I've been stuck on this issue for 3 days now. I'm trying to make a login form (I've already created a register form) and the database is working too. But now while I'm trying to make the login form, I've noticed that PHP only takes the last row from the database.
As you can clearly see in the first picture, my database has 3 records.
But when I try to log in on my account, it only lets me log in to the most recently created account, and not the others. Here's my current code:
<div >
<form method="POST">
<p style="float:left;">
<input type="email" maxlength="40" name="login-email" id="login-email" placeholder="email" required><span style="color: red;"> *</span><br><br>
<input type="password" maxlength="32" name="login-passw" id="login-passw" placeholder="password" required><span style="color: red;"> *</span><br><br>
<input type="submit" name="login-btn">
</p>
<?php
$email = $_POST["login-email"];
$passw = $_POST["login-passw"];
$encrypted_passw = md5($passw);
$sql = "SELECT id, email, passw FROM users";
$result = $db->query($sql);
// if (isset($_POST["login-btn"])) {
// if ($_POST["login-email"] == $result["email"]) {
// echo "<p>Logged in</p>";
// } else {
// echo "<p>wrong</p>";
// }
// }
while ($row = $result->fetch_assoc()) {
$get_email = $row["email"];
$get_usr = $row["username"];
$get_passw = $row["passw"];
}
if (isset($_POST["login-btn"])) {
if ($_POST["login-email"] == $get_email && $encrypted_passw == $get_passw) {
echo "<p>Logged in</p>";
} else {
echo "<p> wrong</p>";
}
}
?>
</form>
</div>
CodePudding user response:
Try this. First of all I would place the php code above the HTML.
You only need to listen the post param login-btn. Read the other post data into vars and confirm its there before proceeding.
When you poll the DB you dont need to read every record (imagine you have thousands of records, you wouldn't want to pull them all down). Just filter for the supplied email with a where clause.
If the email exists it will return a result with the hashed password. Verify this matches and you are good to go.
The issue you're having where the last record in the db is beiung used is becuase in your loop, you are overwriting the var $get_email each time.
<?php
if (isset($_POST["login-btn"])) {
$email = (isset($_POST["login-email"]) ? $_POST["login-email"] : '');
$passw = (isset($_POST["login-passw"]) ? $_POST["login-passw"] : '');
if($email != "" && $passw != ""){
$encrypted_passw = md5($passw);
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
$stmt = $mysqli->prepare("SELECT email, passw FROM users where email = ?");
$stmt->bind_param($email);
$stmt->execute();
while ($row = $result->fetch_row()) {
$get_passw = $row["passw"];
if($encrypted_passw == $row['passw']){
echo "logged in";
}else{
echo 'no match';
}
}
}
}
?>
<div >
<form method="POST">
<p style="float:left;">
<input type="email" maxlength="40" name="login-email" id="login-email" placeholder="email" required><span style="color: red;"> *</span><br><br>
<input type="password" maxlength="32" name="login-passw" id="login-passw" placeholder="password" required><span style="color: red;"> *</span><br><br>
<input type="submit" name="login-btn">
</p>
</form>
</div>
CodePudding user response:
change your query to this
"SELECT id, email, passw FROM users where email='".$row["email"]."' and password= '".$row["password"]."'"
you do not need to use foreach for all rows this query return only one row that you need
CodePudding user response:
Gottem! I was using array's instead of values
<?php
session_start();
include_once "../php/db_connect.php";
if (isset($_POST["login-btn"])) {
$email = $_POST["email"];
$passw = $_POST["passw"];
$encrypted = md5($passw);
$sql = "SELECT * FROM users WHERE email = '". $email ."'";
$result = $db->query($sql);
$get_result = $result->fetch_assoc();
if ($encrypted == $get_result["passw"]) {
echo "<p>Logged in!</p>";
$_SESSION["username"] = $get_result["username"];
$_SESSION["id"] = $get_result["id"];
$_SESSION["email"] = $get_result["email"];
Header("Location:../../../");
} else {
echo "<p>Error</p>";
}
}
?>