How to compare email and word passes from textboxs to the database

Asked

Viewed 99 times

0

I already have this code:

   <?php
   ...
   $dbconn = mysqli_connect($servername, $username, $password, $dbname)or die("Failed to connect to database:" . mysqli_error($conn));

    $email = mysqli_real_escape_string($dbconn, $_POST['login']);
    $password = mysqli_real_escape_string($dbconn, $_POST['senha']);

    if (!empty($email) && !empty($password))
    {

    $query = "SELECT (email, password) FROM Paciente WHERE email = '$email' AND password = SHA('$password') ";
    $data = mysqli_query($dbconn, $query);
    $result = mysqli_num_rows($dbname);
    printf("Number of rows %d \n", $result);
    if ($result == 1) {

        $row = mysqli_fetch_array($data);
        $email = $row('login');
        $password = $row('senha');
        header("location: marcar_consulta_online.html");
    } else {

        echo "A password e/ou email estão erradas";
    }

    }
    else
    {

        echo ' Deve preencher com o seu email e password';
        ?>

    <?php
    }
    mysqli_close($dbcon);
    ?>

   no outro código tenho: 

   <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
    <p style="font-size: 20px"> <font face= "Verdana">
        Email:<INPUT type="text" name="login" size=35><br><br>
        Password:<INPUT type="password" name="senha" size=30>
    </p></font>

    <input type="submit" value="Login" name="botao_login" class="botao_login"/></FORM>

When I press the button it writes the message:'Must fill in with your email and password' which should only happen if the fields are empty.

2 answers

0

You’re mixing mysqli_ and mysql_functions, don’t do this!

It is also not recommended to create Sqls like this, although you use mysqli_real_escape_string. Recommended to use Prepared statements, who in fact does it for you automatically.

Another thing, don’t store passwords in text format in the database. If any intruders gain access to the database, you’ll have all the passwords and emails easily. Learn more by searching google for "php generating password hash", since I can’t put more than 2 links in the reply.

About the error, if you search in the method documentation, you will see a comment:

Note, that if no Connection is open, mysqli_real_escape_string() will Return an Empty string!

If you look closely at the code

$dbconn = mysqli_connect($servername, $username, $password, $dbname);
...
$email = mysqli_real_escape_string($dbconn, $_POST['login']);
$password = mysqli_real_escape_string($dbconn, $POST['senha']);

you will see that you first declared a $dbco variablenn and tried to use a $dbcon, in the case the error is this.

you will see that you used $POST, without the "_" in the password line

  • I’ve already changed the problem of mixing functions and variables, but the problem is still the same... I edited the question of how the code was, I did not improve the creation of SQL because I did not understand very well how it works, I will have to study well the link that made available to me.

  • about hash recommend reading this article and among the 3 options recommend sha1

  • https://secure.php.net/manual/en/faq.passwords.php - one of the topics of the link is because we should not use functions like md5 and sha1 for this purpose

  • Someone will know because even if you put the right data, it says the email and or the pass are wrong?

0


All that remained was to correct

$POST['senha']

in $password = mysqli_real_escape_string($dbconn, $POST['senha']);

for

$_POST['senha']

Correct

$email = mysqli_real_escape_string($dbconn, $_POST['login']);
$password = mysqli_real_escape_string($dbconn, $_POST['senha']);
  • Is this not necessary? $email = mysqli_real_escape_string($dbconn, $_POST['login']);

  • this line is correct $_POST['login']); in the password that missed the underline or underline dash

Browser other questions tagged

You are not signed in. Login or sign up in order to post.