-3

After clicking on the login button it remains on the same page and it does not give nay output for example:if i put in a wrong userid or password it should echo something but it does not echo anything and stays the same the code for LOGIN.PHP FILE is:

<!DOCTYPE html>    
<html>    
<head>    
<meta charset="utf-8">       
<title>title of the document</title>   


    <link rel="stylesheet" type="text/css" href="style.css">
   </head>
   <body>
      <form action"signin.php" method="POST">
        <input type="text" name="uid" placeholder="Username"><br>
        <input type="password" name="password" placeholder="PAssword"><br>
        <button type="submit">SIGN IN</button><br>
      </form>
      <br><br><br><br>
      <form action="signup1.php" method="POST">
        <input type="text" name="firstname" placeholder="Firstname"><br>
        <input type="text" name="lastname" placeholder="Lastname"><br>
        <input type="text" name="uid" placeholder="Username"><br>
        <input type="password" name="password" placeholder="PAssword"><br>
        <button type="submit">SIGN UP</button><br>
        </form>
      </body>
     </html>

the signin.php file is:

<?php
   include 'dbh1.php';
    $userid=$_POST['uid'];
    $pwd=$_POST['password'];
    $sql="select * from userlogin where uid='$userid' AND password='$pwd'";
    $result = $conn->query($sql);
   if (!$row = $result->fetch_assoc())
    {
      echo "YOU ARE NOT LOGGED IN INCORRECT CREDENTIALS!!";
    }
    else {
      echo "SUCCESFULLY LOGGED IN!!";
    }
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Aaswin Sinha
  • 11
  • 5
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Apr 29 '17 at 19:48
  • You must be storing PLAIN TEXT passwords. **That is a bad practice** PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) – RiggsFolly Apr 29 '17 at 19:51
  • Do a GOOGLE on `How to Create a Login Page in PHP` and read a few tutorials – RiggsFolly Apr 29 '17 at 19:54
  • kindly tell me the error !! m just a beginner – Aaswin Sinha Apr 29 '17 at 20:06
  • Kindly, do a little research for yourself. Thats what we all have to do when we are beginners – RiggsFolly Apr 29 '17 at 20:07
  • actually i have researched a lot for the pst few hours but m not able to solve it any kind of help will be appreciated – Aaswin Sinha Apr 29 '17 at 20:09
  • http://www.phpeasystep.com/phptu/6.html – RiggsFolly Apr 29 '17 at 20:11
  • actually what i want is to display loginsuucesfull or insuccesfull login messages after clicking in the signin button but it does not display anything !thats the problem – Aaswin Sinha Apr 29 '17 at 20:13
  • help asap please – Aaswin Sinha Apr 29 '17 at 20:23

1 Answers1

0

I have tried this and it is working. Here learn prepared statements

<form action"signin.php" method="POST">
    <input type="text" name="uid" placeholder="Username"><br>
    <input type="password" name="password" placeholder="PAssword"><br>
    <input type="submit" value="Sign In" />
</form>

<?php
    include 'database.php';
    $userid=$_POST['uid'];
    $pwd=$_POST['password'];
    $stmt = $conn->prepare("select * from userlogin where uid=? AND password=?");
    $stmt->bind_param("ss",$userid, $pwd);
    $stmt->execute();
    $result = $stmt->get_result();
    $row = $result->fetch_assoc();
    $stmt->close();

With prepared statements you have achieved a lot of things. Just try to check it.

Ali Rasheed
  • 2,765
  • 2
  • 18
  • 31