stackoom
  简体   繁体   中英

Can't login for some reason into my project made with php and mysql

 原文  2021-11-10 20:06:27       php/ mysql

Question

So I am working on a project and I'm making an admin page, and everything was working fine until a moment ago, now when I try to log in it just puts me back into the login page every time and it doesn't even show "Login failed" so I don't think the password is the problem it doesnt let me enter the index page either can anybody explain or catch why it might not be logging me in.

Here is the registration page:

<?php
include("db.php");
include("header.php");
include("footer.php");
?>

<!-- REGISTRATION FORM -->

<div class="container">
    <div class="head" style="text-align:center">
        <h1>Register admin for VASMOVIES</h1>
    </div>
    <form action="registeradmin.php" method="POST">
  <div class="form-group">
    <label for="exampleInputEmail1">Username</label>
    <input type="text" name="username" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter username">
    <small id="emailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small>
  </div>
  <div class="form-group">
    <label for="exampleInputPassword1">Password</label>
    <input type="password" name="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
  </div>
  <button type="submit" name="submit" class="btn btn-primary">Submit</button>
</form>
</div>

<?php
if(isset($_POST['submit'])) {
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    $hash = password_hash('$password', PASSWORD_BCRYPT);
    
    $query = "INSERT INTO `admin`(`username`, `password`) VALUES ('$username','$hash')";
    $run = mysqli_query($con,$query);
    
    if($run){
        echo "Admin added";
    }
    else{
        echo "Something went wrong";
    }
}


?>

Heres the login page:

<?php
session_start();
include("header.php");
include("footer.php");
include("db.php");
?>

<div class="container">
    <div class="head" style="text-align:center">
        <h1>Login to VASMOVIES</h1>
    </div>
    <form action="login.php" method="POST">
  <div class="form-group">
    <label for="exampleInputEmail1">Username</label>
    <input type="text" name="username" class="form-control" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter username">
    <small id="emailHelp" class="form-text text-muted">We'll never share your information with anyone else.</small>
  </div>
  <div class="form-group">
    <label for="exampleInputPassword1">Password</label>
    <input type="password" name="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
  </div>
  <button type="submit" name="submit" class="btn btn-primary">Submit</button>
</form>
</div>

<?php

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    
    $query = "SELECT * FROM admin WHERE username = '$username'";
    $run = mysqli_query($con,$query);

    if(mysqli_num_rows($run)>0){
        while($row = mysqli_fetch_assoc($run)){
            if(password_verify($password, $row['password'])){
                $_SESSION['loginsuccesfull']=1;
                echo "<script>alert('Logged in successfully'); window.location.href='index.php'</script>";
                
            }
        }
    }
    else{
        echo "<script>alert('Failed to loggin');</script>";
    }
}

?>

And the index page:

<?php
session_start();
if(isset($_SESSION['loginsuccesfull'])){}
else {
    echo "<script>alert('You are not logged in');window.location.href='login.php'</script>";
}

include("db.php");
include("header.php");
include("footer.php");
?>

2 answers

solution1
 0  2021-11-10 20:17:43

You're only outputting an error message if the user does not exist. Your if-statement, where you check the password with password_verify , no else condition is provided. Therefore, nothing gets output. Change your code to this:

if(mysqli_num_rows($run)>0){
        while($row = mysqli_fetch_assoc($run)){
            if(password_verify($password, $row['password'])){
                $_SESSION['loginsuccesfull']=1;
                echo "<script>alert('Logged in successfully'); window.location.href='index.php'</script>";
            } else {
                echo "<script>alert('Failed to loggin');</script>";
            }
        }
    } else {
        echo "<script>alert('Failed to loggin');</script>";
    }

Also consider preparing your SQL statements, as Dharman explained in their comment.

solution2
 0  2021-11-10 20:25:56

The property window.location.href will redirect you to page that you set in it. When you log in successfully, system will redirect you to the index.php page. So you shouldn't automatically redirect to the login page, or use a session to know if the user is logged in and then don't redirect.

if(!$_SESSION['userLogged']) {
     header('Location: index.php');
}

Consider using header('Location: ...') insead of window.location.href in js

And second case that @stui mention.

Finally, consider using a framework because the website created in this way is exposed to hacking attacks and other problems of a novice user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can't Login into my Secure Login Script PHP and MySQL Can't install Laravel from my source vendor/autoload.php is not generated for some reason Can't login (MySQL, PHP) For some reason my PHP code isn't working Php login has error for some unkown reason PHP MySQL Insert to is not working for some reason For some reason my mysql wont insert Can't identify the MySQL error in a query that I made in PHP Can't login to my script in PHP Why can't I execute some trivial PHP code in my Laravel project?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM