0

Hello everyone so i was developing a game with login in Unity 5, I successfully manage to create a registration form but the login always keeps saying "login failed" even though the username and password are correct. I feel like my code only recognize the "else" statement because I already tried switching my conditions

here is the C# code

using System.Collections.Generic;
using UnityEngine;
using UnityEngine.UI;
using UnityEngine.SceneManagement;

public class DataLogin : MonoBehaviour {
public InputField inputUsername1;
public InputField inputPassword1;
public static string Username;
public static string Password;


string UserURL1 = "http://localhost/login.php";

void Start(){

}
void Update(){

}
//  void OnMouseDown(Button insertButton){
//      InsertData(inputUsername, inputPassword);
//  }
public void Button_Click1(){
    StartCoroutine(LoginData (inputUsername1, inputPassword1));

}
IEnumerator LoginData(InputField inputUsername1, InputField inputPassword1){
    WWWForm form = new WWWForm ();
    form.AddField ("username", inputUsername1.text);
    form.AddField ("password", inputPassword1.text);

    WWW www = new WWW (UserURL1, form);
    yield return www;

    if (www.text [0] == '0') {
        Debug.Log ("User Login Success.");
    } else {
        Debug.Log ("User Login Failed.");
   }
  }
}

here is the php code

<?php
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "table_test";

    $user = $_POST["username"];
    $pass = $_POST["password"];

     // Create connection
    $conn = mysqli_connect($servername, $username, $password, $dbname);
    // Check connection
    if (!$conn) {
      die("Connection failed: " . mysqli_connect_error());
    }

    $sql = " SELECT * FROM test WHERE username = '$user' AND password = '$pass'";
    $result = mysqli_query($conn, $sql);
    if ($result->num_rows > 0) {
      while ($row = $result->fetch_assoc()) {
        if ($row['username'] = $user && $row['password'] = $pass) {
          echo ("Login Successfully");
        } else {
          echo ("Login Failed");
        }
     }
   }
?>
Fredrik Schön
  • 4,888
  • 1
  • 21
  • 32
Rolenz Pangan
  • 21
  • 1
  • 7
  • 1
    `if ($row['username'] = $user && $row['password'] = $pass)` - php uses `==` or even `===` for comparison. – thehennyy Jan 03 '19 at 12:19
  • also i think you have to use your local ip address here `string UserURL1 = "http://localhost/login.php";` instead of localhost – gmaziashvili Jan 03 '19 at 13:47

1 Answers1

2

You are checking if the result from the php script's first character is '0'.

However, in your PhP script you never return '0'. You either return "Login Successfully" or "Login Failed".

So i suggest you either check for that in your if-statement or you log the actual response from the server:

Debug.Log (www.text);

Although i'm not sure if that is the correct syntax, since you are using an older version of Unity.

Also, your Php script is vulnerable to SQL Injection. Check this post for more information on that topic

Immorality
  • 2,164
  • 2
  • 12
  • 24