Jump to content

Recommended Posts

Im new to PHP and im trying to code a developer password on my website. The issue im having is that it continues to login with any password. How can I fix this? The Current password I have set in 12345. It even logins with nothing entered.  

 

Here is the Code for my login checker - 

 

<html>

 

<head>

 

<title>Login Check</title>

 

<link rel="stylesheet" href="style.css">

 

<meta charset="utf-8">

 

<meta name="viewport" content="width=device-width, initial-scale=1">

 


 


 


 

</head>

 

<body>

<?php

 

$host="localhost";

$username="root";

$password="password"; 

$db_name="mydb"; 

$tbl_name="dev";

 

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");

 

$mypassword=$_POST['mypassword']; 

 

$mypassword = stripslashes($mypassword);

$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE password='$mypassword'";

$result=mysql_query($sql);

 

if($mypassword == $password){

 

$_SESSION['password']= $mypassword; 

header("location:index2.php");

}

else {

echo "Wrong Password";

}

?>

</body>

 

</html>

Link to comment
https://forums.phpfreaks.com/topic/302959-wrong-password/
Share on other sites

The code has so many problems that I would just throw it away and start over, this time with the technology of the 21st century.

  • The mysql_* functions are dead. They've been obsolete for more than a decade and have already been removed from the current PHP version. We use PDO now.
  • stripslashes() is even more dead. The last time it made sense was somewhere in the 90s, but even that it was an awful hack to work around design errors of PHP.
  • Plaintext passwords? C'mon, this isn't 1980. Nowadays, we use password hash algorithms like bcrypt.
  • Stop telling your users about your database errors. They cannot do anything with this information.

So wherever you've learned PHP, you definitely need a better resource.

Link to comment
https://forums.phpfreaks.com/topic/302959-wrong-password/#findComment-1541539
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.