Im creating a login page. Below code is when user fills in both username

Question

0

Editorial Team

Asked: June 5, 20262026-06-05T07:29:04+00:00 2026-06-05T07:29:04+00:00

Im creating a login page. Below code is when user fills in both username

0

Im creating a login page.
Below code is when user fills in both username & password input fields.

But if I enter username as ‘admin’ and a wrong password, it still accepts it and redirects me to members page.

Please note I have just started into PHP.

$input['user'] = htmlentities($_POST['username'], ENT_QUOTES);
$input['pass'] = htmlentities($_POST['username'], ENT_QUOTES);

if ($stmt = $mysqli->prepare("SELECT * FROM members WHERE username=? AND password=?"))
{
    $stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt']));
    $stmt->execute();
    $stmt->store_result();

    if ($stmt->num_rows > 0)
    {
        //successful login/set session
        $_SESSION['username'] = $input['user'];
        header("Location: members.php");
    }
    else
    {
        $error['alert'] = "Error: Username/password incorrect!";
        include('views/v_login.php');
    }
}
else
{
    echo "Error: Could not prepare MySqli result.";
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T07:29:06+00:00

Editorial Team

2026-06-05T07:29:06+00:00Added an answer on June 5, 2026 at 7:29 am

$input['pass'] = htmlentities($_POST['username'], ENT_QUOTES);

Change to

$input['pass'] = htmlentities($_POST['password'], ENT_QUOTES);

Although, logically this error shouldn’t let you in with a bum password, it should reject any attempt where the password isn’t the same as the username

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Im creating a login page. Below code is when user fills in both username

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply