Kanchan186's avatar

why users details not fetch properly from table there is no error please check my logic once.

table: users

db.php

<?php
session_start();
$servername = "localhost";
$username = "root";
$password = " ";
$database = "test";

// Create connection
$conn = mysqli_connect("localhost", "root","", "test");

// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
?>

login.html


<div class="container">
    <form method="post" action="login.php">
        <div id="div_login">
            <h1>Login</h1>
            <div>
                <input type="text" class="textbox" id="username" name="username" placeholder="Username" />
            </div>
            <div>
                <input type="text" class="textbox" id="email" name="email" placeholder="Email"/>
            </div>
            <div>
                <input type="password" class="textbox" id="password" name="password" placeholder="Password"/>
            </div>
            
            <div>
                <input type="submit" value="Submit" name="but_submit" id="but_submit" />
            </div>
        </div>
    </form>
</div>

login.php

<?php
include "db.php";

if(isset($_POST['but_submit'])){

    $username = mysqli_real_escape_string($conn,$_POST['username']);
    $email = mysqli_real_escape_string($conn,$_POST['email']);
    $password = mysqli_real_escape_string($conn,$_POST['password']);


    if ($username != "" && $password != "" && $email !=""){

      //  $sql_query = "select count(*) as cntUser from users where username='".$username." 'email='".$email." 'password='".$password."'";
        
        $sql = "select * from users";
        $result = mysqli_query($conn,$sql);
       
       while($row = mysqli_fetch_array($result))
{
      $username = $row['username'];
      $email = $row['email'];
      $password = $row['password'];
}



        //$row = mysqli_fetch_array($result);

        $count = $row['cntUser'];

        if($count > 0){
            $_SESSION['username'] = $username;
            header('Location: home.php');
        }else{
            echo "Invalid username and password";
        }

    }

}

home.php


<?php
include "db.php";

// Check user login or not
if(!isset($_SESSION['username'])){
    header('Location: index.php');
}

// logout
if(isset($_POST['but_logout'])){
    session_destroy();
    header('Location: index.php');
}
?>
<!doctype html>
<html>
    <head></head>
    <body>
        <h1>Homepage</h1>
        <form method='post' action="">
            <input type="submit" value="Logout" name="but_logout">
        </form>
    </body>
</html>

output:

0 likes
1 reply
automica's avatar

@kanchan186 your error relates to the fact your logic is screwed.

        $sql = "select * from users";
        $result = mysqli_query($conn,$sql);

you are getting all users (no query to try and match against any input data)

       while($row = mysqli_fetch_array($result))
{
      $username = $row['username'];
      $email = $row['email'];
      $password = $row['password'];
}

looping through all records and only setting your variables on the last loop.

you are overriding the 3 variables you've passed in via your $_POST

        $count = $row['cntUser'];

and then trying count a field which doesn't exist.

As it stands there's no checking against user credentials and there's no security either.

Not withstanding your data is wrong as you've got your '12345' password in your email column and your email address in your password column.

i would recommend you step back from your code, and have a read of https://www.tutorialrepublic.com/php-tutorial/php-mysql-login-system.php

which will give you a much better grounding for your login system if you choose not to use laravels Auth

Please or to participate in this conversation.