Wrong Username and Password error

Question

wareez 0 Newbie Poster

9 Years Ago

I have this code in my login.php, from sigin.php page if the user click on signin, it will display wrong username or password but the username and password is in the database named Username and Password.

Please i will appreciate if someone can fix this error for me. Your concern is sincerely appreciated.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
$txtusername=$_POST['UserName'];
$txtpassword=$_POST['Password'];
$usertype=$_POST['rdType'];
if($usertype=="Admin")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
}
else
{
header("location:blend_oceancrest_details_highvertical/index.php");
} 
mysql_close($con);
}
else if($usertype=="Customer")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
}
else
{
$_SESSION['id']=$row['customerid'];
$_SESSION['name']=$row['customername'];
header("location:customer/index.php");
} 

}

?>

</body>
</html>

php

Edited 9 Years Ago by pritaeas because: Fixed markdown. Removed email. Keep it on-site.

5 Contributors
8 Replies
2K Views
1 Week Discussion Span
Latest Post 9 Years Ago Latest Post by wareez

EvolutionFallen 107 Junior Poster

9 Years Ago

Where's your form code?
PS - you should probably be using mysqli: http://php.net/manual/en/book.mysqli.php

diafol

9 Years Ago

OK few thigs:

1) Don't mix php and html
2) Indent code and markup
3) stop using deprecated php (mysql)
4) escape your inputs - you are wide open to SQL Injection - solved if you use prepared statements and bind params/values (PDO/mysqli)

Edited 9 Years Ago by diafol

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

JerrimePatient 5 Junior Poster in Training · Answer 1 · 2015-05-07T01:11:15+00:00

there is no form tag.

<form action="some action">
    //your login code.
</form>

lps 71 Posting Pro in Training · Answer 2 · 2015-05-08T00:58:19+00:00

I have this code in my login.php, from sigin.php page if the user click on signin@JerrimePatient, the form is in the sigin.php
Agreed with @diafol's comments.
In addition, from you code, I assume you haven't encode your password?

To debug the problem, I suggest you to echo $sql before the query to ensure all variables parsing is correct, made sure the letter case and spaces(sometimes I input extra space in form without notice) is exactly as database.

JerrimePatient 5 Junior Poster in Training · Answer 3 · 2015-05-08T10:12:36+00:00

<form action="someaction">
$txtusername=$_POST['UserName'];
$txtpassword=$_POST['Password'];
$usertype=$_POST['rdType'];
if($usertype=="Admin")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
}
else
{
header("location:blend_oceancrest_details_highvertical/index.php");
} 
mysql_close($con);
}
else if($usertype=="Customer")
{
$con = mysql_connect("localhost","sample","sample");
mysql_select_db("customer", $con);
$sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
$result = mysql_query($sql,$con);
$records = mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ($records==0)
{
echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
}
else
{
$_SESSION['id']=$row['customerid'];
$_SESSION['name']=$row['customername'];
header("location:customer/index.php");
} 
}

</form>

all you are missing is the first line and the last line.

diafol · Answer 4 · 2015-05-08T11:00:17+00:00

Please indent your code ^^. Very difficult to read otherwise.

JerrimePatient 5 Junior Poster in Training · Answer 5 · 2015-05-11T01:11:13+00:00

<form action="someaction">
    $txtusername=$_POST['UserName'];
    $txtpassword=$_POST['Password'];
    $usertype=$_POST['rdType'];
    if($usertype=="Admin")
    {
        $con = mysql_connect("localhost","sample","sample");
        mysql_select_db("customer", $con);
        $sql = "select * from admin_master where username='".$txtusername."' and password='".$txtpassword."'";
        $result = mysql_query($sql,$con);
        $records = mysql_num_rows($result);
        $row = mysql_fetch_array($result);
        if ($records==0)
        {
            echo '<script type="text/javascript">alert("Wrong UserName or Password");window.location=\'index.php\';</script>';
        }
        else
        {
            header("location:blend_oceancrest_details_highvertical/index.php");
        } 
        mysql_close($con);
    }
    else if($usertype=="Customer")
    {
        $con = mysql_connect("localhost","sample","sample");
        mysql_select_db("customer", $con);
        $sql = "select * from customer_registration where UserName='".$txtusername."' and Password='".$txtpassword."' ";
        $result = mysql_query($sql,$con);
        $records = mysql_num_rows($result);
        $row = mysql_fetch_array($result);
        if ($records==0)
        {
            echo '<script type="text/javascript">alert("Wrong Username or Password");window.location=\'signin.php\';</script>';
        }
        else
        {
            $_SESSION['id']=$row['customerid'];
            $_SESSION['name']=$row['customername'];
            header("location:customer/index.php");
        } 
    }
</form>

@diafol: Sorry, I didn't indent it, I only copied the code of wareez.

wareez 0 Newbie Poster · Answer 6 · 2015-05-15T23:14:57+00:00

I have the login form in a separate page. The code is to process the login. At this stage if you can help me to provide a login similar to this I don't mind, I wanted to use it for one of my project and I need login script for the user's, I mean the admin will select a radio button while the customer will select customer radio button but they will be directed to different page based on type of radio button they choose.

Kindly help me, I need it friends, brothers, father, and all.