Login code not working in PHP

Question

I have a index.html page from where i am redirecting it to my login.php page to validate user. But it seems that is its not working. It is showing error message even if the entry are correct. Please look to it

index.html

<form action="login.php" method="POST">
      <div class="input-container">
        <input type="text" name="enroll" required="required"/>
        <label for="Username">Enrollment Number</label>
        <div class="bar"></div>
      </div>
      <div class="input-container">
        <input type="password" name="Password" required="required"/>
        <label for="Password">Password</label>
        <div class="bar"></div>
      </div>
      <div class="button-container">
        <button><span>Go</span></button>
      </div>
      <div class="footer"><a href="#">Forgot your password?</a></div>
    </form>

login.php

<?php

// Grab User submitted information
$enroll = $_POST["enroll"];
$pass = $_POST["password"];

// Connect to the database
$con = mysql_connect("localhost","root","");
// Make sure we connected succesfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db("rgpv",$con);

$result = mysql_query("SELECT enroll, password FROM login WHERE enroll = $enroll");

$row = mysql_fetch_array($result);

if($row["enroll"]==$enrolls && $row["password"]==$pass)
    echo"You are a validated user.";
else
    echo"Sorry, your credentials are not valid, Please try again.";
?>

You might be seeing the notices saying undefined index enroll and undefined index password ,you need to use if(isset($_POST['enroll']) && isset($_POST['password'])){ above your code — Pardeep Poria, May 14 '16 at 10:08
your code is vulnerable for sql injection.check the values of `$row["enroll"]` and `$enrolls` etc.. — Madhawa Priyashantha, May 14 '16 at 10:10
Why do you need `if ($row["enroll"] == $enrolls`? You're already checking that in the SQL query. You could also put the password check in the SQL. — Barmar, May 14 '16 at 10:23

Denis Bhojvani · Answer 1 · 2016-05-14T11:21:23.067

i got your issues in if condition with variable name $enrolls your actually variable is $enrollplease change your if condition hope it will solve your problem.

if($row["enroll"]==$enroll && $row["password"]==$pass)

replace your if condition with above give condition line. and in your html page for password element incorrect name please change that also as give in below line.

$pass = $_POST["Password"];

change your code with this line.

score 0 · Accepted Answer · edited May 23 '17 at 11:44

0

In your form, your password field has the name Password. In login.php, you incorreclty define $pass as $pass = $_POST["password"]; - simply change it to $pass = $_POST["Password"];

Your query is also incorrect.

Change $result = mysql_query("SELECT enroll, password FROM login WHERE enroll = $enroll");

to

`$result = mysql_query("SELECT enroll, password FROM login WHERE enroll ='$enroll'");

Warning: your code is open to SQL Injection Attacks!
Warning: you should use password_hash to hash your passwords!

edited May 23 '17 at 11:44

Community

1
1

answered May 14 '16 at 10:53

The Codesee

3,714
5
38
78

@KushagraVarade _No problemo!_ – The Codesee May 14 '16 at 13:48

Login code not working in PHP

2 Answers2