0

i have created two tables named login and gotest.in gotest table i have stored user details and unique in that table is ID.in login table i am storing refid, username and password.refid is the primary key which contains same value of ID in gotest table.i am getting from ID from one form when it passed through the URl.but when iam trying to login it gives me this errpor " The Username or password are incorrect! ".

Here is my php code

    <?php

include_once 'dbconnect.php';

    $renewid = $_GET['ID'];



    $query = "SELECT refid, username, password  FROM ipay_login  WHERE refid = '$renewid'";

    $result = mysql_query($query) or die(mysql_error());

    while ($row = mysql_fetch_array($result)) {

        $renewid = $row['refid'];
        $uname = $row['username'];
        $upass = $row['password'];

        echo $renewid . '<br />';
        echo $uname . '<br />';
        echo $upass . '<br />';

    }

if(isset($_POST['btn-signup'])) {


    $uname =  $_POST['username'];
    $upass =  $_POST['password'];


    /*echo $uname,$upass,$renewid;*/

    $result1 = mysql_query("SELECT *  FROM ipay_login  WHERE username = '$uname' AND password = '$upass'");

    if(mysql_num_rows($result1) > 0 )
    {
        echo "sucesss";
    }
    else
    {
        echo 'The Username or password are incorrect!';
    }


}
?>

<html>
<head></head>
<body>
<form id="convertion" method="post">


<!--<input type="hidden" id="refid" name="refid" value="<?php /*$_GET['refid']; */?>" /><br/>-->
<input type="text" id="username" name="username" /><br/>
<input type="text" id="password" name="password" /><br/>

<button type="submit" id="btn-signup" name="btn-signup">SUBMIT</button>
</form>
</body>
</html>

URL of my login page

http://xxx.yyy.example?ID=1000
colombo
  • 520
  • 2
  • 9
  • 24
  • If both the username and password are stored in `ipay_login` table, then why are you using `gotest` table in your SELECT query? – Rajdeep Paul Apr 29 '16 at 07:53
  • Why do you think it should output something different? – Ruslan Osmanov Apr 29 '16 at 07:53
  • 1
    Please note this, `mysql_*` functions are deprecated as of PHP 5.5 and are removed altogether in PHP 7.0. Use [`mysqli`](http://php.net/manual/en/book.mysqli.php) or [`pdo`](http://php.net/manual/en/book.pdo.php) instead. [And this is why you shouldn't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). – Rajdeep Paul Apr 29 '16 at 07:54
  • @RajdeepPaul the foreign key ID which i am getting in the url is already stored in the gotest table.thats why i am using gotest table – colombo Apr 29 '16 at 07:56
  • @RuslanOsmanov even i eneterd correct username and password it gives me that error – colombo Apr 29 '16 at 07:57
  • @colombo, print the query somewhere, then look if it's correct, then try to execute it in the mysql shell. If it still doesn't work, then the two tables have no rows matching conditions you specified in the query. – Ruslan Osmanov Apr 29 '16 at 08:02
  • From your question: *..refid is the primary key which contains same value of ID in gotest table* which means the ID you're passing with the URL is the user's id. So I see no reason why you're using `gotest` table in your SELECT query. – Rajdeep Paul Apr 29 '16 at 08:24
  • @RajdeepPaul i have edit the code but still gives me same error – colombo Apr 29 '16 at 08:43
  • @colombo If you see the code closely you'll find what's wrong. First of all, there's no point of executing two queries. And second, if this is a *login* form then how and why are sending user's ID with the URL? – Rajdeep Paul Apr 29 '16 at 08:58
  • @RajdeepPaul because user will load this from as email verification.that is why id pass with the url – colombo Apr 29 '16 at 08:59

1 Answers1

1

Try this ..first of all change your refid column in login to ID.then run following code

<?php

include_once 'dbconnect.php';


$renewid = $_GET['ID'];

$query = "SELECT *  FROM login WHERE ID = '$renewid'";

$result = mysql_query($query) or die(mysql_error());

while ($row = mysql_fetch_array($result)) {


    $uname = $row['username'];
    $upass = $row['password'];

    echo $uname . '<br />';
    echo $upass . '<br />';

}

if(isset($_POST['btn-signup'])) {


    $uname = $_POST['username'];
    $upass= $_POST['password'];


    $result1 = mysql_query("SELECT * FROM login WHERE username = '$uname' AND  password = '$upass'");

    if(mysql_num_rows($result1) > 0 )
    {

        echo "sucess";

    }
    else
    {
        echo 'The username or password are incorrect!';
    }
}
?>

<html>
<head></head>
<body>
<form id="convertion" method="post">

    <input type="text" id="username" name="username" /><br/>
    <input type="text" id="password" name="password" /><br/>

    <button type="submit" id="btn-signup" name="btn-signup">SUBMIT</button>
</form>
</body>
</html>
joseph
  • 105
  • 1
  • 2
  • 10