I am learning php new. In the below script after using isset, instead of showing welcome abc, it shows welcome1. Can't understand the problem. how can i fix it to "welcome abc".any help ?
<?php
session_start();
$username = isset($_POST['username']);
$password = isset($_POST['password']);
if($username == "abc" && $password =="123") {
echo 'Welcome' .$username ;
echo '<br>';
echo '<a href="logout.php">Logout</a>';
}
else
die ('wrong password');
?>
If you want to print username along with Welcome, you should change your fourth line of code with this one:
$username = isset($_POST['username']) ? $_POST['username'] : '';
OR
$username = $_POST['username'];
Your existing code is evaluating an expression which is returning true and that is getting stored in the username, so if you use username as a string it will return as "1".
Isset returns true or false if a variable is set, it does not return actual variable data.
In the following code I used ternary operator to return POSTed value or an empty string if value was not POSTed.
session_start();
$username = (isset($_POST['username'])) ? $_POST['username'] : '';
$password = (isset($_POST['password'])) ? $_POST['password'] : '';
if($username == "abc" && $password =="123") {
echo 'Welcome' .$username ;
echo '<br>';
echo '<a href="logout.php">Logout</a>';
}
else
die ('wrong password');
isset() returns a boolean value. So you're setting the $username and $password variables to the values true or false. Therefore they will never equal the strings "abc" or "123".
Check isset() separately from checking the values. It could be something as simple as this:
if (!isset($_POST['username']) || !isset($_POST['password'])) {
die ('Please supply a username and password.');
}
$username = $_POST['username'];
$password = $_POST['username'];
// etc...
As a side note, the error message "wrong password" is misleading. First of all, it could have been the username which was wrong as well. Second of all, never provide an unauthorized user with more information than they already have. If you tell an attacker that they got a username right and just got the password wrong, you've given them have of the login information. If anything doesn't match in the login, simply say that the login has failed.