Member Avatar for spud91

I have the following code:

<?php
session_start(); // Starting Session
include_once('config.php');

$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['user']) || empty($_POST['pass'])) {
$error = "Please complete both fields";
}else{
// Define $username and $password
$user=$_POST['user'];
$pass=md5($_POST['pass']);
// To protect MySQL injection for Security purpose
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysqli_real_escape_string($mysqli, $user);
$pass = mysqli_real_escape_string($mysqli, $pass);
// SQL query to fetch information of registered users and finds user match.
$result = mysqli_query($mysqli, "SELECT * FROM users WHERE Username='$user' AND Password='$pass' LIMIT 1");
if ($row = mysqli_fetch_array($result)) {
    $_SESSION['Username'] = $row['Username'];
    $_SESSION['Account_Type'] = $row['Account_Type'];

if ($row['Account_Type'] === 'A') {
    header ("location: adminHome.php");
    exit;
} else {
    header ("location: home.php");
    exit;
}
} else {
    $error = "Username or Password is invalid";

    mysqli_close($mysqli); // Closing mysqli connection
}
    }
}
?>

<!doctype html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style/style.css"> 
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
<title>Login</title>

</head>
<body>

<div id = "logReg">
<span href="#" class="button" id="toggle-login">Log in</span> 
</div>

<div id="login">
  <div id="triangle"></div>
  <h1>Log in</h1>
  <form action = "" id = "logregform" method = "POST">
    <p id = "err"> <?php if(isset($error)) {echo $error;} ?> </p>
<input id = "logtxt" type="text" placeholder="Username" name = "user" required/>
<input type="password" placeholder="Password" name = "pass" required/>
<input type="submit" value="Log in" name = "submit" />
<br>
<br>
<p id ="bklg">Dont have an account? <a href="register.php">Sign up</a></p> 
  </form>
</div>
<script>

$('#toggle-login').click(function(){
  $('#login').slideToggle('fast'); 
});
</script>
</html>

I'm able to login as a normal user whos account_type is "U".
However im unable to login as an admin with account_type is "A". Ive set the admins username and password to 456 just for testing purposes but once i type that in and click submit i instantly get the error saying that the username and password is invalid.

Any ideas what ive done wrong or how to fix this?

Thanks!

  • 4 Contributors
  • 14 Replies
  • 1K Views
  • 8 Years Discussion Span
  • Latest Post Latest Post by GESTIC
Member Avatar for lps

Your code seem fine for me. Have you tried to echo out the $user and $pass before the query and compare manually to the database?

Member Avatar for jj.dcruz 
<?php
session_start(); // Starting Session
include_once('config.php');

$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
    if (empty($_POST['user']) || empty($_POST['pass'])) {
    $error = "Please complete both fields";
    }
    else{
        // Define $username and $password
        $user=$_POST['user'];
        $pass=md5($_POST['pass']);
        // To protect MySQL injection for Security purpose
        $user = stripslashes($user);
        $pass = stripslashes($pass);
        $user = mysqli_real_escape_string($mysqli, $user);
        $pass = mysqli_real_escape_string($mysqli, $pass);
        // SQL query to fetch information of registered users and finds user match.
        $result = mysqli_query($mysqli, "SELECT * FROM users WHERE Username='$user' AND Password='$pass' LIMIT 1");
        if ($row = mysqli_fetch_array($result)) {
            $_SESSION['Username'] = $row['Username'];
            $_SESSION['Account_Type'] = $row['Account_Type'];

                //try this method sometimes you need a variable instead directly putting the date
                $acct = $row['Account_Type'];

                    if ($acct === 'A') {
                        header ("location: adminHome.php");
                        exit;
                    } else {
                        header ("location: home.php");
                        exit;
                    }

            } else {
        $error = "Username or Password is invalid";

        mysqli_close($mysqli); // Closing mysqli connection
        }
    }
}
?>

<!doctype html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style/style.css"> 
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
<title>Login</title>

</head>
<body>

<div id = "logReg">
<span href="#" class="button" id="toggle-login">Log in</span> 
</div>

<div id="login">
  <div id="triangle"></div>
  <h1>Log in</h1>
  <form action = "" id = "logregform" method = "POST">
    <p id = "err"> <?php if(isset($error)) {echo $error;} ?> </p>
<input id = "logtxt" type="text" placeholder="Username" name = "user" required/>
<input type="password" placeholder="Password" name = "pass" required/>
<input type="submit" value="Log in" name = "submit" />
<br>
<br>
<p id ="bklg">Dont have an account? <a href="register.php">Sign up</a></p> 
  </form>
</div>
<script>

$('#toggle-login').click(function(){
  $('#login').slideToggle('fast'); 
});
</script>
</html>
Member Avatar for spud91

@Ips yeah ive echoed them out. the user can login fine.

@joshuajames.delacruz ive tried the above code but the same thing happens. When logging in as the admin it instantly says "invalid username or password"

Member Avatar for lps

Wait, did you set the password of admin to '456' manually in database?

But based on your code, the $pass is set to $pass=md5($_POST['pass']);, posibly the '456' not matching md5('456') which causing the password is wrong.

Member Avatar for jj.dcruz

sorry my bad there's a mistake on the Query

$result = mysqli_query($mysqli, "SELECT * FROM users WHERE Username='$user' AND Password='$pass' LIMIT 1");


  `
Edited by jj.dcruz
Member Avatar for lps

may I know what's the password in database? Is it '250cf8b51c773f3f8dc8b4be867a9a02' or '456'?

And when you echo the $pass, is it '250cf8b51c773f3f8dc8b4be867a9a02' or '456'?

Edited by lps
Member Avatar for spud91

the password originally was 456 but now its 250cf8b51c773f3f8dc8b4be867a9a02. however that still the admin to the normal users homepage instead of the adminhome.php

Member Avatar for jj.dcruz

This is the revised code just copy and paste it.

<?php
session_start(); // Starting Session
include_once('config.php');

$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
    if (empty($_POST['user']) || empty($_POST['pass'])) {
    $error = "Please complete both fields";
    }
    else{
        // Define $username and $password
        $user=$_POST['user'];
        $pass=md5($_POST['pass']);
        // To protect MySQL injection for Security purpose
        $user = stripslashes($user);
        $pass = stripslashes($pass);
        $user = mysqli_real_escape_string($mysqli, $user);
        $pass = mysqli_real_escape_string($mysqli, $pass);
        // SQL query to fetch information of registered users and finds user match.
        $result = mysqli_query($mysqli, "SELECT * FROM users WHERE Username='$user' AND Password='$pass' LIMIT 1");
        if ($row = mysqli_fetch_array($result)) {
            $_SESSION['Username'] = $row['Username'];
            $_SESSION['Account_Type'] = $row['Account_Type'];

                //try this method sometimes you need a variable instead directly putting the date
                $acct = $row['Account_Type'];
                $_SESSIONS['Account_type'] = $acct;
                    if ($acct === 'A') {
                        header ("location: adminHome.php");
                        exit;
                    } else {
                        header ("location: home.php");
                        exit;
                    }

            } else {
        $error = "Username or Password is invalid";

        mysqli_close($mysqli); // Closing mysqli connection
        }
    }
}
?>

<!doctype html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style/style.css"> 
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
<title>Login</title>

</head>
<body>

<div id = "logReg">
<span href="#" class="button" id="toggle-login">Log in</span> 
</div>

<div id="login">
  <div id="triangle"></div>
  <h1>Log in</h1>
  <form action = "" id = "logregform" method = "POST">
    <p id = "err"> <?php if(isset($error)) {echo $error;} ?> </p>
<input id = "logtxt" type="text" placeholder="Username" name = "user" required/>
<input type="password" placeholder="Password" name = "pass" required/>
<input type="submit" value="Log in" name = "submit" />
<br>
<br>
<p id ="bklg">Dont have an account? <a href="register.php">Sign up</a></p> 
  </form>
</div>
<script>

$('#toggle-login').click(function(){
  $('#login').slideToggle('fast'); 
});
</script>
</html>

then the adminhome.php

if($_SESSION['Acct_type'] == 'user'){
header('Location: userhome.php');
}

the userhome.php

if($_SESSION['Acct_type'] == 'admin'){
    header('Location: adminhome.php');
    }
Member Avatar for spud91

error saying Undefined index: Account_type

Member Avatar for jj.dcruz

what is the complete error? im having difficulty on that one

Member Avatar for spud91

Its sorted. Thanks!

Member Avatar for lps

First of all, try to echo the $row['Username'] and $row['Account_Type'] after you retrieve them from database.
Then, as you have limit the query to 1, you should probably using mysqli_fetch_assoc instead of mysqli_fetch_array.

@joshua, the problem caused by the $_SESSION['Acct_type'] is not defined to be used as comparism, the coding you show set the data into $row['Account_Type'].

Member Avatar for jj.dcruz

Its sorted. Thanks!

Is the problem solve? please mark this thread as solve thanks

Member Avatar for GESTIC

Hello Guys, I need your help on this please

I have this code and having the same same error message on line 16
<?php
class Login {
    public function LoginSystem() {
        session_start(); //start session
        $error = ''; //variable to store Error message
    if (!isset($_POST['submit'])) {
        if (empty($_POST['login']) || empty($_POST['password'])) {
            $error = "Nom d'utilisateur ou mot de passe incorrect";
        }
    }else {
        include 'connect.php';
        //Define $username and $password
        $username = $_POST['login'];
        $password = md5($_POST['password'])
        //SQL query to fetch information of registered users and finds user match
        $query = "SELECT login, password FROM users WHERE login=? AND password=? LIMIT 1";
        //To protect Mysql injection for security purpose
        $stmt = $conn->prepare($query);
        $stmt->bind_param("ss", $username, $password);
        $stmt->execute();
        $stmt->bind_result($username, $password);
        $stmt->store_result();
        if($stmt->()){ //fetching the content of the row
            $_SESSION['login'] $username; //Initializing Session
        } 
        mysqli_close($conn); //Closing Connection
    }
}
public function SessionVerify() {
    if(!isset($_SESSION['login'])) {
    header("Location: includes/checkuser.php"); Check user session and role
    }
}
public function SessionCheck() {
    global $conn;
    session_start(); //starting Session
    //Storing Session
    $user_check = $_SESSION['login'];
    //SQL query to fetch complete information of User
    $query = "SELECT * FROM users WHERE login = '$user_check'";
    $ses_sql = mysqli_query($conn, $query);
    $row = mysqli_fetch_assoc($ses_sql);
    $_SESSION['id'] = $row["id"];
    $_SESSION['name'] = $row["name"];
    $_SESSION['role'] = $row["role"];
}
public function UserType() {
    //if user role is 1, redirect to admin page
    if ($_SESSION["role"] == 1) {
        header("Location:../user/admin/")
    }
    //if user role is 0, redirect to user page
    if ($_SESSION["role"] == 0) {
        header("Location:../user/simpleuser/")
    }
    }
}
class UserFunctions{
    public function Username() {
        $username = $_SESSION["name"];
        echo $username;
    }
}
?>

<?php include 'settings.php'; //include settings ?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link href='https://unpkg.com/boxicons@2.1.4/css/boxicons.min.css' rel='stylesheet'>
    <link rel="stylesheet" href="style_login.css">
    <title>Authentification</title>
</head>
<body>
    <div class="container">
        <div class="box">
         <div class="header">
            <header><img src="images/296170341_1118986832025090_6614413410720163048_n.jpg" alt="">
            </header>
            <p>Connectez-vous!</p>
         </div>  
         <form class="form-signin" action="includes/login.php" method="POST">
         <div class="input-box">
            <label for="email">E-mail</label>
            <input name="login" type="email" class="input-field" id="email" required>
            <i class="bx bx-envelope"></i>
         </div> 
         <div class="input-box">
            <label for="pass">Mot de passe</label>
            <input name="password" type="password" class="input-field" id="pass" required>
            <i class="bx bx-lock"></i>
         </div>
         <div class="input-box">
            <input type="submit" class="input-submit" value="CONNEXION" name="submit">
         </div>
         <div class="bottom">
            <span><a href="#">S'enregistrer</a></span>
            <span><a href="#">Mot de passe oublié?</a></span>
         </div>
        </div>
        <div class="wrapper"></div>
         </form>
    </div>
</body>
</html>

.

2023-06-28_21_36_03-sfs_8080_includes_login.php.png 5.68 KB 2023-06-28_21_36_39-functions.php_-_school_Fees_Sigma_-_Visual_Studio_Code.png 14.11 KB
commented: This post is 8 years old, please open a new post of your own. +15
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.