0

Basically I have this form that asks for email and password.

What I want to do is to compare and check if the inputs match with the data from my table/database.

This is my registration.php (the form)

<form action="Authentication.php" method="post">

    <b>Returning Intern Login</b><br/><br/>
    Enter your e-mail address: <input type="text" name="email" /><br/><br/>
    Enter your password: <input type="password" name="pw2"/><br/><i>(Passwords are case-sensitive and must be 6 characters long)</i><br/><br/>

    <input type="reset" value="Reset Login Form" />
    <input type="submit" name="submit2" value="Log In" /><hr/><br/>

</form>

and this is the Authentication.php

session_start();

$link = mysqli_connect('localhost','root','');
$database = mysqli_select_db($link,'internship');

$user = $_POST['email'];
$pass = $_POST['pw2'];


// User is logging in
if (isset($_POST["submit2"]))
{
    if (empty ($user)) //if username field is empty echo below statement
    {
        echo "<font color='red'>***You must enter your unique username (email).***</font><br/><br/>";

    }
    if (empty ($pass)) //if password field is empty echo below statement
    {
        echo "<font color='red'>***You must enter your unique password.***</font><br/><br/>";
    }

}
else
{   

    $query = "SELECT * FROM Interns WHERE email = '". mysqli_real_escape_string($link,$user) ."' AND password = '". mysqli_real_escape_string($link,$pass) ."'" ;
    $result = mysqli_query($link,$query);
    if (mysqli_num_rows($result) == 1) 
    {
        echo "pass"; //Pass, do something
    } 
    else 
    {
        echo "fail"; //Fail
    }

}

session_write_close();

It works with the empty inputs.

But when I gave an email and password exactly same from the database/table,

It displays white blank page..

New
  • 675
  • 1
  • 11
  • 21
javaMan1995
  • 51
  • 1
  • 1
  • 12

2 Answers2

3

You need to write the entire code within an if statement to ensure the field is filled in, like so:

 if (isset($_POST["submit2"]))
 {
    if (empty ($user)) //if username field is empty echo below statement
     {
       /* Code */

     }
     if (empty ($pass)) //if password field is empty echo below statement
     {
       /* Code */
     }

     $query = "SELECT * FROM Interns WHERE email = '". mysqli_real_escape_string($link,$user) ."' AND password = '". mysqli_real_escape_string($link,$pass) ."'" ;
     $result = mysqli_query($link,$query);
     if (mysqli_num_rows($result) == 1) 
      {
        echo "pass"; //Pass, do something
      } 
       else 
      {
        echo "fail"; //Fail
      }

 }
 else
 {
     echo "Empty input submit2"; // empty $_POST["submit2"]
 }

Hope this helps.

Hugo Pakula
  • 385
  • 2
  • 4
  • 17
Indrasis Datta
  • 8,692
  • 2
  • 14
  • 32
0

Mysqli takes 4 parameters hostname,username,password, and dbname:

<?php
    session_start();

    $link = mysqli_connect('localhost','root','','internship');





    // User is logging in
    if (isset($_POST["submit2"]))
    {
    $user = $_POST['email'];
    $pass = $_POST['pw2'];
        if (empty($user)) //if username field is empty echo below statement
        {
            echo "<font color='red'>***You must enter your unique username (email).***</font><br/><br/>";

        }
        else if (empty ($pass)) //if password field is empty echo below statement
        {
            echo "<font color='red'>***You must enter your unique password.***</font><br/><br/>";
        }   
    else
    {   
   $query = "SELECT * FROM Interns WHERE email = '". $user ."' AND password = '".$pass."'" ;
        $result = mysqli_query($link,$query);
        if (mysqli_num_rows($result) == 1) 
        {
            echo "pass"; //Pass, do something
        } 
        else 
        {
            echo "fail"; //Fail
        }

    }

    session_write_close();
    ?>
Adriaan
  • 17,741
  • 7
  • 42
  • 75
debasish
  • 735
  • 1
  • 9
  • 14