I would like to indicate some things regarding your code:
- According to the logic of it, you do not really need the columns, but verify that the user exists . Obtaining the columns is not of any use for this case, because then you do not use them at all ...
- If you want to do a verification and then redirect to another page, it would be best to do a row count.
- Your table
users may be confused with a possible table users of the system. I recently saw a question that failed for that reason. That is why it is not advisable to call our tables with names that could end up being confused with possible system tables. To avoid that, in this case I have enclosed the name of the table with identification quotes. It is advisable that you always do it, if you decide to stay with that table name.
- But, the most serious thing is that your code is your vulnerability in the face of SQL Injection.
- Another mistake was that you closed the resources after the redirection. It would not make sense, because you would be on another page and not within the scope of this script. The closure of resources must therefore be transferred.
I propose this solution, taking into account everything said above.
$usuario = $_POST['username'];
$clave = $_POST['password'];
$conexion = mysqli_connect("localhost", "root", "", "darkredc");
$consulta = "SELECT COUNT(*) FROM 'users' WHERE user=? and pass=?";
$filas=0;
if ($stmt = mysqli_prepare($conexion, $consulta)) {
mysqli_stmt_bind_param($stmt, 'ss', $usuario, $clave);
/* ejecutar la consulta */
mysqli_stmt_execute($stmt);
/* almacenar el resultado */
mysqli_stmt_store_result($stmt);
$filas=mysqli_stmt_num_rows($stmt);
/* cerrar la sentencia y la conexion*/
mysqli_stmt_close($stmt);
mysqli_close($conexion);
}
if ($filas == 1) {
session_start();
$_SESSION['login'] = 'true';
$_SESSION['user'] = $usuario;
header("location: panel.php");
} else {
echo "ERROR EN LA AUTENTIFICACION";
}
If you want to get values from certain columns, you can do it as indicated in the code below.
I have assumed that you have a column called id and another call email in your table. If it is not named like this, you must put the real name of these columns in SELECT .
I have not put your redirection header("location: panel.php"); in this second part of the code, because this code shows output on the screen. And when you use header , nothing on the screen can come out before him.
If you need the variables to use in the redirection, you must remove the printf("%s %s\n", $id, $email); , and you can make a call like this: $stmt->fetch(); instead of while . Then you can use the variables $id and $email in the redirection.
$usuario = $_POST['username'];
$clave = $_POST['password'];
$conexion = mysqli_connect("localhost", "root", "", "darkredc");
$consulta = "SELECT id, email FROM 'users' WHERE user=? and pass=?";
if ($stmt = mysqli_prepare($conexion, $consulta)) {
mysqli_stmt_bind_param($stmt, 'ss', $usuario, $clave);
/* ejecutar la consulta */
mysqli_stmt_execute($stmt);
/* mapear resultados a variables: dos columnas en el SELECT, dos variables */
mysqli_stmt_bind_result($stmt,$id, $email);
while (mysqli_stmt_fetch($stmt)) {
printf("%s %s\n", $id, $email);
}
/* cerrar la sentencia y la conexion*/
mysqli_stmt_close($stmt);
mysqli_close($conexion);
}