Login Form problem

Pošto sam neiskusan u PHP, imam problem sa login formom.
Kada upisem pogresan user i lozinku sve uredu naime kada upisem tacan user i lozinku
tj. admin i admin(lozinka i user, tako stoji u bazi) ono mi vraca ovo.

echo 'Username or Password is invalid';

Isto da mi se uopšte ne ‘definira’ varijabla, tj ovaj dio.

$query = mysqli_query("SELECT * FROM `admin` WHERE `user`='$username' AND `password`='$password'");

izvolite citav source.

<?php include("../inc/db.php"); ?>
<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title>Admin Control Panel - Login</title>
	<link rel="stylesheet" href="css/logstyle.css">
</head>
<body>
	<div class="loginBox">
		<form action="login.php" method="POST">
			<div class="boxOne">
				<div class="image"></div><input type="text" name="user" placeholder="username" required>
				<div class="imagpw"></div><input type="password" name="pw" placeholder="********" required>
			</div>
			<div class="boxTwo">
				<input type="submit" value="LOGIN" name="submit">	
				<div class="rec"></div>
			<?php
			//When somebody press submit
			if(isset($_POST['submit'])){
					error_reporting(TRUE);
					//Define variables, secure from XSS and SQLi
					$_POST['user'] = strip_tags($_POST['user']);
					$_POST['pw'] = strip_tags($_POST['pw']);
					$_POST['user'] = mysql_real_escape_string($_POST['user']);
					$_POST['pw'] = mysql_real_escape_string($_POST['pw']);
					$username = $_POST['user'];
					$password = $_POST['pw'];
					//Getting data from database.
					$query = mysqli_query("SELECT * FROM `admin` WHERE `user`='$username' AND `password`='$password'");
					$rows = mysqli_num_rows($query);

					if ($rows>=1) {
					session_start();
					$_SESSION['login_user']=$username; 
					header("location: profile.php"); 
					} else {
					echo 'Username or Password is invalid';
					}
				}
			?>
			</div>
		</form>
	</div>
</body>
</html>
$query = mysqli_query("SELECT * FROM `admin` WHERE `user`='$username' AND `password`='$password'");

http://php.net/manual/en/mysqli.query.php

1 Like
$username = $_POST['user'];
$password = $_POST['pw'];

$result = mysqli_query($con,"SELECT * FROM admin WHERE user='$username'");

while($row = mysqli_fetch_array($result))
{
if ($row['password']==''.$password.'')
{
session_start();
$_SESSION['login_user']=$username; 
header("location: profile.php"); 
}
else
{
echo 'Username or Password is invalid';
}
}

Copyright © 2020 WM Forum - AboutContact - Sponsored by: Mydataknox & Profit Monkey