Login script not authenticating

[omega1983]

<?php 

//check for required fields from the form

if ((!$_POST['username']) || (!$_POST['password'])) {

  header("Location: auth1.php");   //header("Location: auth1.php");

    

    exit;

//set authorization cookie

  

$servername = "localhost";
$username = "tmc_user50";
$password = "Atl_344";

// Create connection
$conn = mysqli_connect($servername, $username, $password);

$message="";
if(count($_POST)>0) {
    $conn = mysqli_connect("localhost","tmc_user50","Atl_344");
    $result = mysqli_query($conn,"SELECT * FROM admin2 WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
    $count  = mysqli_num_rows($result);
    if($count==0) {
        $message = "Invalid Username or Password!";
    } else {
        $message = "You are successfully authenticated!";
    }
}

}

?>

When I enter any username ad password the code from auth2.php (the code above allows a connection anyway) I am attempting to redirect users back to auth1 if there is an incorrect username or password

[Barand]

Define "allows a connection"

[benanamen]

So little code yet so much wrong.

1.  DO NOT USE PLAIN TEXT PASSWORDS. NOT NOW, NOT EVER!
2.  Use Prepared Statements - NEVER EVER put variables in your query.
3.  Do not SELECT *. Specify the column names you want
4.  You need to check the REQUEST METHOD, not count the POST array
5.  You have an extra closing curly bracket
6.  Do not post your database login credentials for the whole world to see

 

Edited September 29, 2020 by benanamen