Login: Mysql search returns only one object

Question

Login: Mysql search returns only one object

Asked 4 years, 9 months ago

Viewed 42 times

0

In a login system, I take the e-mail and password given by the user by a form and see if there is any identical information in the database.

 $conn = new mysqli("localhost", "root", "", "prisma");

        $result = $conn->query("SELECT * FROM tb_users ORDER BY iduser");
        $data = array();
        $x = -1;
        while($row=$result->fetch_array(MYSQLI_ASSOC)){
            array_push($data, $row);
            $x += 1;
            if($user == $data[$x]["desusername"] && $pass == $data[$x]["despassword"]){
                if($user == $adms){
                    $_SESSION['isAdmin'] = true;
                    header('Location: index.php');
                }

                else{
                    header('Location: index.php');
                }

            }
            else{
                echo "Erro. Insira seus dados corretamente!";
                echo $data[$x]["desusername"];
                echo $data[$x]["despassword"];
                echo $user;
                echo $pass;
                break;
            }
        }

$user being the email given by the user, $pass the password given by the user, $data[$x]["desusername"] the database users and $data[$x]["despassword"] the found passwords;

However, when logging in, the $data[$x]["desusername"] and $data[$x]["despassword"] are the first item in my database, and there is one more item to go through!

Ex. The first item is "[email protected]", and password "123". The second is "[email protected]" and password "321";

If the user enters the second item in the form, my while will only have taken the first item to compare in the if.

1 answer

Browser other questions tagged php mysql while

You are not signed in. Login or sign up in order to post.

by Inkeliz • **20,671** points · Answer 1 · 2019-12-15T21:17:57+00:00

The explanation is in the break;, reducing your code we have:

$Conn = new mysqli("localhost", "root", "", "prism");

    $result = $conn->query("SELECT * FROM tb_users ORDER BY iduser");
    $data = array();
    $x = -1;
    while($row=$result->fetch_array(MYSQLI_ASSOC)){
        array_push($data, $row);
        $x += 1;
        if($user == $data[$x]["desusername"] && $pass == $data[$x]["despassword"]){
           //....
        } else{
            // ...
            break;
        }
    }

The break will break the while on the first attempt, as it will fall into the else. That is, you run the while and the first check (which is incorrect) will fall into the else and this else will give the break. So just run it once.

Ignoring other optimization/performance and security problems, you can use:

    $conn = new mysqli("localhost", "root", "", "prisma");

    $result = $conn->query("SELECT * FROM tb_users ORDER BY iduser");

    $user_found = null;    
    while($row = $result->fetch_array(MYSQLI_ASSOC) && $user_found === null){
        if($user === $row["desusername"] && $pass === $row["despassword"]){
            $user_found = $row;
        }
    }

    if($user_found !== null) {
        $_SESSION['isAdmin'] = $user == $adms;
        header('Location: index.php');
        return; // early-return
    }

    echo "Erro. Insira seus dados corretamente!";
    echo $data[$x]["desusername"];
    echo $data[$x]["despassword"];
    echo $user;
    echo $pass;

The idea of this code is to check first, all lines, then then do what should be done (give error or redirect).

The $adms and $user and $pass is not set, I do not use PHP I cannot test.