to sanitize your inputs before query the db.
<?php
$link = mysqli_connect("localhost","root","root","test");
if(isset($_POST['logg'])){
$login = $_POST['login'];
$pasw = $_POST['password'];
if(empty($_POST['login'])||empty($_POST['password'])){
echo '<script language="javascript">';
echo 'alert("Lracnel dashty")';
echo '</script>';
}
else {
// Don't forget to sanitize your input before the query
$sql = "SELECT login, password
FROM contact_form WHERE login = $login ";
$result = mysqli_query($link,$sql);
while ($lol = mysqli_fetch_assoc($result)) {
if($login==$lol['login']){
if(password_verify($pasw, $lol['password'])){
echo 'Welcome '.$lol['login'];
}
else{
echo 'Wrong password';
}
}
else{
echo 'Wrong login';
break;
}
}
}
}
?>
Upvotes: 2
Reputation: 162
This worked fine for me. Make sure that all of your ifs are true.
$link = mysqli_connect("localhost","root","root","test");
if(isset($_POST['logg'])){
$login = $_POST['login'];
$pasw = $_POST['password'];
if(empty($login)||empty($pasw)){
echo '<script language="javascript">';
echo 'alert("Lracnel dashty")';
echo '</script>';
}
else {
$sql = "SELECT `login` , `password` FROM `contact_form` WHERE login = '$login' AND password = '$pasw'";
$result = mysqli_query($link,$sql);
while ($lol = mysqli_fetch_assoc($result)) {
if($login==$lol['login']){
if($pasw==$lol['password']){
echo 'Welcome '.$lol['login'];
}
else{
echo 'Wrong password';
}
}
else{
echo 'Wrong login';
break;
}
}
}
}
Upvotes: 1