1

This is my login php code but I am unable to login. My code works until echo "2", after that is not working anymore.

include 'inc.config.php';
if(isset($_POST["submit"]))
{
    $user = mysql_real_escape_string($_POST['emailid']);
    $pass = md5(mysql_real_escape_string($_POST['password']));
    $query=mysql_query("SELECT * FROM logsignup WHERE email='$user' AND password='$pass' ");

    echo "1";

    $numofrows = mysql_num_rows($query);

    echo "2";

    if($numofrows!=0)     
    {
        echo "3";

        while($row=mysql_fetch_assoc($query))
        {
            $dbusername= $row['emailid'];
            $dbpassword= $row['password'];
        }

        if($user=$dbusername && $pass=$dbpassword)
        {
            echo "loggedin";
        }
    }
    else
    {
        echo "invalid";
    }
}

Here is inc.config.php file

$con = mysql_connect("localhost","root","");
$select=mysql_select_db("loginsignup");

Image of the database:

Image of the database

Thomas Bormans
  • 5,156
  • 6
  • 34
  • 51
shubham singh
  • 23
  • 1
  • 5
  • Are you getting any error message? – Elymentree Mar 30 '16 at 13:49
  • 3
    Some things to keep in mind: Your code is deprecated (`mysql_*` functions). Your code is also open for a nice SQL injection. You're using a hashing method which is breached. This always results in `true`: `if($user=$dbusername && $pass=$dbpassword)` – Daan Mar 30 '16 at 13:50
  • 1
    pls check echo $numofrows; If result is 0 check database entries. – MaThar Beevi Mar 30 '16 at 13:51
  • please insert "error_reporting(-1);" at the start of your php file and update your question with any errors that might show up, also check whether it just doesn't match. maybe your hashed value gets shortened when inserted and so now they never match, could be a ton of things. also look into prepared statements: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php – Jester Mar 30 '16 at 13:57
  • You should use PDO ou mysqli, like @Daan said, mysql_* functions are deprecated. – rafaelcpalmeida Mar 30 '16 at 13:57
  • So, this echoes "2" but does not echo "3" nor "invalid"? – apokryfos Mar 30 '16 at 13:58
  • May you share table structure as well; – itzmukeshy7 Mar 30 '16 at 14:03
  • Thanks everyone for so quick response,my code is now working as it should. There was problem with md5 i used in my code, But now I have removed md5 so what should i add to my password to encrypt it – shubham singh Mar 30 '16 at 19:22

2 Answers2

2

If value I get out of the database is the same as the value I put into the database.

Which is pretty pointless, it's a needlessly excessive check. It's better to count the correct number of rows returned, which will tell you exactly the same information.

  • You need to start using error logging, to help yourself solve your own errors, please read How to get useful error messages in PHP?

  • Also use MySQL EXPLAIN in (PHPMyAdmin) to help you understand wayward SQL queries.

  • Your password field in your screenshot looks far too short. md5 is typically 32 characters long, so what could be happening is that the SQL comparison is failing because you're comparing a long string with a shorter string. Double check.

  • Ensure you are using the correct Character encoding throughout your PHP and your MySQL, please read UTF-8 all the way through and convert all MySQL into utf8mb4_unicode_ci. Also get used to using PHP Multibyte string functions (may need installing).

If the above guides do not solve your problem you will at the very least have a clear path (with the error logs) to see what's going wrong and from that how to solve your issue.

Community
  • 1
  • 1
Martin
  • 22,212
  • 11
  • 70
  • 132
0
<?php 

`include 'inc.config.php';
if(isset($_POST["submit"]))
{
    $user = mysql_real_escape_string($_POST['emailid']);
    $pass = md5(mysql_real_escape_string($_POST['password']));
    $sql="SELECT * FROM logsignup WHERE email='$user' AND password='$pass'";
    $query=mysql_query($sql);
    $numofrows = mysql_num_rows($query);
    if($numofrows > 0)     
    {           
        $row=mysql_fetch_assoc($query)            
        $_SESSSION['EMAIL']= $row['emailid'];
        $_SESSSION['USERNAME'] $row['username'];

       if( $_SESSSION['EMAIL'] && $_SESSSION['EMAIL']) {
 echo "valid";
}else{
  echo "invalid";
}
    }

}`


?>
debasish
  • 735
  • 1
  • 9
  • 14