0

Now I want to do a login system . I want to check in table admin if user exist then if it's the case let him log in . I did code the system login but it's not working . Any advice or solution are welcome.

Best Regards A.V 

<?php
    ob_start();
    session_start();
?>

<html lang="en">

<head>
    <title>Foredeck Login.com</title>
    <link href="css/bootstrap.min.css" rel="stylesheet">

    <style>
        body {
            padding-top: 40px;
            padding-bottom: 40px;
            background-color: #6495ED;
        }

        .form-signin {
            max-width: 330px;
            padding: 15px;
            margin: 0 auto;
            color: #000000;
        }

        .form-signin .form-signin-heading,
        .form-signin .checkbox {
            margin-bottom: 10px;
        }

        .form-signin .checkbox {
            font-weight: normal;
        }

        .form-signin .form-control {
            position: relative;
            height: auto;
            -webkit-box-sizing: border-box;
            -moz-box-sizing: border-box;
            box-sizing: border-box;
            padding: 10px;
            font-size: 16px;
        }

        .form-signin .form-control:focus {
            z-index: 2;
        }

        .form-signin input[type="text"] {
            margin-bottom: 0 px;
            border-bottom-right-radius: 0;
            border-bottom-left-radius: 0;
            border-color: #000000;
        }

        .form-signin input[type="password"] {
            margin-bottom: 10px;
            border-top-left-radius: 0;
            border-top-right-radius: 0;
            border-color: #000000;
        }

        h3 {
            text-align:;
            color: #000000;
        }

        h1 {
            text-align:;
            color: #000000;
        }
    </style>

</head>

<body>
    <div class="container form-signin">

        <?php
            include("bdconnect_Foredeck.php");
            $link=Mysqli_connect($host,$login,$pass,$dbname);
            $msg = '';

            if (isset($_POST['login']) && !empty($_POST['username']) && !empty($_POST['password'])) {

                $Identifiant = $_POST['username'];
                $MotPasse = $_POST['password'];

                $recherche= "SELECT * FROM admin WHERE Identifiant ='$Identifiant' And Mdp_Admin='$MotPasse'";
                mysqli_query($link,$recherche);
                $result= mysqli_query($link,$recherche);

                while($row = mysqli_fetch_assoc($result)){

                    $Identifiant = $row["Identifiant_Admin"];
                    $MotPasse = $row["Mdp_Admin"];
                }
                if ($_POST['username'] == $Identifiant['username'] && $_POST['password'] == $MotPasse['password']) {
                $_SESSION['valid'] = true;
                $_SESSION['timeout'] = time();
                $_SESSION['username'] = 'foredeckadmin';
                $msg ='Connexion Réussite';
                echo "
                <script type='text/javascript'>
                    alert('Connexion Réussite');
                    window.location = 'foredeck.php';
                </script>";

                header("refresh:3 location: foredeck.php");
            }
            else if ($_POST['username'] == 'Isabelle' && $_POST['password'] == 'Isabelle1'){
                $_SESSION['valid'] = true;
                $_SESSION['timeout'] = time();
                $_SESSION['username'] = 'foredeckadmin';
                $msg ='Connexion Réussite';
                echo "
                <script type='text/javascript'>
                    alert('Connexion Réussite');
                    window.location = 'foredeck_superadmin.php';
                </script>";

                header("refresh:3 location: foredeck_superadmin.php");
            }


            else {
                $msg='Identifiant ou Mot de Passe incorrecte';
                    $msg = "
                    <script type='text/javascript'>alert('$msg')</script>";
                }
            }
        ?>
    </div> <!-- /container -->

    <div class="container">

        <form class="form-signin" role="form" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">
            <h4 class="form-signin-heading"><?php echo $msg; ?></h4>
            <h1>Foredeck@Admin</h1>
            <h3>Entrer l'identifant et le mot de passe:</h3>
            <input type="text" class="form-control" name="username" placeholder="Identifiant " required autofocus><br/>
            <input type="password" class="form-control" name="password" placeholder="Mot de passe" required>
            <br>

            <button class="btn btn-lg btn-primary btn-block" type="submit" name="login">
                Se connecter
            </button>
        </form>
    </div>
</body>
</html>
Matt
  • 14,906
  • 27
  • 99
  • 149
A.V
  • 141
  • 1
  • 12
  • 1
    in `select` query you meant it to be `Mdp_Admin='$MotPasse'` instead of `Mdp_Admin='MotPasse'` right? – affaz Feb 13 '17 at 11:36
  • well i think i need to store the variables to compare them for log in right ? [a Screenshot to help](https://cdn.discordapp.com/attachments/240225788715204609/280663850485940224/unknown.png) – A.V Feb 13 '17 at 11:37
  • This could be very helpful : http://stackoverflow.com/questions/34358552/login-system-with-mysqli – Masivuye Cokile Feb 13 '17 at 11:38
  • Yes..check your select query where condition..the variable name is $MotPasse ..you missed the $ in it – affaz Feb 13 '17 at 11:38
  • i did correct it and still not working – A.V Feb 13 '17 at 11:39
  • @A.V Check the link provided above..It could help you.. – affaz Feb 13 '17 at 11:44
  • @A.V does it show the incorrect uername or password message? – affaz Feb 13 '17 at 12:13
  • yes exactly as you say , messagincorrect username or password + ( ! ) Warning: Illegal string offset 'username' in C:\wamp\www\Foredeck\login.php on line 102 which is : if ($_POST['username'] == $Identifiant['username'] && – A.V Feb 13 '17 at 12:14
  • @A.V you did not fetch the data..thats not how you retreive data – affaz Feb 13 '17 at 12:17
  • i will edit my post , please take a loot . @affaz – A.V Feb 13 '17 at 12:22
  • @A.V check my answer – affaz Feb 13 '17 at 12:38

2 Answers2

0

This is a system that could help you. Anyway, this isn't the most safe system to use. Basically you have to create a database that will contains any information you need to login into your website/application.

Note that I used $_POST['email'] for the username and $_POST['password'] for the password. 

<?php
session_start();
$host = ''; //HOST OF YOUR DATABASE;
$user = ''; //USERNAME TO ACCESS YOUR DATABASE;
$pass = ''; //PASSWORD TO ACCESS YOUR USERNAME;
$database = ''; //DATABASE TO CONNECT;
$conn = new mysqli($host,$user,$pass,$database);
if(isset($_POST["login"])) {
$email=$_POST["email"];
$sql = "SELECT * FROM users WHERE email='$email'";
$result = $conn->query($sql);
if ($result->num_rows > 0) 
{
while($row = $result->fetch_assoc()) {
    if($row["password"]==md5($_POST["password"])) {
        $_SESSION['your_site_username'] = $row['email'];
        header("Location: YOUR PROFILE PAGE");
    }
    else {
        $error = "Your password is incorrect.";
        echo $error;
    }
}
}
else {
$error = "There is no user with this email.";
echo $error;
}
?>

SECURITY

When you insert a new user into your users' database, you need to hash the password with the MD5 method. I suggest you to activate the magic_quotes_gpc option in the php.ini file, to make sure that you won't be victim of SQL Injection. SQL Injection can be avoided with Type Casting too, this is the documentation : http://php.net/manual/en/language.types.type-juggling.php. This can help you : How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
DamiToma
  • 921
  • 3
  • 9
  • 27
  • why not use `password_hash()` and `password_verify()` for password hashing instead of the old easy to hack md5 – Masivuye Cokile Feb 13 '17 at 11:52
  • @MasivuyeCokile It can be a solution, but as I said at the start, this is a simple script for new PHP users. – DamiToma Feb 13 '17 at 11:58
  • I did edit my post according to yours answers guys , please take a loot. And yes i m new on php. – A.V Feb 13 '17 at 12:02
0

Use mysqli_num_rows to get the count to know whether the user name and password exists

   <?php
          include("bdconnect_Foredeck.php");
          //establishing connection
          $link=mysqli_connect($host,$login,$pass,$dbname); 
          //display error in connection if any 
            if (mysqli_connect_errno())
            {

                echo “MySQLi Connection was not established: ” . mysqli_connect_error();

            }      
          $msg = '';

          if (isset($_POST['login']) && !empty($_POST['username']) && !empty($_POST['password'])) 
          {

          $Identifiant = $_POST["username"];    
          $MotPasse = $_POST["password"];           

          $recherche= "SELECT * FROM admin WHERE Identifiant ='$Identifiant' And Mdp_Admin='$MotPasse'";        

          $result= mysqli_query($link,$recherche);

          $check_user = mysqli_num_rows($result);
          //checks if the username and password exists
            if($check_user>0){


                 $_SESSION['valid'] = true;
                 $_SESSION['timeout'] = time();

                 $msg ='Connexion Réussite';
                 //redirect to admin
                if($_POST['username'] == 'Isabelle' && $_POST['password'] == 'Isabelle1'){
                    $_SESSION['username'] = $Identifiant;
                    echo "<script type='text/javascript'>alert('Connexion Réussite');
                    window.location='foredeck_superadmin.php'; </script>";

                    header("refresh:3 location: foredeck_superadmin.php");
                }
                else
                {
                    //redirect to homepage
                    $_SESSION['username'] = 'foredeckadmin';
                    echo "<script type='text/javascript'>alert('Connexion Réussite');
                    window.location='foredeck.php'; </script>";

                    header("refresh:3 location: foredeck.php");



                }
            }
            else {
                //error message
               $msg='Identifiant ou Mot de Passe incorrecte';
               $msg =  "<script type='text/javascript'>alert('$msg')</script>";
            }
        }
    ?>
affaz
  • 1,191
  • 9
  • 23
  • Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\wamp\www\Foredeck\login.php on line 101 : $row=mysqli_fetch_array($result); @affaz – A.V Feb 14 '17 at 04:26
  • @A.V Check my answer..I have edited..You just have to get the count..P.S.thats not the reason for your error..but this would be simpler for you to start with – affaz Feb 14 '17 at 06:06
  • It's ok i did solve the error already ty anyway @affaz your code is good too . – A.V Feb 14 '17 at 06:09
  • @A.V Thanks...Good luck :) – affaz Feb 14 '17 at 06:12