Click here to Skip to main content
15,303,522 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
PHP
real_escape_string($_POST['username']);
      $password = $con->real_escape_string(md5($_POST['password']));
      
  if (!empty($username) || !empty($password)) {
        $query  = "SELECT * FROM USERS WHERE username = '$username'";
        $result = $con->query($query);
        if($result->num_rows > 0){
            $row = $result->fetch_assoc();
            $_SESSION['ID'] = $row['id'];
            $_SESSION['ROLE'] = $row['role'];
            $_SESSION['NAME'] = $row['name'];
            header("Location:dashboard.php");
            die();                              
        }else{
          $errorMsg = "No user found on this username";
        } 
    }else{
      $errorMsg = "Username and Password is required";
    }
  }


What I have tried:

I was tried some code it does not work.
Posted
Updated 16-Jan-22 21:30pm
v2
Comments
0x01AA 17-Jan-22 2:53am
   
Think about this...
if (!empty($username) || !empty($password)) {
....
if (!empty($username) && !empty($password)) {
Richard Deeming 17-Jan-22 5:42am
   
For password storage, use:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Quote:
I was tried some code it does not work.

"It doesn't work" is probably the most useless problem report we get - and we get it a lot. It tells us nothing about what is happening, or when it happens.
So tell us what it is doing that you didn't expect, or not doing that you did.
Tell us what you did to get it to happen.
Tell us any error messages.

In this case, all you check for is that the username and password as entered by the user are no blank - you need to actually confirm that the password he entered matches the information stored in the DB for that specific username.

But that's not as simple as "is it the same?" becuas etehre are a lot of complications here, including some legal restrictions which could easily bankrupt you if you aren't careful enough because you have to store passwords in a "safe form". There is some information on how to do it here: Password Storage: How to do it.[^] - the code examples are all in C#, but the principle is the same in whatever language, so get the idea straight in your head, then google for PHP and password hashing and you should find loads of examples.

Just remember: this is web based so if you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900