Home/ Questions/Q 7746835
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T10:22:54+00:00

Following is my php login script, There are one problem. If i put any

  • 0

Following is my php login script, There are one problem. If i put any password then it’s doesn’t validate the password and it’s going to user panel page. where is the wrong in my code, can anyone tell me the right direction

N:B: I’M NEW IN PHP ALSO NEW IN THIS SITE.

<?php
if(isset($_POST['action']) && isset($_POST['action']) == 'Log In')
{
$uname = mysql_real_escape_string(trim(htmlspecialchars($_POST['uname']))); 
$pass = mysql_real_escape_string(trim(htmlspecialchars($_POST['pass'])));   

$crytpass = hash('sha512','$pass'); 
$err = array();

include_once("toplevel/content/manage/dbcon/dbcon.php");

// check username 
$check_uname = mysql_query("SELECT uname FROM members WHERE uname = '$uname'");
$num_uname = mysql_num_rows($check_uname);

// check password
$check_pass = mysql_query("SELECT pass FROM members WHERE pass = '$crytpass'");
$num_pass = mysql_num_rows($check_pass);

/// userid

$userid = mysql_query("SELECT userid FROM members");    
$re = mysql_fetch_array($userid);
$userid = (int) $re['userid'];


if(isset($uname) && isset($pass))
{
    if(empty($uname) && empty($pass))   
        $err[] = "All field required";  
    else
    {
        // username validation process....

        if(empty($uname))
            $err[] = "Username required";
        else
        {
            if($num_uname == 0)         
            $err[] = "Username is not correct";
        }

        // password validaiton process...

        if(empty($pass))
            $err[] = "Password required";               
        else
        {
            if($num_pass == 0)
            $err[] = "Password is not correct";         
        }

    }
}

if(!empty($err))
{
    foreach($err as $er)
    {
        echo "<font color=red>$er<br></font>";
    }   
}
else
{   
     include("user/include/newsession.php");                   
         header("Location:user/index.php");                     

}

}
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So many thing are wrong here

    Replace 

    if (isset ( $_POST ['action'] ) && isset ( $_POST ['action'] ) == 'Log In') {

    With 

    if (isset ( $_POST ['action'] ) &&  $_POST ['action'] == 'Log In') {

    Too many things to replace .. hold on while i rewrite the script for you

    Edit 1

    if (isset ( $_POST ['action'] ) && $_POST ['action'] == 'Log In') {
    $uname = prepareStr ( $_POST ['uname'] );
    $pass = prepareStr ( $_POST ['pass'] );
    $shaPass = hash ( 'sha512', $pass );
    $errors = array ();

    include_once ("toplevel/content/manage/dbcon/dbcon.php");

    if (! isset ( $uname ) || empty ( $uname )) {
        $err [] = "Empty Username not allowed";
    }

    if (! isset ( $pass ) || empty ( $pass )) {
        $err [] = "Empty Password not allowed";
    }

    if (count ( $err ) == 0) {
        $mysqli = new mysqli ( "localhost", "root", "", "test" ); // Replace with
                                                                  // DB
                                                                  // Information
        $result = "SELECT uname ,pass FROM members WHERE uname = '$uname' AND pass = '$shaPass'";

        if ($result->num_rows > 0) {
            $err [] = "Invalid username or Password";
        }

        if (count ( $err ) == 0 && $result) {
            $userInfo = $result->fetch_assoc ();
        /**
         * You can do what every you like here
         */
        }
    }

    if (count ( $err ) > 0) {
        /**
         * Kill the user
         */

        echo "<pre>";

        foreach ( $err as $value ) {
            echo $value . "\n";
        }
        die ( "Die! Die! Die!" );
    }

}

function prepareStr($str) {
    $str = htmlspecialchars ( $str );
    $str = trim ( $str );
    $str = mysql_real_escape_string ( $str );

    return $str;
}

    Thanks

    • 0