php - My Login won't work -


i can register user when try log on it, i'm having 2 issues:

1: can log-in using username can type whatever want in password input section , still logged in (it not check real password in database)

2: when try use combination email , password can't log-in, error msg.

i'm thinking problem lies within $query select members bla bla... i'm not sure.
sorry being such noob.

this register.php

<form method="post"  action="">  <input type="text" name="username" placeholder="username">  <input type="password" name="password1" placeholder="password">  <input type="password" name="password2" placeholder="confirm password">  <input type="text" name="email" placeholder="e-mail">  <input type="date" name="age" id="age" >   <input type="radio" value="male" name="gender" checked> <input type="radio" value="female" name="gender">   <input type="submit" value="sign up" name="create_member"> </form>    <?php   require_once ("core/connect.php");   if(isset($_post['create_member']))   {     $username = mysqli_real_escape_string($dbc, trim ($_post['username']));     $password1 = mysqli_real_escape_string($dbc, trim ($_post['password1']));     $password2 = mysqli_real_escape_string($dbc, trim ($_post['password2']));     $email = mysqli_real_escape_string($dbc, trim ($_post['email']));     $age = mysqli_real_escape_string($dbc, trim ($_post['age']));     $gender = mysqli_real_escape_string($dbc, trim ($_post['gender']));      if($password1 != $password2)     {         echo 'the 2 passwords not same';     }      $hash = hash('sha256', $password1);      function createsalt()     {         $text = md5(uniqid(rand(), true));         return substr($text, 0, 3);     }      $salt = createsalt();     $password = hash('sha256', $salt . $hash);      if(!empty($username) && !empty($email) && !empty($password) && !empty($age) && !empty($gender))      {         $query_ind = "insert members values ('', '$username', '$password', '$email', '$age' , '$gender', '$salt', now())";          mysqli_query($dbc, $query_ind);      }     else     {         echo "fill out form please";     }  }   ?>

and login.php

<?php  $error_msg = '';      if (isset($_post['member_login']))     {         // grab user-entered log-in data         $member_username = mysqli_real_escape_string($dbc, trim($_post['username']));         $member_email = mysqli_real_escape_string($dbc, trim($_post['username']));         $member_password = mysqli_real_escape_string($dbc, trim($_post['password']));           if (!empty($member_username) && !empty($member_password))         {             // username , password in database             $query = "select * members member_username = '$member_username' or member_email = '$member_email' , member_password = '$member_password'"; // sha('$member_password')";               $data = mysqli_query($dbc, $query);              if (mysqli_num_rows($data) == 1 )             {                 // log-in ok set user id , username session vars (and cookies), , redirect home page                 $row = mysqli_fetch_array($data);                  $_session['member_id'] = $row['member_id'];                 $_session['member_username'] = $row['member_username'];                 $_session['member_email'] = $row['member_email'];                  setcookie('member_id', $row['member_id'], time() + (60 * 60 * 24 * 7));    // expires in 7 days                 setcookie('member_username', $row['member_username'], time() + (60 * 60 * 24 * 7));  // expires in 7 days                 setcookie('member_email', $row['member_email'], time() + (60 * 60 * 24 * 7));  // expires in 7 days                  header('location: ' . $_server['php_self'] . '?page=mlog_in');               }             else             {                 // username/password incorrect set error message                 $error_msg = ' incorrect infomation, try again. ';             }         }         else         {         // username/password weren't entered set error message         $error_msg = ' incorrect infomation, try again. ';         }     }      mysqli_close($dbc);  if(!isset($_session['member_id'])) {     ?>             <div class="sixteen columns">             <h2>login</h2>                <form action="<?php echo $_server['php_self']?>" method="post" class="sixteen columns">              <input required type="text" name="username" placeholder="username / e-mail"/>             <input required type="password" name="password" placeholder="password" />              <input required type="submit" name="member_login" value="login" />              <input type="checkbox" name="remember" value="1"><span>remember me</span>                  <?php                     echo '<p>' . $error_msg . '</p>';                 ?>              <?php             echo '<a href="index.php?page=register" title="click sign up">make profile</a>';             ?>           </form>         </div>      <?php }       else {     $profile = '';     if(isset($_get['profile']))     {         $profile = $_get['profile'];     }      ?>       <?php         switch($profile)         {              default :                 require_once 'profile/userpage.php';             break;          } }  ?>

there 2 problems login. both relating select, different reasons.

first, logical operators , and or that: operators. mathematical operators, have order of operations. in same way multiplication before addition, , before or.

now let's take closer @ select, while substituting few variables clarity.

where username=$username or email=$email , password=$password

if follow order of operations means "email=$email , password=$password" evaluated first. if trying login using username, false because username doesn't equal email. new equation looks this:

where username=$username or false

since trying login using username, first part of expression evaluate true, meaning entire expression evaluate true. why when try login username, doesn't matter password use.

now if trying login using email. in case, forgot hash password database password never match password variable.

hope clears up.


Comments

Post a Comment

Popular posts from this blog

php - Submit Form Data without Reloading page -

i know question has been asked , answered bunch of times life of me can not solution work on code. believe if redo code, work properly, , in retrospect time i've spent on issue should have redone code...but beyond deadline , have working prototype up... can advise how update multiple forms on single page without reloading page? horrible @ php , complete noob js/jquery/ajax @ best. html/php in single file , believe causing me problems/is largest obstacle @ getting ajax form processing work. basically, want users to: select teams multiple dropdowns in form group 1 (league champs) , on update update db newly selected team without reloadding page. edit team scores per match , on score submit/update, update db new scores. for each requirement there multiple forms (1 each leagues, 1 each per match) have set class on each form id. everything works via php, form submission reloads page each time submitted , not ideal. i have tried ajax code here http://scotch.io/tutoria...
Read more

linux - Rails running on virtual machine in Windows -

the reason why want switch ubuntu people said gems works better on linux on windows. i don't want macbook pro rails development since love windows , cannot stand lack of apps mac. moreover, people saying ubuntu "better" mac: http://www.reddit.com/r/ubuntu/comments/1bgj1s/are_there_advantages_of_ubuntu_over_os_x_for/ does virtual box work enough doesn't have lag @ all? using i7-3517u cpu 8gb memory. need program in environment lag-free , not sluggish. or there alternatives recommend? i unsure permission settings or complicated stuffs regarding terminal. i'll using terminal develop. i'm still quite new here development in linux. please kind me >< thanks. @holyxiaoxin pretty sure should asking on superuser instead. nevertheless, suggest install ubuntu in partition instead of running virtual machine. here's guide https://help.ubuntu.com/community/windowsdualboot also, yes. developing in virtual machine accurate, @ end experiment w...
Read more