<?php
session_start();
include("includes/db.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Login</title>
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/login.css">
</head>
<body>
<div class="container"><!-- container starts-->
<form class="form-login" action="" method="Post"><!-- form-login starts-->
<h2 class="form-login-heading"> Admin Login</h2>
<input type="text" class="form-control" name="admin_email" placeholder="Email Address" required>
<input type="password" class="form-control" name="admin_pass" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit" name="admin_login">
Log In
</button>
</form><!-- form-login ends-->
</div><!-- container ends-->
</body>
</html>
<?php
if(isset($_POST['admin_login']))
{
$admin_email=mysqli_real_escape_string($con,$_POST['admin_email']);
$admin_pass=mysqli_real_escape_string($con,$_POST['admin_pass']);
$get_admin="select * from admins where admin_email='$admin_email' AND admin_pass=' $admin_pass'";
$run_admin=mysqli_query($con,$get_admin);
$count=mysqli_num_rows($run_admin);
if($count==1){
$_SESSION['admin_email']=$admin_email;
echo"<script>alert('You are logged in into admin panel')</script>";
echo"<script>window.open('index.php?dashboard','_self')</script>";
}
else{
echo"<script>alert('Email Or password is wrong')</script>";
}
}
?>
I have a problem in my query. In my login panel when i write the email and password which I have stored in my database the if condition fails and the else portion of the code is run even if I use the same password and email which I stored in my database.
I've just noticed that your query:
$get_admin="select * from admins where admin_email='$admin_email' AND admin_pass=' $admin_pass'";
has a space before the $admin_pass variable is used.
Try adjusting this to:
$get_admin="select * from admins where admin_email='$admin_email' AND admin_pass='$admin_pass'";
There's a space in your query where you pass in the admin password:
"AND admin_pass=' $admin_pass'"
should be:
"AND admin_pass='$admin_pass'"
Rather than fixing this bug though you should make some more major changes:
mysqli_real_escape_string
which will help prevent SQL-I its quite error prone compared to using prepared statements. password_hash
to generate hashes: http://php.net/manual/en/function.password-hash.php and password_verify
to check them: http://php.net/manual/en/function.password-verify.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.