PHP MYSQL - Login System - Accepts numeric values only

Asked

Viewed 64 times

0

Hi. I have a problem... I’ve googled enough about it but I haven’t found anything successful.

my login system is only accepting numeric passwords.

example: User: so-and-so, password: 123 - that way I can log in perfectly.

already in this other example: User: fulano1, password: fivefivefive - Me returns that my data is invalid.

table: users; my password column in the database is formatted in this pattern:

id: int, length 15, auto increment; name: varchar, length 200, not null; password: varchar, length 32, not null; email: varchar, length 100, not null;

<div class="">
                    <form action="login.php" method="POST">
                    <div>
                        <div>
                        <div style="margin-top: 5px; margin-bottom: 5px; color: red;">                                    

                        </div>                                
                            <input name="usuario" name="text" placeholder="Seu usuário" autofocus="">
                        </div>
                    </div>
                    <div>
                        <div>
                            <input name="senha" type="password" placeholder="Sua senha">
                        </div>
                    </div>
                    <button type="submit" class="button">Entrar</button>
                    </form> </div>

below the login code.php

<?php
    session_start();
    include_once('conexao.php');

    if(empty($_POST['usuario']) || empty($_POST['senha'])) {        
        header('Location: index.php');
        $_SESSION['erro_inpt_vazio'] = "Usuário ou senha não informados";
        exit();
    }

    $usuario = mysqli_real_escape_string($conn, $_POST['usuario']);
    $senha = mysqli_real_escape_string($conn, $_POST['senha']);

    $query = "select nome from usuarios where nome = '$usuario' && senha = md5($senha)";

    $result = mysqli_query($conn, $query);

    $row = mysqli_num_rows($result);

    if($row == 1) {
        $_SESSION['usuario'] = $usuario;
        header('Location: painel.php');
        exit();
    } else {
        $_SESSION['nao_autenticado'] = true;
        header('Location: index.php');
        exit();
    }
?>

1 answer

1


Change

$query = "select nome from usuarios where nome = '$usuario' && senha = md5($senha)";

For

$query = "select nome from usuarios where nome = '$usuario' && senha = md5('$senha')";

Your select must be coming so:

select nome from usuarios where nome = 'user' && senha = md5(secreto)

so only accept number, missing single quotes

  • 1

    It lacked the simple quotation marks! thank you very much, a lack of my attention to this problem.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.