LOGIN FORM not working.

Trying to create login form using php and html.

if password and username does not match then is supposed to get alert ( username or password not match)

but if it matches it supposed to ECHO the row

I can connect to database but rest of stuff is not working.

I had created database in Myphpadmin ...

Databasase Name = Truckschool
TableName = Admin
3 columns = 1. Id
                       2. username
                       3. password
Attached you will find the file. Please let me know where I am screwing up.

Thanks Alot !!
Dbconnection.php
Index.php
login.php
Roger GillManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gr8gonzoConsultantCommented:
There is no file attached.
0
Roger GillManagerAuthor Commented:
Thanks 8r8gonzo

files are uploaded and apologize for inconvenience.
0
Julian HansenCommented:
There are many things you can improve on with this script

1. Don't place your post variables directly into the script
2. Use prepared statements not strings with variables - you are opening yourself up to an SQL injection attack
3. Don't put your validation code in your login - either post to a dedicated PHP script to validate and then load the response or AJAX the request
4. Your field names in your query are in single quotes (') instead of backtics (`)
As you have it you are posting to the same page then outputing JavaScript which is clumsy

I would rather do it like this
The following requires the jQuery library to be installed
$(function() {
   $('form').submit(function(e) {
        e.preventDefault();
        $('.error').html('');
        var data = $(this).serialize();
        $.ajax({
            url: 'login.php',
            type: 'POST',
            data: data,
            dataType: 'JSON'
        }).then(function(resp) {
           if (resp.status) {
              window.location = 'index.php';
           }
           else {
              // alert('Invalid username / password');
              // My preference
              $('.error').html('Invalid username or password');
           }
        });

   })
});

Open in new window

Now in your login.php
<?php
session_start();
$username = isset($_POST['username']) ? $_POST['username'] : false;
$password = isset($_POST['password']) ? $_POST['password'] : false;

$result = new stdClass;
$result->status = false;

if ($username && $password) {
  $query = <<< QUERY
SELECT * FROM `admin` WHERE `username`=? AND `password`=?
QUERY;
// HERE WE WANT TO HASH THE PASSWORD YOU DON'T WANT TO STORE THE
// PASSWORDS IN PLAIN TEXT IN YOUR DB
// I AM GOING TO PROCEED AS YOU HAVE FOR ILLUSTRATION PURPOSES BUT
// PLEASE LOOK INTO SALTING AND HASHING PASSWORDS SPECIFICALLY LOOK
// AT THE password_hash() AND password_verify() PHP FUNCTIONS

  $stmt = mysqli_prepare($con, $query);
  if ($stmt) {
      mysqli_stmt_bind_param($con, "ss", $username, $password);
      mysqli_stmt_execute($stmt);
      if (mysqli_stmt_num_rows($stmt) > 0) {
         $result->status = true;
         // SET YOUR SESSION TO MARK THAT YOU ARE LOGGED IN
         $_SESSION['loggedStatus'] = true; // LATER YOU CAN SET THIS TO A USER OBJET
         // YOU MIGHT WANT TO SET A COOKIE HERE AS WELL
      }
  }
}

die(json_encode($result));

Open in new window

I have typed this code up without testing it as I am not in a position to do any testing. The logic should be sound - there may be a few typos but this outlines the basic pattern for doing an AJAX authentication.

Please note the comments on hashing and saliting. The two functions you want to familiarize yourself with are.
password_hash()
password_verify()

Personally I prefer the Object Oriented version of MySQLi.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mohan singhWeb developerCommented:
I hope it will help you

<?php
include ('Dbconnection.php') ;
if(isset($_POST['login']))
{
	$username = $_POST['username'];
	$password = $_POST['password'];

	$qry= "SELECT * FROM `admin` WHERE username='$username' AND password='$password'" ;
	$run= mysqli_query($con,$qry);
	$row= mysqli_num_rows($run);
	if($row>0)
	{
		 
	echo "<script>alert('Welcome '); window.location.href='dashboard.php'; </script>";
	 
	}
	else
	{
		echo "<script>alert('User Name And Password is Incorrect'); window.location.href='login.php'; </script>";
	}
}
?>

Open in new window

Thank You
0
Roger GillManagerAuthor Commented:
Thanks all God Bless You !!!
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
HTML

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.