Home/ Questions/Q 8156363
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T16:55:57+00:00

I have a database set up with email and password, I’m trying to use

  • 0

I have a database set up with email and password, I’m trying to use the code below to check the username(email) and password to make sure they’re correct and if they are send them to /cms if they don’t match, a pop up box comes up. I’m only getting pop up to work. Can you see any issues that would be causing that?

session_start();

require_once("../mydbpassword.php");
if($_POST['username']) {

$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM agents WHERE email = '$username' AND pword = '$password'";
$result = mysqli_query($mysqli,$sql);

$email = $row['email'];
$pword = $row['pword'];

if(($username != $email) || ($password != $pword)) {
echo'<script type="text/javascript">
    window.alert("Your login information is wrong, try again!");
    window.location="/cms/login"
    </script>';
}
else {
$row = mysqli_fetch_assoc($result);
$_SESSION['admin'] = $row['$email'];
header("Location: /cmsS");
exit();

}
  }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The variable could be set but empty.

    if($_POST['username'])

    by

    if (!empty($_POST['username']))

    Prevent MySQL injections, fetch only the password.

    $sql = "SELECT * FROM agents WHERE email = '$username' AND pword = '$password'";

    by

    $sql = 'SELECT password FROM agents WHERE email = "'.mysql_real_escape_string($username).'"';

    Proper MySQL string association

    $result = mysqli_query($mysqli,$sql);

    by

    $result = mysqli_fetch_assoc(mysqli_query($mysqli,$sql));

    And a check that actually make sense

    if ($password != $pword || empty($pword)) {
    echo'<script type="text/javascript">
    window.alert("Your login information is wrong, try again!");
    window.location="/cms/login"
    </script>';
}
    • 0