-2

I am using the below php code to fetch the data from the DB. I am unable to check if the Username matches with the entered password.

When correct Username and wrong password is entered, the app gets force closed.

Php code -

<?php

include 'DBConfig.php';

$con = mysqli_connect($HostName,$HostUser,$HostPass,$DatabaseName);

$json = file_get_contents('php://input');

$obj = json_decode($json,true);

$email = $obj['email'];

$password = $obj['password'];

$Sql_Query = "select * from UserRegistrationTable where email = '$email' and password = '$password'; ";

$connection_part = mysqli_query($con,$Sql_Query);
$dataExist=0;

if(mysqli_num_rows($connection_part)>0){ 

 $SuccessLoginMsg = 'Data Matched';

 $SuccessLoginJson = json_encode($SuccessLoginMsg);

echo $SuccessLoginJson ; 

$check = mysqli_fetch_array($connection_part);

$response=array();
array_push($response,array("name"=>$check[1], "email"=>$check[2], "password"=>$check[3]);

echo json_encode(array("Details"=>$response));     
}

 else{

$InvalidMSG = 'Invalid Username or Password Please Try Again' ;

$InvalidMSGJSon = json_encode($InvalidMSG);

echo $InvalidMSGJSon ;

 }

 mysqli_close($con);
?>
ADM
  • 20,406
  • 11
  • 52
  • 83
Abhishek DS
  • 47
  • 6
  • 1
    Why did you tag Android here? – buzzingsilently May 18 '18 at 10:33
  • 4
    **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin May 18 '18 at 10:36
  • How is your password encripted in your db? – DaFois May 18 '18 at 10:36
  • 4
    **Danger**: "Not hashing at all" is [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php); you need to [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of your users' passwords. – Quentin May 18 '18 at 10:36
  • 2
    It's really hard to see what the problem is here. You need to create a [mcve] and figure out where in your program it starts doing unexpected things. Add debugging output so you can see what values variables have, etc. – Quentin May 18 '18 at 10:38
  • I am looking into that, As I cannot upload the source of that, I uploaded this here. Can I know what is wrong with this code wrt UN and Passwords matching? – Abhishek DS May 18 '18 at 10:38

1 Answers1

0

You should switch your if statements or better change the '>' to '<'. if there are rows in your sql query means the username and password matches. You have it the other way around hope this helps.

Victor Adelowo
  • 1
  • 1