When password or login is wrong session is not closed

Asked

Viewed 235 times

0

Good afternoon, I made a schedule to check if the login data is wrong or not, when I put the wrong data it gives me a alert saying that the login or password is incorrect but when I click okay he looks like another alert saying that I have successfully logged in and going to another page... what is happening?

code:

<html>

<head>
    <script src="../js/angular.min.js"></script>
    <script src="../js/jqueryAtualizado.js"></script>
    <script src="../js/jqueryAtualizado.min.js"></script>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
</head>

<body>
    <?php 
include("conexao.php");

if(isset($_POST['senha']) && strlen($_POST['login']) > 0){

    if(!isset($_SESSION))
        session_start();

    $_SESSION['login'] = $link -> escape_string($_POST['login']);
    $_SESSION['senha'] = $_POST['senha'];


    $sql_code = "SELECT senha, codigo FROM usuario WHERE login = '$_SESSION[login]'";
    $sql_query = $link -> query($sql_code) or die ($link -> error);
    $dado = $sql_query->fetch_assoc();
    $total = $sql_query-> num_rows;


    if($total == 0){
        echo "<script>alert('Login ou a senha estão errados.');</script>";
    }
    else{
        if($dado['senha'] == $_SESSION['senha']){

            $_SESSION['usuario'] = $dado['login'];

        }
    }

    if(count($total) != 0){
        echo "<script>alert('Login efetuado com sucesso.'); location.href='../Adm/AdmAgenda.php';</script>";
    }

}


?>
</body>

</html>

Thank you...

php session

1 answer

2


The issue is not even the session being closed when the login is wrong, but rather that it should not even be set if the login was wrong. It should only exist if the login is ok. So, you would create it.

The ideal would be something like:

$login = $_POST['login'];
$senha = $_POST['senha'];

$resultado = $bd->consultarLogin($login);

if ($resultado && $resultado['senha'] === $senha) {
      // Só aqui então é que a sessão seria criada

      $_SESSION['usuario'] = $resultado;
}

The above code was merely illustrative, what matters in the end is you understand the idea.

What’s more, your code needs a refactoring. It makes no sense for example to use count in $totalsince she is a variable of the type int. It also has redundant code.

I thought of something like this:

// Sempre lembre-se que session deve vir no topo do script, por precaução

if(!isset($_SESSION)) session_start();

include("conexao.php");

if(isset($_POST['senha']) && strlen($_POST['login']) > 0) {


    $login = $link -> escape_string($_POST['login']);
    $senha = $_POST['senha'];


    $sql_code = "SELECT senha, codigo FROM usuario WHERE login = '$login'";
    $sql_query = $link -> query($sql_code) or die ($link -> error);
    $dado = $sql_query->fetch_assoc();
    $total = $sql_query-> num_rows;


    if ($total == 0) {
        echo "<script>alert('Login ou a senha estão errados.');</script>";

    } elseif ($dado['senha'] == $_SESSION['senha']) {

        $_SESSION['usuario'] = $dado['login'];

        echo "<script>alert('Login efetuado com sucesso.'); location.href='../Adm/AdmAgenda.php';</script>";
    }

}

Note that I avoid putting things in the session before logging in.

The code above is not the eighth wonder yet, but already to improve some redundancies

  • Wow, I liked gave a good shortened in the code... Thanks worked only that if I put any password it enters kkkkk

  • There is a typo in my code. Instead of _SESSION[password] it should be $password

  • was trying to put 'usuario'

  • I’m talking elseif check

  • Yes, I had seen that it was the same so I put $dado['usuario'] == $_SESSION['senha'] and so he would, but he could put in any password he logged in

Browser other questions tagged php session

You are not signed in. Login or sign up in order to post.