PHP: mysql setting up a login

Question

I'm super confused, my code outputs this:

posted login: login

posted password: pass

database login: login

database pass: pass

database id: 1

database user: IDKMyName

database creator: True

database admin: True

database master: True

failed

Main part is the last line "failed", it should say logged in go. The posted user and database user is the same and posted pass is same so idk.

ps. the echos are just there for debugging not going to be in final code.

 <?php

session_start();

$db_login = "";
$db_pass = "";
$db_id = "";
$db_user = "";
$db_creator = "";
$db_admin = "";
$db_master = "";

$servername = "localhost";
$username = "root";
$password = "";
$database = "main_db";

// Create connection
$conn = new mysqli($servername, $username, $password, $database);

$submitlogin = $_POST['user'];
$submitpass = $_POST['password'];

$query = $conn->query("SELECT * FROM main_table WHERE login = '$submitlogin' && pass = '$submitpass'", MYSQLI_USE_RESULT);

if ($query) {
   while ($row = $query->fetch_array()) {
       $db_login = $row['login'] . PHP_EOL;
       $db_pass = $row['pass'] . PHP_EOL;
       $db_id = $row['ID'] . PHP_EOL;
       $db_user = $row['user'] . PHP_EOL;
       $db_creator = $row['creator'] . PHP_EOL;
       $db_admin = $row['admin'] . PHP_EOL;
       $db_master = $row['master'] . PHP_EOL;
   }
}

echo "posted login: " . $submitlogin . "<br>";
echo "posted password: " . $submitpass . "<br>";
echo "database login: " . $db_login . "<br>";
echo "database pass: " . $db_pass . "<br>";
echo "database id: " . $db_id . "<br>";
echo "database user: " . $db_user . "<br>";
echo "database creator: " . $db_creator . "<br>";
echo "database admin: " . $db_admin . "<br>";
echo "database master: " . $db_master . "<br>";

if ($submitlogin != $db_login && $submitpass != $db_pass) {

    $_SESSION['ID'] = 'NULL';
    $_SESSION['loggedin'] = 'False';
    $_SESSION['login'] = '';
    $_SESSION['pass'] = '';
    $_SESSION['user'] = '';
    $_SESSION['creater'] = 'False';
    $_SESSION['admin'] = 'False';
    $_SESSION['master'] = 'False';


    echo"failed";
    echo"<a href = '/wip/login/>try again</a>";


}

else {

    $_SESSION['login'] = $db_login;
    $_SESSION['pass'] = $db_pass;
    $_SESSION['id'] = $db_id;
    $_SESSION['user'] = $db_user;
    $_SESSION['creator'] = $db_creator;
    $_SESSION['admin'] = $db_admin;
    $_SESSION['master'] = $db_master;
    $_SESSION['loggedin'] = 'True';

    echo "logged in";
    echo "<a href='/wip/>go</a>";

}

mysqli_close($conn);

?>

Answer 1

You are appending line breaks to the data from the database:

$db_login = $row['login'] . PHP_EOL; //<--here

so you are comparing:

"pass" == "pass\n"

As mentioned in the comments, you have a number of other issues, but this is the root cause of you problem