stackoom
  简体   繁体   中英

login error password and username combination

 原文  2018-11-09 04:10:23       php/ mysql

Question

<?php
session_start();

$db =mysqli_connect("localhost", "root", "","registration" );
if (isset($_POST['login_btn'])){
    $username = mysql_real_escape_string($_POST ['username']);
    $password = mysql_real_escape_string($_POST ['password']);

    $password= md5($password);
    $sql = "SELECT * FROM users WHERE username= '$username' AND password= '$password'";
    $result = mysqli_query($db, $sql);
if(mysqli_num_rows($result) == 1 ){
$_SESSION['message']= "You are now logged in";
$_SESSION['username'] = $username;

header("Location: home.php");
}else{
    $_SESSION['message'] = "Username and  password combination is incorrect";
}

}
?>

<html>
<head>

</head>
<body>
<div class="header"> <h1>login</h1></div>

<?php
if (isset($_SESSION['message'])){
    echo "<div id = 'error_msg>".$_SESSION['message']."</div>";
    unset($_SESSION['message']);
}
?>

<form method="post" name="loginform" action="login.php">
    <table>
        <tr>
            <td> Username:</td>
            <td><input type = "text" name="username" placeholder="Username" class="textInput"  required></td>
        </tr>

        <tr>
            <td> Password:</td>
            <td><input type = "password" placeholder="Password"  name="password" class="textInput" required></td>
        </tr>

        <tr>
            <td></td>
            <td><input type = "submit" name="login_btn" value="Login"></td>
        </tr>
    </table>
</form>
</body>

</html>

Hi guys, this is my login page with PHP. Apart from logging in it allows passwords which are not the same. According to the code its set to check if the two passwords are matching and if they aren't, it displays an error.

This one doesn't display an error even if the two passwords don't match. Why does it allows a user to log in with wrong passwords??

I want it to display an error when passwords don't match and in return doesn't allow logging in because of wrong credentials.

1 answers

solution1
 0  2018-11-09 04:39:24

You are not using mysql_real_escape_string properly. You should use either mysqli_real_escape_string or use mysql_connect to connect to MySQL.

mysql_real_escape_string 's second parameter is assumed automatically if mysql_connect is used, but you are using mysqli_connect instead, that's why it's not finding any connection.

From pph website it states:

The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() had been called with no arguments. If no connection is found or established, an E_WARNING level error is generated.

Reference: http://php.net/manual/en/function.mysql-real-escape-string.php

Try changing

 $username = mysql_real_escape_string($_POST ['username']);
 $password = mysql_real_escape_string($_POST ['password']);

to

$username = mysqli_real_escape_string($db, $_POST ['username']);
$password = mysqli_real_escape_string($db, $_POST ['password']);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Email/Username combination is incorrect error in login system Php login error password or username wrong Error username and password on Android login page with MySQL Login system password and username PHP Login with Username/Password Wrong error message when login even username and password is correct Users login not working, showing error “incorrect username or password” Joomla Login error: 500 when the username and password this incorrect Codeigniter Login System Error when match with username and password Curl post username/password to login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM