misdirection misdirection - 5 months ago 13
PHP Question

php login - something wrong with the validation in fields

I have a problem with my login form, because if I put some text in password field and empty in the user/email field it the form will execute and redirect to index page.

this the site
http://www.itbotics.com/login.php

other validations is ok, I just want to make it safe.
thanks

this is my code

if ($user == $email && $pass = $password) {
session_start();
$_SESSION['mysesi'] = $name;
$_SESSION['user'] = $user;
echo "<script>window.location.assign('index.php')</script>";
} elseif (empty($email) || empty($password)) {
?>
<div class="alert alert-danger alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<strong>Warning!</strong> Please fill out all fields.
</div>
<?php
} else {
?>
<div class="alert alert-danger alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<strong>Warning!</strong> Incorrect combination of Email Address and Password.
</div>
<?php
}
}

Answer

I got it, maybe solution of your problem is here

if ($user == $email && $pass = $password) {

It should be:

if ($user == $email && $pass =**=** $password) {
Comments