Jump to content

Why Won't my login page actually login?


slotegraafd
 Share

Recommended Posts

Hello, I am once again desperately asking for your help,

I am working on a simple login page and I am having trouble actually getting it  to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now

 

This is the code any suggestions would be greatly appreciated

<?php
    /*
    Name: Deanna Slotegraaf 
    Course Code: WEBD3201
    Date: 2020-09-22
    */

    $file = "sign-in.php";
    $date = "2020-09-22";
    $title = "WEBD3201 Login Page";
    $description = "This page was created for WEBD3201 as a login page for a real estate website";
    $banner = "Login Page";
    require 'header.php';

    $error = "";

    if($_SERVER["REQUEST_METHOD"] == "GET")
    {
        $username = "";
        $password = "";
        $lastaccess = "";        
        $error = "";
        $result = "";
        $validUser = "";
    }
    else if($_SERVER["REQUEST_METHOD"] == "POST")
    {        
    	$conn;
        $username = trim($_POST['username']); //Remove trailing white space
        $password = trim($_POST['password']); //Remove trailing white space

    if (!isset($username) || $username == "") {
      $error .= "<br/>Username is required";
    }
    if (!isset($password) || $password == ""){
      $error .= "<br/>Password is required";
    }
    if ($error == "") {
      $password = md5($password);
      $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
      $results = pg_query($conn, $query);
      //$_SESSION['username'] = $username;
        //$_SESSION['success'] = "You are now logged in";
        header('location: dashboard.php');
      }else {
        $error .= "Username and/or Password is incorrect";
      }

}

?>

<div class = "form-signin">
    <?php
             echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
    ?>
<form action = "<?php echo $_SERVER['PHP_SELF'];  ?>" method="post">

      <label for="uname"><b>Login ID</b></label>
      <input type="text" name="username" value="<?php echo $username; ?>"/>
      <br/>
      <label for="psw"><b>Password</b></label>
      <input type="password" name="password" value="<?php echo $password; ?>"/>
      <br/>
        <button type="submit" name="login_user">Login</button>
        <button type="reset">Reset</button></div>
</form>
</div>

<?php require "footer.php"; ?>

 

Link to comment
Share on other sites

22 minutes ago, Strider64 said:

Throw that in file 13 and look for a safe secure login using PDO (My Suggestion) or mysqli. I did a Google search and found this https://levelup.gitconnected.com/how-to-build-a-secure-login-page-in-php-954f51d08701 and I am sure there are many others out there. 

I'm required to use pgadmin, this is an assignment for school, all I am focusing on right now is trying to get it to login

Link to comment
Share on other sites

I dont' know what to try because I was certain this was the right code which it obviously isnt, I retrieved it from the data as in the code in the if statement but it doesnt check to see if the input is the right combination that is why I am asking for help because I do not know what to do with this

Link to comment
Share on other sites

33 minutes ago, slotegraafd said:

it doesnt check to see if the input is the right combination that is why I am asking for help because I do not know what to do with this

It should probably come as no surprise to learn that the answer is "to check if the input is the right combination".

You have a query that looks for matching username and password. What will happen if there is a match? What will happen if there is not a match? How can you get the code to tell which is happening?

Link to comment
Share on other sites

10 hours ago, requinix said:

It should probably come as no surprise to learn that the answer is "to check if the input is the right combination".

You have a query that looks for matching username and password. What will happen if there is a match? What will happen if there is not a match? How can you get the code to tell which is happening?

I know the answer is to check if the input is the right combination but I'm asking how you do that

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.