Home/ Questions/Q 8205223
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T08:09:08+00:00

I have a login form and when I get to the page, it gives

  • 0

I have a login form and when I get to the page, it gives me automatically the alert message. I havn’t put the username and password info yet.
Here is the page that does the verification of the login form input, Please see why it is behaving like that?

<?
session_start();
include "config.php";

if(isset($_SESSION["login_user"]) AND isset($_SESSION['pass_user'])){
    $login_user = $_SESSION["login_user"];
    $pass_user = $_SESSION["pass_user"];

$sql = mysql_query("SELECT * FROM adm WHERE login = '$login_user'");
$cont = mysql_num_rows($sql);
while($linha = mysql_fetch_array($sql)){
    $pass_db = $linha['pass'];
}

if($cont == 0){
    unset($_SESSION["login_user"]);
    unset($_SESSION["pass_user"]);

    echo "
    <META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
    <script type=\"text/javascript\">
    alert(\"Name of user dont match.\");
    </script>";

}

if($pass_db != $pass_user){//check pass

    unset($_SESSION["login_user"]);
    unset($_SESSION["pass_user"]);

    echo "
    <META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
    <script type=\"text/javascript\">
    alert(\"Password dont match.\");
    </script>";

}

}else{

    echo "
    <META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
    <script type=\"text/javascript\">
    alert(\"User and password dont match.\");
    </script>";

}

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I guess you have just misplaced an else:

    <?
session_start();

include "config.php";

if(isset($_SESSION["login_user"]) AND isset($_SESSION['pass_user'])){

    $login_user = $_SESSION["login_user"];
    $pass_user = $_SESSION["pass_user"];

$sql = mysql_query("SELECT * FROM adm WHERE login = '$login_user'");
$cont = mysql_num_rows($sql);
while($linha = mysql_fetch_array($sql)){
    $pass_db = $linha['pass'];
}

if($cont == 0){

    unset($_SESSION["login_user"]);
    unset($_SESSION["pass_user"]);

    echo "
    <META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
    <script type=\"text/javascript\">
    alert(\"Name of user dont match.\");
    </script>";

}

if($pass_db != $pass_user){//check pass

    unset($_SESSION["login_user"]);
    unset($_SESSION["pass_user"]);

    echo "
    <META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
    <script type=\"text/javascript\">
    alert(\"Password dont match.\");
    </script>";

}else{

    echo "
    <META HTTP-EQUIV=REFRESH CONTENT='0; URL=login.php'>
    <script type=\"text/javascript\">
    alert(\"User and password dont match.\");
    </script>";

}
}
?>

    However, As mentioned by @David, you should not specify that only password is wrong.

    • 0