The following code displays a check statement which checks the given user input, if the username 'admin' is supplied with its correct password '123' it should direct to user to the adminloggedin page however it doesn't check the given input correctly and returns Error logging in, Username not found. How would I correct my code? Thanks for any help..
<?php
session_start();
//if the form has been submitted
if (isset($_POST['submitted'])){
//get the information out of get or post depending on your form
$username = $_POST['username'];
$password = $_POST['password'];
//connect to the database
$db = new PDO("mysql:dbname=project;host=localhost", "root", "");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$safe_username = $db->quote($username); //sql injection
//run a query to get the user associated with that username
$query = "select * from registeredusers where username = $safe_username";
$result = $db->query($query);
$firstrow = $result->fetch(); //get the first row
if (!empty($firstrow)) {
//check the passwords, if correct add the session info and redirect
$hashed_password = md5($password);
if ($firstrow['password'] == $hashed_password){
if($firstrow['username'] == "admin"){
$_SESSION['name'] = "admin";
header ("Location: adminloggedin.php");
exit();
}
$_SESSION['name'] = $firstrow['username'];
header("Location: systemhelp.html");
exit();
} else {
echo "<h1>Error logging in, password does not match</h1>";
}
} else {
//else display an error
echo "<h1>Error logging in, Username not found </h1>";
}
}
?>
Aucun commentaire:
Enregistrer un commentaire