0

I have been following an android tutorial and it involves linking up the android app to your database. The android bit is working just fine apart from the login part which i think is being caused by a problem in the PHP script.Here is the PHP code:

<?PHP
include_once("conn.php");
if (isset($_POST['txtUsername']) && isset($_POST['txtPassword']))
{
    $username = $_POST['txtUsername'];
    $password = $_POST['txtPassword'];

    $query = "SELECT username, password FROM tbl_client " .
        " WHERE username = '$username' AND password = '$password'";

    $result = mysqli_query($conn, $query);

    if ($result->num_rows > 0)
    {

        if (isset($_POST['mobile']) && $_POST['mobile'] == "android")
        {
            echo "success";
            exit;
        }
        echo "login successful";
    } //header("location: index.php"); //replace login.php with your url
    else
    {
        echo "Login Failed <br/>";
    }
}

Android code is below

@Override
    public void processFinish(String result) {
        if (result.equals("success")){
            Intent intent=new Intent(this,Homepage.class);
            startActivity(intent);
        }
        else
        {
            Toast.makeText(Login.this,"Login Unsuccessful", Toast.LENGTH_SHORT).show();
        }

}

the success bit is never echoed when using the isset, instead it jumps straight to login successful. I need that bit to echo in order for my android app to be able to log in correctly.

Maytham Fahmi
  • 31,138
  • 14
  • 118
  • 137
josh
  • 11
  • 2
  • Obligatory you have SQL injection vulnerabilities comment. Plus it looks like you store passwords in plain text. This tutorial should be ashamed of itself. Probably not the source of your immediate problem, but here's some required reading: [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) and [Secure hash and salt for PHP passwords](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) – Alexander O'Mara Apr 02 '16 at 17:58
  • put print_r($_POST); after – emed Apr 02 '16 at 18:05

2 Answers2

1
if(isset($_POST['mobile']) && $_POST['mobile'] == "android")
{ 
     echo "success";
     exit; 
  }

isset($_POST['mobile']) && $_POST['mobile'] change it to this so that you can understand if error is about parameter

if(isset($_POST['mobile']) 
    { 
         if(($_POST['mobile'] == "android"))
        {
        echo "success";
         exit; 
          }
      }
     else
        { echo "mobile parameter is not set";
Burak Karasoy
  • 1,682
  • 2
  • 21
  • 33
  • Hello,thanks for the quick reply but still it couldnt reach success...am still unable to login even with correct credentials – josh Apr 02 '16 at 18:29
  • There is no logical difference between the first and the second code. The second code is just 2 characters longer. – boxHiccup Apr 02 '16 at 18:44
  • get isset($_POST['mobile']) above of ($_POST['mobile'] == "android") so that you can understand if problem is about parameter(mobile) – Burak Karasoy Apr 02 '16 at 18:45
0

Are you sure that mobile is really a POST parameter? Because if you call, by your android app, the url: http://www.yoursite.xyz/login.php?mobile=android then it's a GET parameter, and you can find that in $_GET superglobal.

boxHiccup
  • 128
  • 8
  • Just following a tutorial,according to it its a POST parameter.And how do I use the $_GET in this case.Like i mentioned im still new to this – josh Apr 03 '16 at 10:19
  • I don't remember how are made Android HTTP requests, but for sure you have to put in a link as parameter of something. So if your site is loremipsum.org AND you're using POST then your link should be http://www.loremipsum.org/login.php, with other parameters specified later by java code. If you're using GET then your link should be like this: http://www.loremipsum.org/login.php?mobile=android. By the way, the code specified in your question is not the entire code, can you edit to insert the http request code? – boxHiccup Apr 03 '16 at 13:53