PHP & MySql Login Error

Question

0.00/5 (No votes)

See more:

I have created a PHP & MySql login but its not working. Like if i put right or wrong username/password Its showing "Wrong Username or Password" everytime.

here is my coding.

Login.html form coding

XML

<form id="form1" name="form1" method="post" action="login.php">
          <div class="form-group col-md-6">
              <label class="sr-only" for="exampleInputEmail1">User Name: *</label>
              <input required type="text" class="form-control" id="username" name="username" placeholder="User Name: *">
            </div>
<div class="form-group col-md-6">
              <label class="sr-only" for="exampleInputEmail1">Password: *</label>
              <input required type="password" class="form-control" id="password" name="password" placeholder="Password: *">
            </div>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            <input id="submit" type="submit" class="btn btn-lg btn-primary" value="Submit" style="width: 130px">
          Forgot Username or Password ?</form></div>

login.php page coding

PHP

<?php
session_start();

ob_start();

$conn = mysqli_connect("localhost","root","","hct_db");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
 // Define $myusername and $mypassword
$username=$_POST['username'];
$password=$_POST['password'];


// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
$sql="SELECT username, password FROM admin ORDER BY username";
$result=mysqli_query($conn,$sql);

// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:admin/index.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>

Please Help ME

Posted 10-Sep-14 22:49pm

Member 10551326

Updated 5-Aug-21 2:45am

Add a Solution

Comments

Nelek 11-Sep-14 4:53am

Have you checked if the place where you are saving the user/pass to be searched on login is right?

2 solutions

Solution 2

<?php

	$username=$_POST['username'];
	$password=$_POST['password'];

	
	include 'connection.php';

	$sql="SELECT * FROM user WHERE username='$username' AND password='$password'";

	$query=mysqli_query($con,$sql);

	$count=mysqli_num_rows($query);


	if ($count==0)
	 {
		echo "Sorry Username or Password Wrong or BLocked";
	}

Posted 26-Nov-20 6:00am

Thiru Kanesh

Updated 26-Nov-20 6:01am

v2

Comments

Dave Kreskowiak 26-Nov-20 12:34pm

Saving passwords in clear text in the database is a horrible solution.

Richard Deeming 27-Nov-20 8:09am

Especially when combined with the SQL Injection vulnerability.

CHill60 27-Nov-20 3:53am

Absolutely the wrong way to go about this (as is the accepted solution). For a better way of handling passwords see Password Storage: How to do it.[^]

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

ChauhanAjay · Accepted Answer · 2014-09-10T22:59:00

Please check this

PHP

<?php
session_start();
 
ob_start();
 
$conn = mysqli_connect("localhost","root","","hct_db");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
 // Define $myusername and $mypassword
$username=$_POST['username'];
$password=$_POST['password'];
 

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
$sql="SELECT username, password FROM admin where username='".$username."' and password='".$password."'";
$result=mysqli_query($conn,$sql);
 
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
 
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
 
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:admin/index.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>