Error trying to log in PHP

Asked

Viewed 656 times

3

I created a login basic with php for the site I’m developing, but when trying to log in occurs the following error "invalid username or password", this error is in the code, but I do not understand why it occurs, because I have already checked the database data, as user, password and name of the database, are all correct.

My code is like this:

login.php

     <?php 
        $cnpj    = $_POST['cnpj'];
        $senha   = $_POST['senha'];
        $conexao = mysqli_connect('localhost','root','');
        $db      = mysqli_select_db($conexao, 'treinamentos') or print(mysqli_error());
        $sql     = "SELECT * FROM usuario WHERE cnpj = '$cnpj' AND senha = '$senha'";
        $resultado = mysqli_query($conexao, $sql);
        if (mysqli_num_rows($resultado) == 0) {
           echo "Usuário ou senha não conferem" ;
           echo '<br><br><a href="../index.html">Voltar</a>';
           session_destroy();
        }else {
           header("Location:index.html");
        }
     ?>

html form

<form method="POST" action="php/login.php">
    <div class="row form-group">
        <div class="col-md-12">
            <label for="username">CNPJ</label>
            <input type="text" class="form-control" id="cnpj" name="cnpj">
        </div>
    </div>
    <div class="row form-group">
        <div class="col-md-12">
            <label for="password">Senha</label>
            <input type="password" class="form-control" id="senha" name="senha">
        </div>
    </div>
    <div class="row form-group">
        <div class="col-md-12">
            <input type="submit" class="btn btn-primary" value="Acessar" id="acessar" name="acessar">
        </div>
    </div>
</form> 

If you have any idea what might be causing such a mistake, I’d appreciate any help.

  • 1

    Where does the variable n1 and N2 come from? Important parts of your.php check file were missing, put it there...

  • 1

    I know it’s out of the question asked, but I think it’s important to remember. The variable $cnpj is entering the query without any kind of treatment, the mysqli_* is not magical and can remain as vulnerable as the mysql_*. Moreover would recommend changing the rand(), but this is not so important. Now about the problem is missing information in the code, such as the $n1 and $n2.

  • In the.php check, a snippet says: If (something) 'login not performed' and exit OR 'login not performed' and exit. One way or another, an error will be presented and kills the application there. It may not be the problem of the page, but there is an inconsistency there

  • @Rubiofalcao, add it to the code so we can help better

  • It’s not a formal answer, I just wondered you have an if that points to the same independent flow of evaluation

  • Okay, I’ll add the missing part

  • it is, if $n1 is different from $N2 Login not done but Login not done, both with Login not done. And there is an extra } in if Else.

  • I changed the code so you can understand better.

  • 1

    The parameters of mysqli_select_db() and mysqli_query() are switched. The first parameter is always the $conexao. Before editing this error did not exist.

  • Okay, thanks. I’ll edit

  • @Inkeliz It worked, I’ve even edited the question. If you want you can add the answer. Thanks for the help!

  • @R.Gasparin good night, just by way of suggestion: as already mentioned, since you are using the mysqli, use the prepared statements to sanitize the data entry in your query. The way it is, your code is susceptible to SQL Injection.

  • Okay, I’ll take the suggestion. Thank you!

Show 8 more comments

1 answer

5


There are several small mistakes...

1. mysqli_select_db()

Are you using as mysqli_select_db('treinamentos', $conexao) and in fact it is the other way around, according to the documentation it is expected to be:

mysqli_select_db ( mysqli $link , string $dbname )

Documentation

Therefore, you are reversing the parameters, you should then use:

mysqli_select_db($conexao, 'treinamentos')

2. mysqli_query()

The same previous error is expected to use:

mysqli_query ( mysqli $link , string $query [, int $resultmode = MYSQLI_STORE_RESULT ] )

Documentation

Instead of using mysqli_query($sql, $conexao), must use:

mysqli_query($conexao, $sql);

Also, as commented, note the fact that you are not treating the parameters properly.

Use at least the mysqli_real_escape_string($conexao, $cnpj), see documentation, since the mysqli_set_charset is configured correctly will be enough. Another option is to use the mysqli_prepare it will require further modifications to the current code, recommend seeing this guide.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.