php - User login (using sessions) trouble -
i'm trying make log in system users login on site. reason can't seem code identify user exists, thinks user doesn't exist in database when does. hoping on code , tell me if wrong, can't find errors.
also should mention i'm aware none of code safe or secure, leave way now.
here table information:
<!-- login form --> <div id="userlogin"> <form name="user_login" id="login" method="post" action="loginsf.php"> username : <input type="text" name="yourusername" id="username" ><br /> <span id="usernamewarnings" style="color:black"> </span> <br /> password : <input type="password" name="yourpassword" id="userpassword" > <br /> <span id="passwordwarnings" style="color:black"> </span> <br /> <input type="submit" value="login" onclick="return validateloginform()" > </form> </div> here php code loginsf.php: (updated sql fix) (problem still exists)
<?php session_start(); // starts session require_once 'databaselogin.php'; //login info $db_server = mysqli_connect($db_hostname, $db_username, $db_password, $db_database); //connection if(mysqli_connect_errno($db_server)) { echo "failed connect mysql: " . mysqli_connect_error(); } //$loggedin = mysqli_query($db_server,"select user_name members"); $username = $_post['yourusername']; $password = $_post['yourpassword']; $query = "select `user_name`, `password` `members` user_name='$username' , password='$password'"; $loggedin = mysqli_query($db_server, $query); // check username , password match if(mysqli_num_rows($loggedin) == 1) { echo "login successful"; } else { echo "login failed"; } ?>
users in database:
user_name password
tester345 tttttt
your code vulnerable. assume it's learning project
change
$query = "select 'user_name', 'password' `members` user_name='$username' , password='$password'"; to
$query = "select `user_name`, `password` `members` user_name='$username' , password='$password'";
Comments
Post a Comment