0

I have been making/learning some PHP, and I successfully made a login form. When I have tried to replicate this, it doesn't work at all.

--MY HTML--

<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
</head>
<body>
    <form method="post" action="login.php">
    <input type="text" name="usrname" placeholder=" Username">
    <br />
    <br />
    <input type="password" name="passwd" placeholder=" Password">
    <br />
    <br />
    <input type="password" name="pin" placeholder=" PIN #">
    <br />
    <br />
    <input type="submit" value="Login">
    </form>
</body>
</html>

--LOGIN.PHP--

<?php
    session_start();
    include('php/db.php');
    $usrname = $_POST['usrname'];
    $passwd = $_POST['passwd'];
    $pin = $_POST['pin'];


    $sql = "SELECT * FROM users WHERE usrname = 'usrname'";
    $query = mysql_query($sql);
    $row = mysql_fetch_array($query);
    $usrnameFromDB = $row['usrname'];
    $passwdFromDB = $row['passwd'];
    $pinFromDB = $row['pin'];

    if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
        echo "Correct";
    } else {
        echo "noooooo"; 
    }
?>

<!DOCTYPE html>
<html>
<head>
    <title>trhhytrh</title>
</head>
<body>

</body>
</html>

P.S. When comparing the codes, there is no major difference apart from the names. Also, the code provided is the one that isn't working. Thanks in advance! :)

Improve this question
12
  • 1
    Stop using deprecated mysql_* API. Use mysqli_* or PDO instead Commented Aug 20, 2016 at 19:25
  • When i am making proper sites, I use mysqli, but this site is for my kids so they can have a bank so if they do chores I will pay them. I am not concerned about security but thanks anyway. Commented Aug 20, 2016 at 19:27
  • 'usrname' guess what you missed here? Commented Aug 20, 2016 at 19:27
  • I intentionally left the 'e' out if thats what you mean. Commented Aug 20, 2016 at 19:29
  • Thanks so much! I missed the $ :) Commented Aug 20, 2016 at 19:33

2 Answers 2

Reset to default
1

As I stated in comments:

WHERE usrname = 'usrname'"; it should read as WHERE usrname = '$usrname'";

You're presently looking/querying for the string literal of "usrname" in your database, rather than the POST array's variable.

Heed the warnings about SQL injection. You should use a prepared statement and a safe password hashing function when your site does go live, such as password_hash().

You should not put that much trust in people.

References:

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Will mark this as the answer when it lets me, I will also be planning on using md5 with a random 6 varchar salt. Also, unsure if it helps but I will also be using 'mysqli_real_escape_string' when my site goes live. Thankyou for the help kind sir!
@Skye You're welcome. I suggest you not use MD5 as it is no longer considered safe to use as a password storage method. Read the following security.stackexchange.com/questions/19906/… it outlines the reasons.
0

Try this:

Change this in html

<input type="submit" name="submit" value="Login">

Then in php

<?php
session_start();
include('php/db.php');
if(isset $_POST['submit']){
$usrname = $_POST['usrname'];
$passwd = $_POST['passwd'];
$pin = $_POST['pin'];


$sql = "SELECT * FROM users WHERE usrname = '$usrname'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
$usrnameFromDB = $row['usrname'];
$passwdFromDB = $row['passwd'];
$pinFromDB = $row['pin'];

if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
    echo "Correct";
} else {
    echo "noooooo"; 
}
}//End of if

else
{
echo "Form is not submitted";
}
?>

You have not submitted the form. PS you have commited a mistake in your query. You were not using variable there

Improve this answer

2 Comments

I never knew the 'isset($_POST['submit'])' was a thing. I will be using this in all of my future sites, Thanks!
I think its better practice to wrap all of your form elements in single condition.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.