Php login “Invalid username and password” using mysql
Question
I got 3 pages: success.html , login.php , checklogin.php . I also create a mysql database table called userInfo. The table "userInfo consist of 3 user: David, Jane, Richard . When I input the username and password using user David from userInfo then it direct to success.html and it will say "Login success". But when I input Mary for my username and mary for my password, it does not show me the message "Invalid Username and Password". The right output should have the message appeared on my browser because user Mary does not exist in the userInfo. But I don't know how to fix the problem.
Mysql Database "userInfo" :
Success.html :
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Login Success Page - 156020K</title>
</head>
<body>
Login Success!!
</body>
</html>
Login.php :
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
</head>
<body>
<?php
$url="http://localhost/156020K/Lab5?link=login.php";
if(isset($_GET['link']))
{
echo "Invalid Username and Password";
}
?>
<form action="checklogin.php" method="post">
Username:
<input type="text" name="uname">
<br/>
<br/>
Password:
<input type="password" name="pw">
<br />
<br />
<input type="submit" value="Login">
</form>
</body>
</html>
Checklogin.php :
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Check login</title>
</head>
<body>
<?php
if(isset($_POST["uname"]))
{
$u=$_POST['uname'];
$p=$_POST['pw'];
$conn=mysqli_connect("localhost", "root", "" , "db156020K");
$sql = "SELECT * FROM userInfo WHERE name='" .$u. "' AND pass='" .$p. "' ";
$search_result=mysqli_query($conn, $sql);
$userfound=mysqli_num_rows($search_result);
if($userfound >= 1)
{
header("Location: success.html");
}
else
{
header("Location: login.php");
}
}
mysqli_close($conn);
?>
</body>
</html>
And the url should have request from the specified resource then it will passed back to login page when the authentication fails, it should be like this "../login.php?uname=Mary&pw=mary"
My Output:
click output <--- Does not show the invalid message when the username and password does not create from the userInfo mysql database
1 answers
solution1
0 ACCPTED 2016-11-15 08:18:52
Well, in your login.php file, you use :
if(isset($_GET['link']))
{
echo "Invalid Username and Password";
}
to echo the error message, but in your checklogin.php file, you use :
header("Location: login.php");
to redirect if the login fails.
There is no $_GET parameter here, hence your error message will never bbe displayed. Try something like this for the redirect :
header("Location: login.php?link=whatever");
EDIT : Just saw this :
And the url should have request from the specified resource then it will passed back to login page when the authentication fails, it should be like this "../login.php?uname=Mary&pw=mary"
For this to happen, you have to use this redirect :
header("Location: login.php?uname=" . $u . "&pw=" . $p);
And check for these parameters in your login.php :
if(isset($_GET['uname']) && isset($_GET['pw']))
{
echo "Invalid Username and Password";
}
But keep in mind that it's never a good idea to send passwords, even wrong ones, by $_GET .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.