Login condition with user or email in the same field

Asked

Viewed 1,156 times

5

I am creating a system for schools, where the teacher when registering enters data such as name, email, user and password. So far the teacher can log in with email, but I wish you could login with the name too(I made changes but this giving error because I do not know how to create the condition).

LOGIN PAGE:

<form method="post" action="login2.php">

  <div id="pagina">
  <p align="left">Digite seu Email:
  <input type="text" name="login" id="login"  value="" />
</p>

  <p>Digite sua senha:
  <input type="password" name="senha" id="senha" />

  </p>
  </p>
  <p>
  <input type="submit" class="tooltip-inner" value="Fazer Login" />
  <div id="erro">
  <?php echo isset($_REQUEST["erro"]) ? $_REQUEST["erro"]: ""?>
  </div>
  <a href="recuperacao.php">Esqueceu sua senha?</a>
  </p>
  <p>Não tem uma Conta?<a href="cadastro.php">Criar usuario. </a></p>
  <p>

  </p></form>

LOGIN CONFIRMATION PAGE:

    <?php
include "CONEXAO.php";

 $login= $_REQUEST["login"];
 $senha = $_REQUEST["senha"];

 $sql = "select * from professor where login= :email ou login= :usuario and senha= :senha";

 $result = $conexao->prepare($sql);
 $result ->bindValue(":email", $email);
$result ->bindValue(":usuario", $usuario);
 $result ->bindValue(":senha", $senha);
 $result ->execute();

 $qtde = $result->rowCount();

 if ($qtde ==1)
 {
     session_start();
     $linha = $result->fetch(PDO::FETCH_ASSOC);
     $_SESSION["cod.professor"] = $linha ["cod.professor"];
     $_SESSION["nome"] = $linha ["nome"];

     header("location: perfil.php");
 }
 else
 {
     header("location: login.php?erro=E-mail ou senha invalidos.");
 }

?>
  • No "or" condition in mysql, switch to "OR"

4 answers

5

When you have more than one valid condition, you usually use the OR, but you have to be careful with the grouping:

SELECT * FROM professores WHERE (:login=email OR :login=usuario) AND senha= :senha;

Without the parentheses you may have serious problems on one side of the OR validate only by login, without considering password when user is not provided:

SELECT * FROM professores WHERE :login=email OR :login=usuario AND senha= :senha;
--                              ^^^^^^^^^^^^
--                                    | Se isso for verdadeiro, o resto das condições
--                                    | acaba sendo ignorado e a pessoa loga sem senha


There’s a simpler way:

The simplest is to use the IN, And that goes for as many fields as you want:

SELECT * FROM professores WHERE :login IN (email, usuario) AND senha= :senha

Regardless of what was asked, storing password in DB is always a bad idea See more in the following links:

How to make encrypted password queries in the database?

How to hash passwords securely?

2

In your query try to do this way

$sql = "select * from professor where (login= :email or login= :usuario) and senha= :senha";

There is no condition OU the condition you must use is OR

  • Thanks for the parentheses, it wasn’t working well until you put them on.

0

First, you must specify which fields in your teacher table correspond to the email and login field. Then the query should be

$sql = "select * from professor where login= :login or email= :login and senha= :senha";

As I’m not very familiar with the : to represent a value, in variable form, would thus be:

$sql = "select * from professor where login='$login' or email='$login' and senha= $'senha'";

The :login or $login must be the condition for searching both fields because you used the variable up there to request input information and stored in this variable:

$login= $_REQUEST["login"];
  • Thanks, I didn’t even realize my mistake. I made the changes when logging in now an error appears on line 12, which would be $result->execute code();

0

I was able to solve the errors that were the variables in the result, the code was like this:

$login = $_REQUEST["login"];
 $senha = $_REQUEST["senha"];

 $sql = "select * from professores where (email= :login or usuario= :login) and senha= :senha";

 $result = $conexao->prepare($sql);
 $result ->bindValue(":login", $login);
 $result ->bindValue(":senha", $senha);
 $result ->execute();

Thank you

Browser other questions tagged

You are not signed in. Login or sign up in order to post.