when use incorrect password and username system not work properly

Question

I have created simple login form in php. There are two pages called login.html and login.php.login.html action page is login.php.admin has fixed username and password.when admin uses his password system should redirect to admin page.when user uses his password or username system should redirect to order.php page.

when user uses correct password and username system works properly. But problem is, when anyone use incorrect password or username system redirect to admin.php page. How can i fix this.i mentioned my php code below.

<?php

session_start();

$uname=$_POST['uname'];
$pwd=$_POST['pwd'];

$servername="localhost";
$username="root";
$password="";
$dbname="mid";

$conn=mysqli_connect($servername,$username,$password,$dbname);

if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
else{
    $sql="select * from reg where uname='$uname' and pwd='$pwd'";

    $result = mysqli_query($conn, $sql);
    $count = mysqli_num_rows($result);

    if($count > 0){
        header('Location:order.php');
    }
    elseif($uname="Admin" && $pwd="abc123"){
        header('Location:admin.php');
    }
    else{
        echo "incorrect";
    }
}
?>

score 1 · Accepted Answer · answered Oct 15 '17 at 18:26

1

Your elseif condition doesn't check for equality using double equals (==) rather it uses the assignment operator (=) change the condition to

 elseif($uname == "Admin" && $pwd == "abc123")

answered Oct 15 '17 at 18:26

Lasitha Petthawadu

753
5
18

And there is a space between `elseif`... It should be `else if` – shahsani Oct 15 '17 at 18:27
@shahsani refer here https://secure.php.net/manual/en/control-structures.elseif.php – Lasitha Petthawadu Oct 15 '17 at 18:30
Oops I forgot it. Thanks for reminding! – shahsani Oct 15 '17 at 18:31

score 0 · Answer 2 · answered Oct 15 '17 at 18:27

Look for what comparison operator you have used

Shouldn't it be '==' or '===' instead of '=' in elseif condition

By using '=' operator you are assigning value to variables and as assignment is successful it returns true which causes redirection to admin.php page

score 0 · Answer 3 · answered Oct 15 '17 at 18:30

You have a syntax error in your code. The comparison operator is used incorrectly as an assignment operator. Use a == for comparison.

The code is corrected as below:

if($count > 0){
   header('Location:order.php');
}
else if($uname == "Admin" && $pwd == "abc123"){
   header('Location:admin.php');
}
else{
   echo "incorrect";
}

score -1 · Answer 4 · answered Oct 15 '17 at 18:27

-1

Try to change :

else{
echo "incorrect";
}

to

else{
header('Location:login.html');
}

or if you want get JS alert

else{
die('<script>alert('incorrect');location.href='login.html';</script>');
}

answered Oct 15 '17 at 18:27

M. Pancadewa

145
11

when use incorrect password and username system not work properly

4 Answers4