0

The select query does not want to work. It goes directly to the login failed although I have enter the correct password.

I tried from another database and it works but from this table it does not want to work.

Another thing is whenever I start XAMPP it shows key _ buffer.

Is that what prevents my query from working?

Below is my code. Hoping from some help from you developers.

<?php 
session_start();
$_SESSION['message']=''; 
$mysqli=new MySQLi('127.0.0.1','root','','learning_malaysia');

if(isset($_POST['login'])) {
    $username = $mysqli->real_escape_string($_POST['username']);
    $password = md5($_POST['password']);
    $sql="SELECT * FROM tutor_register WHERE username='$username' AND password='$password' LIMIT 1;";
    $result = mysqli_query($mysqli,$sql);

    if(mysqli_num_rows($result) > 0){
        $row = mysqli_fetch_array($result);
        if (($row['username']=='sithi') && ($row['password']=='202cb962ac59075b964b07152d234b70')){
            $_SESSION['user_type'] = $row;
            $_SESSION['password'] = $row;
            $_SESSION['message'] =  "Registration successful!";
            header("location:myresuming.html");
            exit();

        } else {
            $_SESSION['username'] = $row['username'];
            $_SESSION['profile'] = $row['profile'];
            $_SESSION['message'] =  "Registration successful!";
            header("location:Welcome.php");
            exit();
        }

    } else {
        $_SESSION['message'] = "Login Failed!"; 
    }
} 

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>form in Design</title>
<link rel="stylesheet" type="text/css" href="mystyle.css" />
<link rel="stylesheet" type="text/css" href="form.css" />
</head>
<body>
<div class="container"><?=$_SESSION['message']?>
<img src="5.jpg" />
<form class="form" action="" method="post" enctype="multipart/form-data" autocomplete="off">
      <div class="alert alert-error"></div>
      <input type="text" placeholder="User Name" name="username" required />
      <input type="password" placeholder="Password" name="password" autocomplete="new-password" required />
 <input type="submit" name="login" value="login" class="btn-login" />

</form>
</div>
</body>
</html>
Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
Almira Enterprise
  • 23
  • 3
  • 3
    [md5 passwords are a bad idea](https://security.stackexchange.com/questions/19906/is-md5-considered-insecure). [`SELECT * FROM` is not a good idea](https://stackoverflow.com/questions/3639861/why-is-select-considered-harmful). You are assigning the `$row` to `$_SESSION['user_type']` and to `$_SESSION['password']`, why? You are not checking `$_SESSION['message']` for embedded HTML. You may be doing this when adding to the DB. – Tigger Jun 09 '18 at 07:19
  • Good afternoon , As you are new to php code, In previous question you ask about the connection between register and login page issue. The issue was solved as you applied as follow the instruction. Now you try again it,the select query didnt want to work **because you are always assinging** `$_SESSION['message']='';` – Niklesh Raut Jun 09 '18 at 07:21
  • 1
    [Your password is `123`](http://md5decrypt.net/en/) Right ? – Niklesh Raut Jun 09 '18 at 07:24
  • thanks alot.. I m using md5 because its a trial that y.. yeah ur correct my passwrd is tht.. i try to do without assigning $_Session . thanks a lot – Almira Enterprise Jun 09 '18 at 08:31
  • i try rdy without assinging $_SESSION['message']=''; it still nt yet work :( – Almira Enterprise Jun 09 '18 at 13:02

1 Answers1

0
<?php 
session_start();
$_SESSION['message']=''; 
$mysqli=new MySQLi('127.0.0.1','root','','learning_malaysia');

if(isset($_POST['login'])) {
    $username = $mysqli->real_escape_string($_POST['username']);
    $password = md5($_POST['password']);
    $sql="SELECT * FROM tutor_register WHERE username='$username' AND password='$password' LIMIT 1;";
    $result = mysqli_query($mysqli,$sql);

    if(mysqli_num_rows($result) > 0){
        $row = mysqli_fetch_array($result);
        if (($row['username']=='sithi') && ($row['password']=='202cb962ac59075b964b07152d234b70')){
            $_SESSION['user_type'] = $row['user_type'];
            $_SESSION['password'] = $row['password'];
            $_SESSION['message'] =  "Registration successful!";
            header("location:myresuming.html");
            exit();

        } else {
            $_SESSION['username'] = $row['username'];
            $_SESSION['profile'] = $row['profile'];
            $_SESSION['message'] =  "Registration successful!";
            header("location:Welcome.php");
            exit();
        }

    } else {
        $_SESSION['message'] = "Login Failed!"; 
    }
} 
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>form in Design</title>
<link rel="stylesheet" type="text/css" href="mystyle.css" />
<link rel="stylesheet" type="text/css" href="form.css" />
</head>
<body>
<div class="container"><?php echo $_SESSION['message']; ?>
<img src="5.jpg" />
<form class="form" action="" method="post" enctype="multipart/form-data" autocomplete="off">
      <div class="alert alert-error"></div>
      <input type="text" placeholder="User Name" name="username" required />
      <input type="password" placeholder="Password" name="password" autocomplete="new-password" required />
 <input type="submit" name="login" value="login" class="btn-login" />

</form>
</div>
</body>
</html>

try this.

Deepak Vaishnav
  • 357
  • 3
  • 15