Problem with Php and mysql - Simple login

Question

Problem with Php and mysql - Simple login

Asked 5 years, 10 months ago

Viewed 263 times

1

Good night!

I’m making a simple website, in which appears a user box and password that will be sent by form through the method post for the page valida.php. When comparing the user and password typed by the user, with the default user and password in an if/Else, the page redirects to main.html, which is correct. However, when I change the code to get directly into the database, when the user enters the credentials and presses the button, it is sent to the same page.. I can’t understand what’s wrong...

Follows the codes:

index php.

   <form class="login100-form validate-form" method="POST" action="valida.php">

<div class="wrap-input100 validate-input">
    <input class="input100" type="password" id="inputSenha" name="senha" placeholder="Digite a Senha" required>
    <span class="focus-input100" data-placeholder="&#xf191;"></span>
</div>

<div id="botao">
    <input type="submit" value="ENTRAR" name="botao" id="entrar" class="btn efeito efeito-1 botaoEnviar" style="color: black; font-weight: bold" autofocus>
</div>

valida.php

<?php

    include_once("conexao.php");
    if((isset($_POST['user'])) && isset($_POST['senha']))
    {

        $usuario = mysqli_real_escape_string($conn, $_POST['user']);
        $senha = mysqli_real_escape_string($conn, $_POST['senha']);
        $senha = md5($senha);

        $sql = "SELECT * FROM tb_login WHERE user = '$usuario' && senha = '$senha' LIMIT 1";
        $result = mysqli_query($conn, $sql);
        $resultado = mysqli_fetch_assoc($result);

        if(empty($resultado))
        {
            $_SESSION['loginErro'] = "Usuario ou senha incorretos.";
            header("Location: index.php");
        }
        elseif(isset($resultado))
        {
            header("Location: main.html");
        }
        else
        {
            $_SESSION['loginErro'] = "Usuario ou senha incorretos.";
        }
    }
    else
    {
        $_SESSION['loginErro'] = "Usuario ou senha incorretos.";
        header("Location: index.php");
    }

?>

php connection.

<?php
    $servidor = "localhost";
    $usuario  = "root";
    $senha = "";
    $dbname = "bd_otica";

    $conn = mysqli_connect($servidor, $usuario, $senha, $dbname);

    if(!$conn)
    {
        die("Falha na conexão: " . mysqli_connect_error());
    }else
    {}

?>

Thanks for any help!

"arrive directly in the database"... what does that mean? I don’t understand...

– Sam

2018/08/20 at 01:12
That one LIMIT 1 also strange. May have more than 1 user with the same username and the same password?

– Sam

2018/08/20 at 01:14
as to arrive directly, he meant to search in the database the password and the administrator’s user.. You can not have more than one user with the same name and password, I must take out this LIMIT 1?

– Cayo Eduardo Silveira

2018/08/20 at 01:18
Of course, it’s no use at all

– Sam

2018/08/20 at 01:18
I made the change.. nothing has changed, keeps going to index.php independent of password/user

– Cayo Eduardo Silveira

2018/08/20 at 01:27
For a simple login your code is extremely complicated. I suggest a search in mysql and php login, have better ready examples on the site. If you are going to insist on the current solution change your && by AND in select, take this lot of IF and ELSE and simply check if the number of rows returned is greater than one, instead of that fetch. Ideal sera to use password_verify https://answall.com/a/17005/70

– Bacco

2018/08/20 at 01:39

Show 1 more comment

2 answers

1

As @Bacco commented, change the && for AND in SQL.

The empty($resultado) will always be false because the $resultado = mysqli_fetch_assoc($result); will return an array, even if the result of the user query and password returns an empty array.

Make a feather if and else if command mysqli_fetch_assoc($result) is true, IE, found something in the bank that matches the username and password:

if(mysqli_fetch_assoc($result)){
   header("Location: main.html");
}else{
   $_SESSION['loginErro'] = "Usuario ou senha incorretos.";
   header("Location: index.php");
}

Complete code:

<?php
    include_once("conexao.php");
    if((isset($_POST['user'])) && isset($_POST['senha']))
    {

        $usuario = mysqli_real_escape_string($conn, $_POST['user']);
        $senha = mysqli_real_escape_string($conn, $_POST['senha']);
        $senha = md5($senha);

        $sql = "SELECT * FROM tb_login WHERE user = '$usuario' AND senha = '$senha'";
        $result = mysqli_query($conn, $sql);

        if(mysqli_fetch_assoc($result)){
            header("Location: main.html");
        }else{
            $_SESSION['loginErro'] = "Usuario ou senha incorretos.";
            header("Location: index.php");
        }
    }
?>

Thank you very much!!!! Solved the problem yes.. As you can see, I don’t know much about php, let alone the database, then this project fell into my hands. I appreciate the time I spent helping myself!

– Cayo Eduardo Silveira

2018/08/20 at 15:35

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.

by Armando Marques Sobrinho • **828** points · Answer 1 · 2018-08-20T12:23:29+00:00

Your problem in this system friend @Cayo Eduardo Silveira, is only due to the fact that the form code that Voce posted in the question, it does not have the field "user" which is verified in the first condition if((isset($_POST['user'])) && isset($_POST['senha'])), then the code directs to the last else, thus does not satisfy condition and consequently it redirects to $_SESSION['loginErro'] = "Usuario ou senha incorretos.";header("Location: index.php");

check there and warn