"Unknown" error in PHP form

Question

"Unknown" error in PHP form

Navigation

#1 by (1 votes)
#2 by (0 votes)

0

I have a php that is connected to a BD Mysql and that its function is a login , the problem is that it always shows me that the user or password they are incorrect even if they are not.

I leave you the PHP

   <?php
session_start();
?>

<?php

$host_db = "localhost";
$user_db = "u268055042_audit";
$pass_db = "auditorioandroid";
$db_name = "u268055042_audit";
$tbl_name = "tbl_login";

$conexion = new mysqli($host_db, $user_db, $pass_db, $db_name);

if ($conexion->connect_error) {
 die("La conexion fallÃ³: " . $conexion->connect_error);
}

$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM $tbl_name WHERE email = '$username'";

$result = $conexion->query($sql);


if ($result->num_rows > 0) {     
 }
 $row = $result->fetch_array(MYSQLI_ASSOC);
 if (password_verify($password, $row['password'])) { 

    $_SESSION['loggedin'] = true;
    $_SESSION['username'] = $username;
    $_SESSION['start'] = time();
    $_SESSION['expire'] = $_SESSION['start'] + (5 * 60);

    echo "Bienvenido! " . $_SESSION['username'];
    echo "<br><br><a href=panel-control.php>Panel de Control</a>"; 

 } else { 
   echo "Username o Password estan incorrectos.";

   echo "<br><a href='login2.html'>Volver a Intentarlo</a>";
 }
 mysqli_close($conexion); 
 ?>

Table tbl_login

mysql php login

asked by Ashley G. 23.01.2017 в 14:23

source

2 answers

0

Why do you not better validate the password directly in query? and thus you avoid double validation with PHP.

 <?php
    session_start();

    $host_db = "localhost";
    $user_db = "u268055042_audit";
    $pass_db = "auditorioandroid";
    $db_name = "u268055042_audit";
    $tbl_name = "tbl_login";

    $conexion = new mysqli($host_db, $user_db, $pass_db, $db_name);

    if ($conexion->connect_error) {
     die("La conexion fallÃ³: " . $conexion->connect_error);
    }

    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql = "SELECT * FROM $tbl_name WHERE email = '$username' AND password = '$password'";

    $result = $conexion->query($sql);

    if ($result->num_rows > 0) {
      $_SESSION['loggedin'] = true;
        $_SESSION['username'] = $username;
        $_SESSION['start'] = time();
        $_SESSION['expire'] = $_SESSION['start'] + (5 * 60);

        echo "Bienvenido! " . $username;
        echo "<br><br><a href=panel-control.php>Panel de Control</a>";

     }
     else { 
       echo "Username o Password estan incorrectos.";

       echo "<br><a href='login2.html'>Volver a Intentarlo</a>";
     }
     mysqli_close($conexion); 
     ?>

answered by 23.01.2017 в 15:50

checkbox: checked change the color background jQuery Pressing a button from another Form in C # [duplicated]

score 1 · Accepted Answer

check if your query prints any data, if you return one, the rest of the code will save it within your second if, that is inside of this

if ($result->num_rows > 0) {    
// aqui va el resto del codigo para que se cumpla la condicion 
 }

so that your general code can look something like this ....

<?php
session_start();

$host_db = "localhost";
$user_db = "u268055042_audit";
$pass_db = "auditorioandroid";
$db_name = "u268055042_audit";
$tbl_name = "tbl_login";

$conexion = new mysqli($host_db, $user_db, $pass_db, $db_name);

if ($conexion->connect_error) {
 die("La conexion fallÃ³: " . $conexion->connect_error);
}else{
    $username = $_POST['username'];
    $password = $_POST['password'];
    $sql = "SELECT * FROM $tbl_name WHERE email = '$username'";
    $result = $conexion->query($sql);
}

if ($result->num_rows > 0) {  
    $row = $result->fetch_array(MYSQLI_ASSOC);
    if (password_verify($password, $row['password'])) { 

        $_SESSION['loggedin'] = true;
        $_SESSION['username'] = $username;
        $_SESSION['start'] = time();
        $_SESSION['expire'] = $_SESSION['start'] + (5 * 60);

        echo "Bienvenido! " . $_SESSION['username'];
        echo "<br><br><a href=panel-control.php>Panel de Control</a>"; 

     } else { 
       echo "Username o Password estan incorrectos.";

       echo "<br><a href='login2.html'>Volver a Intentarlo</a>";
     }
mysqli_close($conexion); 
 }
 ?>

verify that friend, I hope I have helped you