Login doesn't work (anymore)

anon80411031 · November 16, 2010, 2:03pm

Hi!

The problem with the login is that it’s possible to login also if the user enters a wrong password. Here’s the code:


<?php
if('POST' === $_SERVER['REQUEST_METHOD']){
  if(false === empty($_POST['username']) && false === empty($_POST['password'])){

    $conn = mysqli_connect('localhost', 'root', 'root', 'database_name');
    
    if(!$conn){
      echo 'Database Error: ' . mysqli_connect_error() ;
      exit;
    }
        
    $sql = sprintf(
      "SELECT username FROM utenti WHERE username = '%s' AND password = '%s' LIMIT 1",
      mysqli_real_escape_string($conn, $_POST['username']),
      mysqli_real_escape_string($conn, $_POST['password'])
    );
    
    $result = mysqli_query($conn, $sql);
    $username = $_POST['username'];
    
    /*if(mysqli_num_rows($result) != 0){
      session_start();
      $_SESSION['is_authorised'] = true;
      header('Location: indexcopia.php');
      exit;
    }*/
    
  }
}
?>

Thank you very much in advance!

DarthGuido · November 16, 2010, 2:12pm

You commented out the part where you check if the user/pw exists.
I don’t know how you check if someone has logged in?

anon80411031 · November 16, 2010, 2:54pm

I wonder how I couldn’t see that lol xD

Topic		Replies	Views
PHP Unable to login because of checking hatched password PHP	9	1439	April 7, 2021
PHP, mysqli login form - need help PHP	17	5783	May 11, 2017
Need some help with login system PHP	51	1951	March 4, 2010
Login doesn't work properly PHP	4	983	August 3, 2022
Login? PHP	5	699	October 8, 2014

Login doesn't work (anymore)

Related topics