EddNicks Posted July 15, 2015 Share Posted July 15, 2015 Hello, I have been coding little bits and bobs for a little while now. But i have come across a problem that i can't think how i can solve it. I have a login system form a tutorial online but i would like the use to be able to login with an email address instead of a username. I have managed to get this to work with a basic email like... edd@edd.com, but when i have an email will numbers (e.g. edd123@edd.com) then the login system will not work. I am sure that i have seen some sort of code that stops the input field from affecting the search to MYSQL. Here is my code... <? session_start(); ?> <html> <head> <title>Login</title> </head> <body> <?php if (!isset($_POST['submit'])){ ?> <!-- The HTML login form --> <center> <br /><br /><br /><br /> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> Email: <br /> <input type="text" name="username" /><br /><br /> Password: <br /> <input type="password" name="password" /><br /> <input type="submit" name="submit" value="Login" /> </form> </center> <?php } else { require_once("db_const.php"); $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT * from traders WHERE pemail LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1"; $result = $mysqli->query($sql); if (!$result->num_rows == 1) { echo "<p>Invalid email/password combination</p>"; } else { $_SESSION['useremail'] = $username; echo $_SESSION['useremail']; echo("<h1>Welcome To The TAW Bunker</h1>"); echo "<p>Logged in successfully</p>"; // do stuffs } } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
scootstah Posted July 15, 2015 Share Posted July 15, 2015 Couple things: 1. Do not use $_SERVER['PHP_SELF'] as the form action, because it can be manipulated and is not safe. If you want to POST to the same page then just leave the action attribute out completely. <form method="post">2. You need to escape user input when you put it in a query, otherwise you are vulnerable to SQL injection. The easiest way is this, although I'd recommend you learn how to do prepared statements since you're already using MySQLI.$username = $mysqli->real_escape_string($_POST['username']); $password = $mysqli->real_escape_string($_POST['password']);3. Do not store passwords in plaintext in the database. Bad. You need to hash them with a secure hashing algorithm. PHP>=5.5 has this built in, with password_hash() and password_verify(). 4. You don't use LIKE for this purpose. Your WHERE clause should look like: WHERE pemail = '{$username}' AND password = '{$password}'Other than that, I don't see anything that would make your email not work. Logging in with email as the username is exactly the same as logging in with a username as a username. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted July 16, 2015 Share Posted July 16, 2015 you need to determine why your login code isn't matching a row in your database table by actually investigating what is happening in your code and in your data. is the registration code doing anything to the email address? when you look directly at the data in your database table (using phpmyadmin or a similar tool) what is stored for the email in the case where it doesn't match? any chance you accidentally entered a space or other white-space character before or after the email address when you registered it, but not when trying to log in? Quote Link to comment Share on other sites More sharing options...
EddNicks Posted July 16, 2015 Author Share Posted July 16, 2015 hello, I have worked out the issue.... The automated password generator i have puts a space at the end of it... $randomgen = mt_rand() . "\n"; echo mt_rand(10); I presume i may need to remove the "\n" ?? Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted July 16, 2015 Share Posted July 16, 2015 (edited) you could always make the change you have theorized will correct the problem, perform a test, and observe the results to see if the experiment proves or disproves your theory about the cause of the problem - https://en.wikipedia.org/wiki/Scientific_method Edited July 16, 2015 by mac_gyver Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.