0

So I am trying to use POST to login to my site, the login part works, but the POST part does not, any ideas?

here is Index.php:

<div id="SignIn" class="modal fade" role="dialog">
  <div class="modal-dialog">

    <!-- Modal content-->
    <div class="modal-content">
      <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal">&times;</button>
        <h4 class="modal-title">Sign in to your account</h4>
      </div>
      <div class="modal-body">
          <form action="login.php"  method="post">
        <input style="margin-bottom:10px" name="usename" type="text" placeholder="Username"><br>
        <input type="password" name="password" placeholder="Password"><br>
        <input style="margin-top:10px" type="submit" class="btn btn-default" value="Sign In"></input>
          </form>
      </div>
      <div class="modal-footer">
        <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
      </div>
    </div>

  </div>
</div>

and here is Login.php:

    <?php
    /*lorte køter*/
    session_start();
    require 'connect.inc.php';

if (isset($_POST['username'])&&isset($_POST['password'])) {
    $Username = $_POST['username'];
    $Password = $_POST['password'];

    //$password_hash = md5($password);

    if (!empty($username)&&!empty($password)){

        $query = "SELECT `password`, `username` FROM `user` WHERE `username`='$uusername' AND `password`='$ppassword'";
         if ($result = mysqli_query($con, $query)); { 
            $query_num_row = mysqli_num_rows($result); 

            if ($query_num_row==0){
                 echo 'k';
                //header ('Location: Index.php');
            } else if ($query_num_row==1) {
                while($row = mysqli_fetch_assoc($result)) {
                sleep(5);
                echo 'NO!';
                $_SESSION["username"] = $row['username']; 
                header ('Location: profile.php');
                }
            }
        }

    } else {
         echo 'no';
        header("Location: Index.php");
    }
}

It looks like it should work, but it does not for some reason D:

Allosaurus
  • 5
  • 3
  • 1
    Can you spot the error in this line, `... WHERE \`username\`='$uusername' AND \`password\`='$ppassword'`? Just for the record, `$Username` and `$username` are two different variables. – Rajdeep Paul May 05 '16 at 20:19
  • Thank you, I guess I was too dumb to see that xD I should pay more attention to what I type. In case you want to, I am working on a website, this; http://93.184.203.164/ (I know that is my IP, I don't really mind) – Allosaurus May 05 '16 at 20:23
  • 1
    Bit of advice: Your queries are susceptible to SQL injection. Learn about prepared statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). [And this is how you can prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Rajdeep Paul May 05 '16 at 20:39
  • And never store password as a plain readable text, always perform [salted password hashing](https://crackstation.net/hashing-security.htm) on raw password before inserting it into the table. – Rajdeep Paul May 05 '16 at 20:50

1 Answers1

0

If I've understood you correctly, changing

<input style="margin-bottom:10px" name="usename" type="text" placeholder="Username">

to

<input style="margin-bottom:10px" name="username" type="text" placeholder="Username">

should fix your problem. It seems like the type made the first isset() validation fail.

adarshdec23
  • 231
  • 2
  • 9