Mateusz Posted March 11, 2016 Share Posted March 11, 2016 (edited) So i made a login page, but whenever i enter right, wrong, or no password at all, it always displays wrong password. I've been trying to fix it for hours, but I just can't seem to find the error. It's like it's skipping if the password is right statement and goes straight through the else statment. <?php $connection = mysql_connect("com-db-02.student-cit.local","***","***") or die (mysql_error()); if ($connection) echo "Connection successful"; else echo "Connection failed"; $db = mysql_select_db("TEAM20") or die (mysql_error()); ?> <?php $_SESSION['customeremail'] = $_POST['user']; $_SESSION['password'] = $_POST['password']; function signIn() { session_start(); if(!empty($_POST['user'])) { $query = mysql_query("SELECT * FROM customer where customeremail = '$_POST[user]' AND password = '$_POST[password]'"); $row = mysql_fetch_array($query); if(!empty($row['customeremail']) AND !empty($row['password'])) { $_SESSION['customeremail'] = $row['customeremail']; getCustDetails(); echo "Successfully login to user profile page.."; echo "<a href=userlogin.php>Profile</a>"; } else { echo "Sorry... YOU ENTERED WRONG ID AND PASSWORD"; echo "<a href=login.html>Try Again</a>"; } } } function getCustDetails() { $queryId = mysql_query("SELECT customerID, firstname FROM Customer WHERE customeremail = '$_POST[user]'"); while($rowId = mysql_fetch_array($queryId)) { $_SESSION['customerID'] = $rowId['customerID']; $_SESSION['firstname'] = $rowId['firstname']; } echo "Code: ".$_SESSION['customerID']; echo "Name: ".$_SESSION['firstname']; } if(isset($_POST['submit'])) { signIn(); } ?> Edited March 11, 2016 by Barand Quote Link to comment Share on other sites More sharing options...
benanamen Posted March 11, 2016 Share Posted March 11, 2016 (edited) Stop what your doing right now! You are using mysql code that has been completely removed from Php. Take some time and study PDO and prepared statements. I wont even get into how ripe for an sql injection attack your code is. Trash it and dont look back. https://phpdelusions.net/pdo Edited March 11, 2016 by benanamen Quote Link to comment Share on other sites More sharing options...
Strider64 Posted March 11, 2016 Share Posted March 11, 2016 I would just like to add never store a password in a session ($_SESSION)! Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted March 11, 2016 Share Posted March 11, 2016 Did you check if there are any MySQL errors? http://php.net/manual/en/function.mysql-error.php At some point, you'll also want to make sure that PHP is showing all errors and warnings during the debugging process. To do that, you can add the following to the top of your script: <?php error_reporting(E_ALL); ini_set('display_errors', 1); ?> And in case you're not aware, you'll want to look into hashing the password. More information can be found here: http://php.net/manual/en/faq.passwords.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.