could not work even if i login with correct username and password

+1 weixun li · October 17, 2014
if( isset($_POST['username'],$_POST['password']) ){ //check if user type any thing in the field    
       
       $username = $_POST['username'];
       $password = $_POST['password']; // encrypt the password wth md5() to strings stored in database
       
       if ( empty($username) or empty($password) ){ // check if empty input
           
            $error = 'All fields are required!';
            
       }else {// no empty input
              
               
            $query = $pdo->prepare( "SELECT * FROM users WHERE user_name=? AND user_password=?" );
           
            $query->bindValue(1,$username);
            $query->bindValue(2,$password);
           
            $query->execute();
           
            $num = $query->rowCount(); // get the amount of rows
            
            if ( $num == 1 ){
                 // entered object/info is correct
                 $_SESSION['logged_in'] = true;   // login succcessfully
                 
                 header('Location: indexAdmin.php');  // reload to the admin page
                 exit();                              // exit this out to prevent the login form displaying

                 
            }else {
                // entered object/info is false
                 $error = 'Incorrect details';
            }
       }
   }  


?>
    
    <!-- login form -->     
    <!DOCTYPE html>
    <html>
     <head>
       <title>CMS development</title>
       <link rel="stylesheet" href="../assets/CMS_style.css" />   <!-- this file is not in the same directory as css file so need ../ -->
     </head>

     <body>
        <div class="container">
            <a href="indexAdmin.php">admin</a>
            <br /><br />
             
             <!-- display error message -->
            <?php if (isset($error)) { ?>
              <small style="color: #aa0000;"><?php echo $error; ?></small>
              <br /><br />            
            <?php } ?>
            
            
            <form action="indexAdmin.php" method="post" autocomplete="off">
                  <input type="text" name="username" placeholder="Username" />
                  <input type="password" name="password" placeholder="Password" />
                  <input type="submit" value="Login" />
               </form>   
        </div>
      </body>
    </html>


I don't know why it doesn't work expecially the hightlighted part.
can sb tell me why ???
PS: there is no problem with the phpMyAdmin database settings.

Post a Reply

Replies

Oldest  Newest  Rating
0 Ron Butcher · October 18, 2014
Ranie is correct.  You need to hash your password using the same steps you used to hash it and store it in the database originally before you run your query.
0 weixun li · October 21, 2014
yes @Ranie Santos 
I was using ------ echo md5('liweixun');
to echo out the hashed password "liweixun"
then print the hashed string 3eda8573ed3cff27f68abb1c3a75959b to my database,
and changed the code to  $password = md5($_POST['password']);
Am i correct, is that what you meant??????
But still cannot login correctly even there s no error with the syntax;
I don't know which part goes wrong.
0 Ron Butcher · October 23, 2014
Your are not using the session_start() function.

Set the first line of code, right after your opening <?php tag to read:
   
session_start();





Without starting the session, you cannot assign $_SESSION variables.  And remember, it must be on every page for the user to remain logged in.
  • 1

PHP

107,221 followers
About

Server-side, HTML embedded scripting language used to create dynamic Web pages.

Links
Moderators