Error checking result of variables with Else and if

Asked

Viewed 98 times

0

I’m having a problem returning an authentication message on a login page. Specifically and where it checks that the login and password field are checked as TRUE, if yes and the user does not contain in the database it will return "invalid user", if it contains the user and the password is wrong it should return the "invalid password" error. The problem is that it returns invalid user and invalid password in the same condition. I’ve tried a lot of ways there on Isis and if it always happens the same thing in other ways I’ve tried.

Where did I go wrong?

Where the inconsistency happens:

if ($login == TRUE && $senha == TRUE) {
        $_SESSION['login']=$login;
        unset ($_SESSION['senha']);
        echo "Senha inválida";      
}
if ($login == TRUE && $senha == TRUE) {
        unset ($_SESSION['login']);
        echo "Usúario inválido";
}

Full validation:

session_start(); 
$login = $_POST['login']; $senha = $_POST['senha']; 
$con = mysql_connect("localhost", "root", "") or die ("Sem conexão com o servidor"); 
$select = mysql_select_db("portal") or die("Sem acesso ao DB");  
$result = mysql_query("SELECT * FROM `USUARIO` WHERE `NOME` = '$login' AND `SENHA`= '$senha'"); 
if(mysql_num_rows ($result) > 0 ) {
     $_SESSION['login'] = $login; 
     $_SESSION['senha'] = $senha; 
     header('location:editar-excluir.php');
 } 
 else {
if ($login == FALSE && $senha == FALSE){
         echo"Por favor preencha o nome do usuário e senha" ;
         } 
if ($login == FALSE && $senha == TRUE) {
        echo "Por favor preencha o campo do usuário";
        }
if ($login == TRUE && $senha == FALSE) {
        echo "Por favor preencha o campo senha";
        }

if ($login == TRUE && $senha == TRUE) {
        $_SESSION['login']=$login;
        unset ($_SESSION['senha']);
        echo "Senha inválida";      
}
if ($login == TRUE && $senha == TRUE) {
        unset ($_SESSION['login']);
        echo "Usúario inválido";
}
    }
  • apparently there is nothing wrong with your condition, the error may be at the time of taking values from the database, use the echo to write his sql on screen and place to rotate on SGBD. see if it returns any value.

1 answer

2

Two things. First you are making a number of comparisons separate. According to what the ideal would be to check if it is empty, and use the else to go eliminating conditions:

if ( empty( $login ) && empty( $senha ) ){
    echo"Por favor preencha o nome do usuário e senha" ;
} elseif ( empty( $login ) ) {
    echo "Por favor preencha o campo do usuário";
} elseif ( empty( $senha ) ) {
    echo "Por favor preencha o campo senha";
} elseif ( $_SESSION['login'] == $login ) {
    unset ($_SESSION['senha']);
    echo "Senha inválida";      
} else {
    unset ($_SESSION['login']);
    echo "Usúario inválido";
}

To complement, the die() (or exit() ) on redirect:

header('location:editar-excluir.php');
die();

It is worth saying that working with open password as you are doing is inadmissible in systems for real use, but if it is only an exercise, "it even passes".

Also, as you are not sanitizing the values of the POST, great chance for a curious with a minimum of knowledge delete all your DB remotely.

Another strange thing is the use you’re making of unset(). As I did not understand what the real purpose of these lines is, I have no way to give details if they should be as they are.

You may have other problems, because just looking at the piece of code posted, you can’t be sure how it really works.

  • I was going to try something similar. More analyzing it looks like it will solve.

  • I’ll encrypt with md5 or sha1.

  • 1

    MD5 is not encryption, nor SHA1; at least it has to use bcrypt or similar (and learn to use correctly).

  • 1

    http://answall.com/questions/113378

  • It worked! I’ll take a look with bcrypt. I’ll do some tests and confirm the answer. Thanks.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.