Question: PHP. I have a question about simple php mysql login system. (i am using XAMPP) I have created a simple website and asked the user

PHP. I have a question about simple php mysql login system. (i am using XAMPP)

I have created a simple website and asked the user to register. all the info is stored in the database. So now user can login using his username and password.

The problem is user can login using any word in the passwords section. As long as he entered the right username, he can type whatever he wants and he will still be able to login.

Question? How i can fix this so that when user wants to log in, he can only use associated username and password to successfully login( NOT ANY RANDOM WORD FOR PASSWORD).

This is the code.

if (isset($_POST['login_btn'])) {

}

// LOGIN USER

function login(){

global $db, $user_id, $errors;

// grap form values

$user_id = e($_POST['username']);

$password = e($_POST['password']);

// make sure form is filled properly

if (empty($user_id)) {

array_push($errors, "Username or Email is required");

}

if (empty($password)) {

array_push($errors, "Password is required");

}

// attempt login if no errors on form

if (count($errors) == 0) {

$password = md5($password);

$query = "SELECT * FROM users WHERE username='$user_id' OR email='$user_id' AND password='$password' LIMIT 1";

$results = mysqli_query($db, $query);

if (mysqli_num_rows($results) == 1) { // user found

// check if user is admin or user

$logged_in_user = mysqli_fetch_assoc($results);

if ($logged_in_user['user_type'] == 'admin') {

$_SESSION['user'] = $logged_in_user;

$_SESSION['success'] = "You are now logged in";

header('location: Admin/Admin.php');

}else{

$_SESSION['user'] = $logged_in_user;

$_SESSION['success'] = "You are now logged in";

header('location: index.php');

}

}else {

array_push($errors, "Wrong username/password combination");

}

// call the register() function if register_btn is clicked

if (isset($_POST['register_btn'])) {

}

// REGISTER USER

function register(){

// call these variables with the global keyword to make them available in function

global $db, $errors, $username, $email;

// receive all input values from the form. Call the e() function

// defined below to escape form values

$username = e($_POST['username']);

$email = e($_POST['email']);

$password_1 = e($_POST['password_1']);

$password_2 = e($_POST['password_2']);

$firstname = e($_POST['firstname']);

$lastname = e($_POST['lastname']);

// form validation: ensure that the form is correctly filled

if (empty($username)) {

array_push($errors, "Username is required");

}

if (empty($email)) {

array_push($errors, "Email is required");

}

if (empty($password_1)) {

array_push($errors, "Password is required");

}

if ($password_1 != $password_2) {

array_push($errors, "The two passwords do not match");

}

if (empty($firstname)) {

array_push($errors, "Firstname is required");

}

if (empty($lastname)) {

array_push($errors, "Lastname is required");

}

//checking if user with same info is already there

$checkifexists = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";

$ressl = mysqli_query($db, $checkifexists);

$userrrr = mysqli_fetch_assoc($ressl);

if($userrrr){

if ($userrrr['username'] === $username){

array_push($errors, "Username already exists");

}

if ($userrrr['email'] === $email){

array_push($errors, "email already exists");

}

// register user if there are no errors in the form

if (count($errors) == 0) {

$password = md5($password_1);//encrypt the password before saving in the database

if (isset($_POST['user_type'])) {

$user_type = e($_POST['user_type']);

$query = "INSERT INTO users (username, email, user_type, password, firstname, lastname)

VALUES('$username', '$email', '$user_type', '$password', '$firstname', '$lastname')";

mysqli_query($db, $query);

$_SESSION['success'] = "New user successfully created!!";

header('location: Admin/Admin.php');

}else{

$query = "INSERT INTO users (username, email, user_type, password, firstname, lastname)

VALUES('$username', '$email', 'user', '$password', '$firstname', '$lastname')";

mysqli_query($db, $query);

// get id of the created user

$logged_in_user_id = mysqli_insert_id($db);

$_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session

$_SESSION['success'] = "You are now logged in";

header('location: index.php');

}

// return user array from their id

function getUserById($id){

global $db;

$query = "SELECT * FROM users WHERE id=" . $id;

$result = mysqli_query($db, $query);

$user = mysqli_fetch_assoc($result);

return $user;

}

// escape string

function e($val){

global $db;

return mysqli_real_escape_string($db, trim($val));

}

function display_error() {

global $errors;

if (count($errors) > 0){

echo '

foreach ($errors as $error){

echo $error .' ';

}

echo '

}

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

As a Web Developer, you will be creating a login system using HTML, PHP, and MySQL. Your website needs to be dynamic, and your visitors need to have instant access, so that they can log in as many...

This policy will be reviewed no later than 5 years of its authorisation date. At this point it will need to be re-authorised by the relevant authority at Xxz Financial Services Version Published...

MINI-PROJECT Implement a Software-Engineering Process stages by selecting any topic which is mention below or you can select your desired any other topic. Website Administration Airport checking-in...

Any idea on 24 and 25,,, ive already installed ab i don't no how to run it and i need help with 25 24.Install and run ab to test the apache benchmark for your own website to see how fast your site...

CONTEXT BASED HANDICRAFT RECOMMENDER SYSTEM 1Introduction This chapter include the background of study, problem statement, justification of study, importance of study, scope of study, study...

answer this task according to this this the porposal Task B: You have to use the same information system and business processes identified and used in assignment1 Task B to solve the below sub tasks....

QUESTIONS ONE [80 MARKS] Social media includes websites and applications that enable rapid, efficient, and real-time content sharing. Most people associate social media with apps on their smartphones...

Your tasks is to create a guest book that contains three small php-scripts as follows: connect.php , which will set up a connection to the database. guestbook.php , which will show all the guestbook...

AirAsia s exclusive cheap flights return with domestic and international travel for as low as RM 1 . 0 0 . Develop an auction website, where the users can bid for their low - fare tickets with...

Thom owes $7,200 on his credit card. The credit card carries an APR of 18.4 percent compounded monthly. If Thom makes payments of $225 per month, how long will it take for him to pay off the credit...

Can you use the longest hash possible? How long is good enough?

Here are book- and market-value balance sheets of the United Frypan Company (figures in $ millions): Book-Value Balance Sheet Net working capital 28 Debt % 78 Long-term assets 6a Equity 30 % 188 %...

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Question If I decide to convert my traditional IRA to a Roth IRA, can I move the money back to a traditional IRA within the same year (or before the tax return due date) if that is advantageous (for...

Question Can life insurance be used in a Keogh (HR 10) plan?

Question At what age is a defined benefit plan more advantageous than a defined contribution plan for taxdeferring the maximum amount of retirement savings?