CaptainDanTheMan Posted January 18, 2017 Share Posted January 18, 2017 Im new to PHP and im trying to code a developer password on my website. The issue im having is that it continues to login with any password. How can I fix this? The Current password I have set in 12345. It even logins with nothing entered. Here is the Code for my login checker - <html> <head> <title>Login Check</title> <link rel="stylesheet" href="style.css"> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> </head> <body> <?php $host="localhost"; $username="root"; $password="password"; $db_name="mydb"; $tbl_name="dev"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $mypassword=$_POST['mypassword']; $mypassword = stripslashes($mypassword); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE password='$mypassword'"; $result=mysql_query($sql); if($mypassword == $password){ $_SESSION['password']= $mypassword; header("location:index2.php"); } else { echo "Wrong Password"; } ?> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/302959-wrong-password/ Share on other sites More sharing options...
Jacques1 Posted January 18, 2017 Share Posted January 18, 2017 The code has so many problems that I would just throw it away and start over, this time with the technology of the 21st century. The mysql_* functions are dead. They've been obsolete for more than a decade and have already been removed from the current PHP version. We use PDO now. stripslashes() is even more dead. The last time it made sense was somewhere in the 90s, but even that it was an awful hack to work around design errors of PHP. Plaintext passwords? C'mon, this isn't 1980. Nowadays, we use password hash algorithms like bcrypt. Stop telling your users about your database errors. They cannot do anything with this information. So wherever you've learned PHP, you definitely need a better resource. Quote Link to comment https://forums.phpfreaks.com/topic/302959-wrong-password/#findComment-1541539 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.