1

So I am currently working on a form that lets me login using a username and password from my database and when i check the request method it doesn't work (I realized it didn't work by putting an echo right after the check so it doesn't go through the check), Here is my PHP code :

<?php 

include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST"){
  $username = mysqli_real_escape_string($db,$_POST['username']);
  $password = mysqli_real_escape_string($db,$_POST['password']);

  $sql = "SELECT ID from Operateur where username = '$username' and mot_de_passe = '$password'";
  $result = mysqli_query($db,$sql);
  $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
  $active = $row['active'];
  $count = mysqli_num_rows($result);

   if($count == 1) {
         session_register("myusername");
         $_SESSION['login_user'] = $myusername;
         
         header("location: welcome.php");
      }else {
         $error = "Your Login Name or Password is invalid";
      }
   }


 ?>

And here is my form code

  <div id="form">
    <h2>Welcome</h2>
    <form action="" method="POST">
    <input type="text" placeholder="Username" name="username">
    <input type="password" placeholder="Password" name="password">
    <input type="submit" value="Log in" class="submit" name="sumbit">
    <input type="button" value="Close" class="close" onclick="closeForm()">
    </form>
  </div>

If any more code from my part is needed to resolve this problem please tell me

So I tried to use isset($_POST[...]) but it didn't work as well and i'm currently out of ideas, as i am fairly new to php.

AchMi
  • 11
  • 2
  • Are both of those blocks part of one file? Your form action is empty, so this will submit to the exact same URL that you are already on. – CBroe Jul 21 '23 at 11:03
  • Agreed, it's unclear if both these scripts are from the same file or not. put `var_dump($_POST);` just before the first `if` and see if that outputs anything...after the form has been submitted you should see it showing the submitted username and password values. If not, then your form probably isn't submitting to the right place. – ADyson Jul 21 '23 at 11:09
  • P.S. **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unparameterised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Jul 21 '23 at 11:10
  • `mysqli_real_escape_string` was obsolete 20 years ago, and doesn't guard against everything. https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use that resource again. – ADyson Jul 21 '23 at 11:10
  • Also, please don't store passwords in plain text - that is another security risk. Learn about [password hashing](https://www.php.net/manual/en/faq.passwords.php) instead. See also [How to use PHP's password_hash to hash and verify passwords](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) – ADyson Jul 21 '23 at 11:11
  • Writing a login system is not really a suitable topic for an inexperienced or beginner programmer. There are so many ways to get it badly wrong (some of which are demonstrated even in this simple code), and given what the functionality is, it's very important not to get _any_ of it wrong. If you need such a feature in your application, use an existing well-known framework or plugin. Then, focus your energies on learning PHP properly and adding some genuine value to your application with a novel feature, not something you can easily re-use a (reliable, well-made) product for. – ADyson Jul 21 '23 at 11:12
  • "Are both of those blocks part of one file? Your form action is empty, so this will submit to the exact same URL that you are already on." Yes they are and in the form action i redirected it to itself and still nothing happened, i've tried this print_r($_POST); echo "
    ",$_POST['username']; I have just tried this "var_dump($_POST);" and after submitting it shows me the submitted username and password so thank you ADyson, and for the security risks, this is just a project that i am doing as an intern and i am still learning php, thanks for all the help     – AchMi Jul 21 '23 at 11:54
  • `this is just a project that i am doing as an intern`...well in that case, you should learn to do things the right way, not the wrong way, so that when you come to contribute to a "real" application you don't make any big mistakes. In particular the point about building your SQL queries properly applies to any PHP/SQL code you write, not just for a login feature. :-) – ADyson Jul 21 '23 at 11:58
  • `"var_dump($_POST);" and after submitting it shows me the submitted username and password`....ok , so now move that command _inside_ the first `if` statement and see if you still see it after submitting. Then keep moving it further down until you stop seeing it anymore. That might give you a clue about where things start to go wrong. And make sure you've got PHP and mysqli error reporting switched on, so you can see any crashes that occur. – ADyson Jul 21 '23 at 11:59
  • Yes i fixed the code and now the form works very well, the only problem i have left is with the session_register("myusername"); $_SESSION['login_user'] = $myusername; but that isn't a problem that i adressed in my question so thank you ADyson – AchMi Jul 21 '23 at 12:09
  • Sure, you can ask a new question about that. But if you fixed your first problem with code changes, please put those changes into an Answer below so that others may learn from it, and you may gain reputation points. See also [answer] - thanks. – ADyson Jul 21 '23 at 12:11

0 Answers0