Skye Skye - 3 months ago 14
PHP Question

PHP login forms not working

I have been making/learning some php, and I successfully made a login form. When i have tried to replicate this, it doesn't work at all.

--MY HTML--

<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="login.php">
<input type="text" name="usrname" placeholder=" Username">
<br />
<br />
<input type="password" name="passwd" placeholder=" Password">
<br />
<br />
<input type="password" name="pin" placeholder=" PIN #">
<br />
<br />
<input type="submit" value="Login">
</form>
</body>
</html>


--LOGIN.PHP--

<?php
session_start();
include('php/db.php');
$usrname = $_POST['usrname'];
$passwd = $_POST['passwd'];
$pin = $_POST['pin'];


$sql = "SELECT * FROM users WHERE usrname = 'usrname'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
$usrnameFromDB = $row['usrname'];
$passwdFromDB = $row['passwd'];
$pinFromDB = $row['pin'];

if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
echo "Correct";
} else {
echo "noooooo";
}
?>

<!DOCTYPE html>
<html>
<head>
<title>trhhytrh</title>
</head>
<body>

</body>
</html>


P.S When comparing the codes, there is no major difference apart from the names. Also the code provided is the one that isnt working. Thanks in advance! :)

Answer

As I stated in comments:

WHERE usrname = 'usrname'"; it should read as WHERE usrname = '$usrname'";

You're presently looking/querying for the string literal of "usrname" in your database, rather than the POST array's variable.

Heed the warnings about SQL injection. You should use a prepared statement and a safe password hashing function when your site does go live, such as password_hash().

You should not put that much trust in people.

References: