Jump to content
victor zain

login function

Recommended Posts

I have a table in database called users to store user details

This is the code I have 

?php

session_start();

if (isset($_POST['submit'])) {
    
    include 'dbh.inc.php';

    $uid = mysqli_real_escape_string($conn, $_POST['uid']);
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

    //Error handlers
    //check if inputs are empty

    if (empty($uid) || empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }else{
        $sql = "SELECT * FROM users WHERE user_uid='$uid' OR email ='$uid'";
        $result = mysqli_query($conn, $sql);
        $resultcheck = mysqli_num_rows($result);

        if ($resultcheck < 1) {
            header("Location: ../Home.php?login=error");
            exit();

        }else{
            if ($row = mysqli_fetch_assoc($result)) {
                //De-Hashing the password
                $hashedpwdCheck = password_verify($pwd, $row['user_pwd']);
                if ($pwd == false) {
                    header("Location: ../Home.php?login=error");
                    exit();
                }elseif ($pwd == true) {
                    //log in the user into the system
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_First_Name'] = $row['First_Name'];
                    $_SESSION['u_Last_Name'] = $row['Last_Name'];
                    $_SESSION['u_email'] = $row['email'];
                    $_SESSION['u_uid'] = $row['user_uid'];

                    header("Location: ../myAccount/index.php?login=success");
                    exit();
                }
            }
        }

    }

}else{
    header("Location: ../Home.php?login=error");
    exit();
}

?>

 

users.PNG

Share this post


Link to post
Share on other sites

Does that work?  It doesn't look like you're checking the password correctly, you're checking if $pwd is boolean true or false.  It's neither.

Other than that, if you want to lock an account if someone unsuccessfully tries a certain number of times, then you'll need to keep a counter for attempts for each user and increment if they get it wrong, set it to 0 if they get it right, and if it's at the limit then don't let them log in.  You'll want to keep a timestamp also of the last failed attempt so you can reset it after a certain time.

Share this post


Link to post
Share on other sites

I'm not going to modify your database and your code for you, if you want to learn we're help to teach people.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...