I have the following code which correctly assigns sessions if both arguments re true (ie. username and password match database record). If the username and password don't match the database I want to echo out a message to the user. However, the message only echo's out if the username doesn't match. If the password doesn't match but the username does, no error message but also no session?
Here is the php code:
<html>
<head>
<title ID="current">Home</title>
<script src="http://code.jquery.com/jquery-latest.js"></script>
<link rel="stylesheet" type="text/css" href="./Style.css">
</head>
<body>
<?php
include("NavAndHeader.php");
include("db_conn.php");
session_start();
if(isset($_POST['signIn'])){
$user=$_POST['userName'];
$password=MD5($_POST['password']);
$query = "SELECT *
FROM users
WHERE username='$user'";
$result = $connection->query($query);
$count = $result->num_rows;
while($row = $result->fetch_assoc()) {
if ($row['Password'] == $password && $row['Username'] == $user){
$_SESSION['status'] = $row['Access'];
$_SESSION['name'] = $row['Name'];
header('Location: ./Home.php');
}
else{
echo "<p id='logInError'>Those details are incorrect</p>" ;
}
}
}
?>
<div id="logIn">
<table>
<form method="post">
<tr>
<td><p>Username:</p></td>
<td><input name="userName" type="text" id="userName" size="20"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="password" id="password" size="20"></td>
<td><input type="submit" name="signIn" value="Submit">
</tr>
<tr>
<td><a href="./SignUp.php">Sign Up</a></td>
</tr>
</form>
</table>
</div>
Actually you dont have to check the username as you are fetching according to the username.
WHERE username='$user'"
I think this would be enough and make the error more specific. -
if ($count > 0) {
if ($row['Password'] == $password){
$_SESSION['status'] = $row['Access'];
$_SESSION['name'] = $row['Name'];
header('Location: ./Home.php');
}
else{
echo "<p id='logInError'>Password incorrect</p>" ;
}
} else {
echo "<p id='logInError'>Username incorrect</p>" ;
}
Thank you both for the answers. I did not have any luck using either directly however the sgt BOSE solution was close. I just made sure the if($count > 0) was before the while loop and it worked perfectly. I have attached the relevant section from my new code.
if($count > 0){
while($row = $result->fetch_assoc()) {
if ($row['Password'] == $password){
$_SESSION['status'] = $row['Access'];
$_SESSION['name'] = $row['Name'];
header('Location: ./ass2Home.php');
}
else{
echo "<p id='logInError'>Those details are incorrrect</p>" ;
}
}
}
else{
echo "<p id='logInError'>Those details are incorrrect</p>";
}