3
I created a login basic with php
for the site I’m developing, but when trying to log in occurs the following error "invalid username or password", this error is in the code, but I do not understand why it occurs, because I have already checked the database data, as user, password and name of the database, are all correct.
My code is like this:
login.php
<?php
$cnpj = $_POST['cnpj'];
$senha = $_POST['senha'];
$conexao = mysqli_connect('localhost','root','');
$db = mysqli_select_db($conexao, 'treinamentos') or print(mysqli_error());
$sql = "SELECT * FROM usuario WHERE cnpj = '$cnpj' AND senha = '$senha'";
$resultado = mysqli_query($conexao, $sql);
if (mysqli_num_rows($resultado) == 0) {
echo "Usuário ou senha não conferem" ;
echo '<br><br><a href="../index.html">Voltar</a>';
session_destroy();
}else {
header("Location:index.html");
}
?>
html form
<form method="POST" action="php/login.php">
<div class="row form-group">
<div class="col-md-12">
<label for="username">CNPJ</label>
<input type="text" class="form-control" id="cnpj" name="cnpj">
</div>
</div>
<div class="row form-group">
<div class="col-md-12">
<label for="password">Senha</label>
<input type="password" class="form-control" id="senha" name="senha">
</div>
</div>
<div class="row form-group">
<div class="col-md-12">
<input type="submit" class="btn btn-primary" value="Acessar" id="acessar" name="acessar">
</div>
</div>
</form>
If you have any idea what might be causing such a mistake, I’d appreciate any help.
Where does the variable n1 and N2 come from? Important parts of your.php check file were missing, put it there...
– LocalHost
I know it’s out of the question asked, but I think it’s important to remember. The variable
$cnpj
is entering the query without any kind of treatment, themysqli_*
is not magical and can remain as vulnerable as themysql_*
. Moreover would recommend changing therand()
, but this is not so important. Now about the problem is missing information in the code, such as the$n1
and$n2
.– Inkeliz
In the.php check, a snippet says: If (something) 'login not performed' and exit OR 'login not performed' and exit. One way or another, an error will be presented and kills the application there. It may not be the problem of the page, but there is an inconsistency there
– Rúbio Falcão
@Rubiofalcao, add it to the code so we can help better
– LocalHost
It’s not a formal answer, I just wondered you have an if that points to the same independent flow of evaluation
– Rúbio Falcão
Okay, I’ll add the missing part
– R.Gasparin
it is, if $n1 is different from $N2 Login not done but Login not done, both with Login not done. And there is an extra } in if Else.
– user60252
I changed the code so you can understand better.
– R.Gasparin
The parameters of
mysqli_select_db()
andmysqli_query()
are switched. The first parameter is always the$conexao
. Before editing this error did not exist.– Inkeliz
Okay, thanks. I’ll edit
– R.Gasparin
@Inkeliz It worked, I’ve even edited the question. If you want you can add the answer. Thanks for the help!
– R.Gasparin
@R.Gasparin good night, just by way of suggestion: as already mentioned, since you are using the
mysqli
, use theprepared statements
to sanitize the data entry in your query. The way it is, your code is susceptible to SQL Injection.– mrlew
Okay, I’ll take the suggestion. Thank you!
– R.Gasparin