Try to search your question here, if you can't find : Ask Any Question Now ?

PHP not checking if users exists and sending directly to profile page

HomeCategory: stackoverflowPHP not checking if users exists and sending directly to profile page
kundan asked 2 weeks ago

I’m creating a login page but when I login it appears that the existence of the user/passwords it’s not done, sending any input to the profile page.

I’m using PHP and MySQL. I’ve tried to redo the form, I checked all my code and it seems to be written do what I want.

I’m fairly new to PHP and MySQL, so I might be missing something.

This is the form code:

<form style="margin-top:40px;" action="includes/login.inc.php" method="post">
                <div class="form-group mb-3">
                <div class="input-group input-group-alternative">
                <div class="input-group-prepend">
                  <span class="input-group-text"><i class="ni ni-circle-08"></i></span>
                </div>
               <input class="form-control" id="name" name="username" placeholder="Utilizador" type="text">
             </div>
             </div>
             <div class="form-group">
             <div class="input-group input-group-alternative">
             <div class="input-group-prepend">
               <span class="input-group-text"><i class="ni ni-lock-circle-open"></i></span>
             </div>
               <input class="form-control" id="password" name="password" placeholder="Password" type="password">
             </div>
             </div>
             <div class="custom-control custom-control-alternative custom-checkbox">
             <div class="text-center">
               <input class="btn btn-primary my-4" name="submit" type="submit" value=" Login ">
              </form>

And this is the login.inc.php code:

<?php

  include_once 'db.inc.php';

    session_start();
    $error = '';
    if (isset($_POST['submit'])) {
      if (empty($_POST['username']) || empty($_POST['password'])) {
        $error = "Username or Password is invalid";
      }
      else{

        $username = $_POST['username'];
        $password = $_POST['password'];

        $query = "SELECT username, password FROM users where username=? AND password=? LIMIT 1";

        $stmt = $conn->prepare($query);
        $stmt->bind_param("ss", $username, $password);
        $stmt->execute();
        $stmt->bind_result($username, $password);
        $stmt->store_result();
        if($stmt->fetch())
          $_SESSION['login_user'] = $username;
        header("location: ../profile.php");
      }
      mysqli_close($conn);  
    }
?>

Anything I input, even if it’s not on the user database, gets redirected to the profile.php page.

1 Answers
Best Answer
Arben answered 2 weeks ago
Your Answer

1 + 11 =

Popular Tags

WP Facebook Auto Publish Powered By : XYZScripts.com