0

I got a final project for my exam . I have to make a registration form and log in form , and then using php send tha data from registration to the database , and use it in logging . I've already done my registration , and it succesfully sends data to database . But i got a problem in login . It works if i send new data to database and write it down in input , but if i try to write old data it doesn't work , why ?

 <?php
        $link = mysqli_connect("localhost","root","root","test");
        if(isset($_POST['logg'])){
            $login = $_POST['login'];
            $pasw = $_POST['password'];
            if(empty($_POST['login'])||empty($_POST['password'])){
                echo '<script language="javascript">';
                echo 'alert("Lracnel dashty")';
                echo '</script>';
            }
            else {
                $sql = "SELECT  `login` ,  `password` 
                FROM  `contact_form` ";

                $result = mysqli_query($link,$sql);
                while ($lol = mysqli_fetch_assoc($result)) {
                    if($login==$lol['login']){
                        if($pasw==$lol['password']){
                            echo 'Welcome '.$lol['login'];

                        }
                        else{
                            echo 'Wrong password';

                        }
                    }
                    else{
                        echo 'Wrong login';
                        break;
                    }
                }
            }

        }
    ?>
Improve this question
5
  • 1
    To start with you should be using a WHERE clause in your SELECT to just pick out the person your looking for, secondly you should be using password_hash() to improve the password process. Commented Oct 26, 2018 at 16:51
  • How can i do it ? Plz couldya write it in code ? Commented Oct 26, 2018 at 16:54
  • Please help . I really need help Commented Oct 26, 2018 at 17:03
  • SELECT login, password FROM contact_form WHERE login = $login AND password = $password Commented Oct 26, 2018 at 17:06
  • Writing a login system is a huge responsibility, people are trusting you to protect their data and passwords. Using variables like $lol does not instil confidence. Commented Oct 26, 2018 at 17:47

2 Answers 2

Reset to default
2

I suggest you to use PDO to query the database, I've modified your code to add a WHERE clause and to use the password_verify() php function, this mean that you will hash your password before saving it into the database, you also need to sanitize your inputs before query the db.

<?php
        $link = mysqli_connect("localhost","root","root","test");
        if(isset($_POST['logg'])){
            $login = $_POST['login'];
            $pasw = $_POST['password'];
            if(empty($_POST['login'])||empty($_POST['password'])){
                echo '<script language="javascript">';
                echo 'alert("Lracnel dashty")';
                echo '</script>';
            }
            else {
                // Don't forget to sanitize your input before the query
                $sql = "SELECT  login, password 
                FROM contact_form WHERE login = $login ";

                $result = mysqli_query($link,$sql);
                while ($lol = mysqli_fetch_assoc($result)) {
                    if($login==$lol['login']){
                        if(password_verify($pasw, $lol['password'])){
                            echo 'Welcome '.$lol['login'];

                        }
                        else{
                            echo 'Wrong password';

                        }
                    }
                    else{
                        echo 'Wrong login';
                        break;
                    }
                }
            }

        }
    ?>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Fixes the password encoding problem, side-steps the issue of not using placeholder values and bind_param.
@tadman I use only PDO for my projects and it's a bit different from mysqli_ on the bind_param part of the code, this is why I've preferred to avoid including this modify inside the answer.
1

This worked fine for me. Make sure that all of your ifs are true.

$link = mysqli_connect("localhost","root","root","test");

if(isset($_POST['logg'])){
    $login = $_POST['login'];
    $pasw = $_POST['password'];
    if(empty($login)||empty($pasw)){
        echo '<script language="javascript">';
        echo 'alert("Lracnel dashty")';
        echo '</script>';
    }
    else {
        $sql = "SELECT  `login` ,  `password` FROM  `contact_form` WHERE login = '$login' AND password = '$pasw'";
        $result = mysqli_query($link,$sql);
        while ($lol = mysqli_fetch_assoc($result)) {
            if($login==$lol['login']){
                if($pasw==$lol['password']){
                    echo 'Welcome '.$lol['login'];
                }
                else{
                    echo 'Wrong password';
                }
            }
            else{
                echo 'Wrong login';
                break;
            }
        }
    }
}
Improve this answer

2 Comments

It works , but doesn't write wrong login , but i'll fix it myself
@Tiko yeah I change little bit of the code because I was testing things on my computer. Good luck with your assignment!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.