I have the following code which correctly assigns sessions if both arguments re true (ie. username and password match database record). If the username and password don't match the database I want to echo out a message to the user. However, the message only echo's out if the username doesn't match. If the password doesn't match but the username does, no error message but also no session?
Here is the php code:
<html>
<head>
<title ID="current">Home</title>
<script src="http://ift.tt/rs8qB8"></script>
<link rel="stylesheet" type="text/css" href="./Style.css">
</head>
<body>
<?php
include("NavAndHeader.php");
include("db_conn.php");
session_start();
if(isset($_POST['signIn'])){
$user=$_POST['userName'];
$password=MD5($_POST['password']);
$query = "SELECT *
FROM users
WHERE username='$user'";
$result = $connection->query($query);
$count = $result->num_rows;
while($row = $result->fetch_assoc()) {
if ($row['Password'] == $password && $row['Username'] == $user){
$_SESSION['status'] = $row['Access'];
$_SESSION['name'] = $row['Name'];
header('Location: ./Home.php');
}
else{
echo "<p id='logInError'>Those details are incorrect</p>" ;
}
}
}
?>
<div id="logIn">
<table>
<form method="post">
<tr>
<td><p>Username:</p></td>
<td><input name="userName" type="text" id="userName" size="20"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" id="password" size="20"></td>
<td><input type="submit" name="signIn" value="Submit">
</tr>
<tr>
<td><a href="./SignUp.php">Sign Up</a></td>
</tr>
</form>
</table>
</div>
Aucun commentaire:
Enregistrer un commentaire