8

Password is empty click to login button automatically show next page, how to che...

 2 years ago
source link: https://www.codeproject.com/Questions/5322732/Password-is-empty-click-to-login-button-automatica
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
Copy Code
real_escape_string($_POST['username']);
      $password = $con->real_escape_string(md5($_POST['password']));
      
  if (!empty($username) || !empty($password)) {
        $query  = "SELECT * FROM USERS WHERE username = '$username'";
        $result = $con->query($query);
        if($result->num_rows > 0){
            $row = $result->fetch_assoc();
            $_SESSION['ID'] = $row['id'];
            $_SESSION['ROLE'] = $row['role'];
            $_SESSION['NAME'] = $row['name'];
            header("Location:dashboard.php");
            die();                              
        }else{
          $errorMsg = "No user found on this username";
        } 
    }else{
      $errorMsg = "Username and Password is required";
    }
  }


What I have tried:

I was tried some code it does not work.
Comments
Think about this...
if (!empty($username) || !empty($password)) {
....
if (!empty($username) && !empty($password)) {
Quote:

I was tried some code it does not work.

"It doesn't work" is probably the most useless problem report we get - and we get it a lot. It tells us nothing about what is happening, or when it happens.
So tell us what it is doing that you didn't expect, or not doing that you did.
Tell us what you did to get it to happen.
Tell us any error messages.

In this case, all you check for is that the username and password as entered by the user are no blank - you need to actually confirm that the password he entered matches the information stored in the DB for that specific username.

But that's not as simple as "is it the same?" becuas etehre are a lot of complications here, including some legal restrictions which could easily bankrupt you if you aren't careful enough because you have to store passwords in a "safe form". There is some information on how to do it here: Password Storage: How to do it.[^] - the code examples are all in C#, but the principle is the same in whatever language, so get the idea straight in your head, then google for PHP and password hashing and you should find loads of examples.

Just remember: this is web based so if you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.

Add your solution here

Preview

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email   Password  

 

Your Email   Optional Password  

StrengthToo short

 

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters
When answering a question please:
  1. Read the question carefully.
  2. Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
  3. If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
  4. Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.
Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK