Muhd Elyas Bin Mohamed Muhd Elyas Bin Mohamed - 19 days ago 6
MySQL Question

Php login "Invalid username and password" using mysql

I got 3 pages: success.html, login.php, checklogin.php. I also create a mysql database table called userInfo. The table "userInfo consist of 3 user: David, Jane, Richard. When I input the username and password using user David from userInfo then it direct to success.html and it will say "Login success". But when I input Mary for my username and mary for my password, it does not show me the message "Invalid Username and Password". The right output should have the message appeared on my browser because user Mary does not exist in the userInfo. But I don't know how to fix the problem.

Mysql Database "userInfo" :

show database

Success.html :

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Login Success Page - 156020K</title>
</head>

<body>
Login Success!!
</body>
</html>


Login.php :

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
</head>

<body>

<?php
$url="http://localhost/156020K/Lab5?link=login.php";

if(isset($_GET['link']))
{
echo "Invalid Username and Password";
}
?>


<form action="checklogin.php" method="post">
Username: &nbsp;
<input type="text" name="uname">

<br/>
<br/>

Password: &nbsp;
<input type="password" name="pw">

<br />
<br />

<input type="submit" value="Login">

</form>



</body>
</html>


Checklogin.php :

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Check login</title>
</head>

<body>
<?php


if(isset($_POST["uname"]))
{
$u=$_POST['uname'];
$p=$_POST['pw'];

$conn=mysqli_connect("localhost", "root", "" , "db156020K");
$sql = "SELECT * FROM userInfo WHERE name='" .$u. "' AND pass='" .$p. "' ";
$search_result=mysqli_query($conn, $sql);

$userfound=mysqli_num_rows($search_result);


if($userfound >= 1)
{
header("Location: success.html");
}
else
{
header("Location: login.php");
}


}

mysqli_close($conn);

?>



</body>
</html>


And the url should have request from the specified resource then it will passed back to login page when the authentication fails, it should be like this "../login.php?uname=Mary&pw=mary"

My Output:

click output <--- Does not show the invalid message when the username and password does not create from the userInfo mysql database

Answer

Well, in your login.php file, you use :

if(isset($_GET['link']))
{
    echo "Invalid Username and Password";
}

to echo the error message, but in your checklogin.php file, you use :

header("Location: login.php");

to redirect if the login fails.

There is no $_GET parameter here, hence your error message will never bbe displayed. Try something like this for the redirect :

header("Location: login.php?link=whatever");

EDIT : Just saw this :

And the url should have request from the specified resource then it will passed back to login page when the authentication fails, it should be like this "../login.php?uname=Mary&pw=mary"

For this to happen, you have to use this redirect :

header("Location: login.php?uname=" . $u . "&pw=" . $p);

And check for these parameters in your login.php :

if(isset($_GET['uname']) && isset($_GET['pw']))
{
    echo "Invalid Username and Password";
}

But keep in mind that it's never a good idea to send passwords, even wrong ones, by $_GET.

Comments