showing wrong password or username even though it is correct password or username
Question
I'm creating login form using AJAX, i,m trying to make it work from 4 days but unable to do so in this i have few issues ie, if i enter Valid username & password also then also its not getting logged in to the page, i don know where im going wrong please can any one find it out where im going wrong, it would be really very help full.
login.php
<?php
session_start();
$mysqli = mysqli_connect("localhost","root","","ajax1");
?>
<!DOCTYPE HTML>
<html>
<head>
<title> login script with ajax</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
</head>
<body style="background-color:#b3ffff">
<div style="padding-left:500px ; padding-top:200px">
Username: <input id="username" type="text" name="username" placeholder="username"><br><br>
Password: <input id="password" type="password" name="password" placeholder="Password"><br><br>
<input id="submit" name="submit" type="button" value="Log In">
<p style="color:black">Havent Registered? <a href="index.php">Register</a>.</p><br><br>
<div id="display" style="color:red"></div>
<script>
$(document).ready(function(){
$("#submit").click(function(){
var password = $("#username").val();
var password = $("#password").val();
var datastring = 'username=' + username + '&password=' + password;
if(username=='' || password==''){
$("#display").html("Please Enter All The Fields");
}
else{
$.ajax({
type: "POST",
url: "success.php",
data: datastring,
cache: false,
success: function(result){
$("#display").html(result);
window.location = "welcome.php";
}
});
}
return false;
});
});
</script>
</div>
</body>
</html>
success.php
<?php
$mysqli = mysqli_connect("localhost","root","","ajax1");
session_start();
if (isset($_SESSION['id'])){
header('location:welcome.php');
}
$myusername = mysqli_real_escape_string($mysqli,$_POST['username']);
$mypassword = mysqli_real_escape_string($mysqli,$_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$myusername' AND password='$hashed_password'";
$result = mysqli_query($mysqli,$sql);
$row = mysqli_fetch_array($result);
$hashed_password=$row['password'];
if(password_verify($mypassword, $hashed_password)) {
$_SESSION['login_user'] = $myusername;
//$_SESSION['id']=$row['userid'];
echo'Successfully Registered';
exit();
}
else
{
echo'Invalid username or password';
}
?>
welcome.php
<?php
session_start();
if (!isset($_SESSION['id'])) {
header('location:login.php');
}
?>
<!DOCTYPE html>
<html>
<body>
<div style="Padding-left:200px; padding-top:100px">
<?php
$mysqli = mysqli_connect("localhost","root","","ajax1");
$query=mysqli_query($mysqli,"select * from `users` where userid='".$_SESSION['id']."'");
$row=mysqli_fetch_array($query);
echo 'Welcome - '.$row['username'];
?>
<!--br><br>
<a href="logout.php">Logout</a>
<br><br-->
</div>
</body>
</html>
3 answers
solution1
2 2018-06-11 08:15:02
remove AND password='$hashed_password'
from
$sql = "SELECT * FROM users WHERE username = '$myusername' AND password='$hashed_password'";
just check whether the username exists
using
$sql = "SELECT * FROM users WHERE username = '$myusername'";
and then check the password using password_verify()
change your
password_verify(){
echo 'success';
}else{
echo 'error';
}
and in ajax
success:function(data){
if(data.trim() == 'success'){
window.location.href='success.php'
}else if(data.trim()== 'error'){
///use some javascript to display the error message
}
}
solution2
1 ACCPTED 2018-06-11 08:34:51
In your submit function on your login.php you have set the your variables wrong. Change them to this:
var username = $("#username").val();
var password = $("#password").val();
After you do that, do what v Sugumar suggested in his answer.
solution3
1 2018-06-11 09:17:28
You have defined password twice instead of Username.
var password = $("#username").val();
var password = $("#password").val();
Correct this and check your code again.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.