Password is empty click to login button automatically show next page, how to check password

Question

1.00/5 (1 vote)

See more:

PHP

real_escape_string($_POST['username']);
      $password = $con->real_escape_string(md5($_POST['password']));
      
  if (!empty($username) || !empty($password)) {
        $query  = "SELECT * FROM USERS WHERE username = '$username'";
        $result = $con->query($query);
        if($result->num_rows > 0){
            $row = $result->fetch_assoc();
            $_SESSION['ID'] = $row['id'];
            $_SESSION['ROLE'] = $row['role'];
            $_SESSION['NAME'] = $row['name'];
            header("Location:dashboard.php");
            die();                              
        }else{
          $errorMsg = "No user found on this username";
        } 
    }else{
      $errorMsg = "Username and Password is required";
    }
  }

What I have tried:

I was tried some code it does not work.

Posted 16-Jan-22 19:47pm

Member 11643092

Updated 16-Jan-22 21:30pm

Herman<T>.Instance

v2

Add a Solution

Comments

0x01AA 17-Jan-22 2:53am

Think about this...
if (!empty($username) || !empty($password)) {
....
if (!empty($username) && !empty($password)) {

Richard Deeming 17-Jan-22 5:42am

PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

Richard Deeming 17-Jan-22 5:42am

For password storage, use:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2022-01-16T20:49:00

Quote:
I was tried some code it does not work.

"It doesn't work" is probably the most useless problem report we get - and we get it a lot. It tells us nothing about what is happening, or when it happens.
So tell us what it is doing that you didn't expect, or not doing that you did.
Tell us what you did to get it to happen.
Tell us any error messages.

In this case, all you check for is that the username and password as entered by the user are no blank - you need to actually confirm that the password he entered matches the information stored in the DB for that specific username.

But that's not as simple as "is it the same?" becuas etehre are a lot of complications here, including some legal restrictions which could easily bankrupt you if you aren't careful enough because you have to store passwords in a "safe form". There is some information on how to do it here: Password Storage: How to do it.[^] - the code examples are all in C#, but the principle is the same in whatever language, so get the idea straight in your head, then google for PHP and password hashing and you should find loads of examples.

Just remember: this is web based so if you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.