javascript - How to get the value of mysql.user password -
when log in using mysql.user can't log on if user has password. if logged on using user password page can't logged on other php.
the user inputted on log in use on connection database.
<?php session_start(); ?> <!doctype html> <html> <head> <title>log in</title> <meta charset="utf-8" /> <link rel="stylesheet" type="text/css" href="css/reset.css"> <link rel="stylesheet" type="text/css" href="css/structure.css"> <?php include('connection.php'); ?> </head> <body> <form class="box login" method="post"> <fieldset class="boxbody"> <label>username</label> <input type="text" tabindex="1" placeholder="username" required name="username" id="username"> <label><label class="rlink" tabindex="5">optional</label>password</label> <input type="password" tabindex="2" placeholder="password" name="password" id="password" > </fieldset> <footer> <input type="submit" class="btnlogin" value="login" tabindex="4" name="sent"> </footer> </form> <?php if (isset($_post['sent'])) { $servername = "localhost"; $username = ($_post['username']); $password = ($_post['password']); $message=""; // create connection $result = $conn->query("select user mysql.user user='$username' , password='$password'"); if ($result->num_rows > 0) { $_session["uname"] = "$username"; $_session["pass"] = "$password"; echo '<script type="text/javascript">alert(<?php echo "success!";?>)</script>'; header("location: main.php"); } else { $message = "successfuly entered! hi! $username"; echo '<script type="text/javascript">alert(<?php echo "$message";?>)</script>'; } } // check connection ?> </body> </html>
you'd better check database errors might happen here
$conn->query("select user mysql.user user='$username' , password='$password'");
check if query executes first. better use one
"select * mysql.user user= ?"
after checking row count. can hash current password user's salt check if equal.
for more security use prepared statements.and check if $_post['username']
, $_post['password']
set (even if input fields "required")
and echoing errors can have paragraph error id
<p id="error"></p>
and echo one
'<script> document.getelementbyid("error").innerhtml = "'.$error.'" </script>'
my first answer sorry bad english.
Comments
Post a Comment