Home » Php » php – Logging in without using password and username

php – Logging in without using password and username

Posted by: admin February 25, 2020 Leave a comment

Questions:

I am able to login to my user page and admin page without giving password and username. when usertype is selected and click on login both are getting loggedin. here is my login.php code

<?php
$servername="SERVER";
$username="USER";
$password="PWD";
$dbname="DB";
$conn = mysqli_connect($servername, $username, $password, $dbname);
echo("conneciton");
if(isset($_POST['Login'])){
$user=$_POST['user'];
$pass = $_POST['pass'];
$usertype=$_POST['usertype'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' and usertype='".$usertype."'";
$result = mysqli_query($conn, $query);
if($result){
while($row=mysqli_fetch_array($result)){
echo'<script type="text/javascript">alert("you are login successfully and you are logined as ' .$row['usertype'].'")</script>';

}
if($usertype=="admin"){
?>
<script type="text/javascript">
window.location.href="index.php"</script>
<?php

}else{
?>
<script type="text/javascript">
window.location.href="user.php"</script>
<?php

}
}else{
echo 'no result';
}
}

?>


<html>

<head>
<!-- title and meta -->
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>admin</title>
   <!-- /title and meta -->
   <script src="js/jquery.js"></script>
    <!-- Bootstrap -->
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->

    <!-- Include all compiled plugins (below), or include individual files as needed -->
    <script src="js/bootstrap.min.js"></script>
     <link href="css/adminindex.css" rel="stylesheet"> 
</head>
<body class='bg-image'>
    <center><div class="col-md-4 col-sm-4 col-xs-10 formclass">
<form action="" method="post" name="Login_Form">
 <table>
<tr>
      <td colspan="2" align="left" valign="top"><h3>Login</h3></td>
    </tr>
    <tr>
<td  valign="top">Username:</td><td><input type="text" name="user" placeholder="enter your username"
 </td>
</tr>
<tr>
<td >Password:</td><td><input type="text" name="pass" placeholder="enter your password"</td>
</tr>
<tr>
<td>
Select user type:</td><td> <select name="usertype">

<option value="admin">admin</option>
<option value="user">user</option>
</select>
</td>
</tr>
<tr>
<td><input type="submit" name="Login" value="Login"></td>
</tr>
</table>
       </form>   </div>

 </center>
</body>
</html>

my database table name is multiuserlogin and column are username password usertype
Please help me on this, i need to verify my username password and then only able to login

How to&Answers:

Your if statement

if($result){

is always true, because it contains the query not the results. So you are logged in as the usertype you have selected.

Adjust the db information and try this out:

$conn = new mysqli("SERVER", "USER", "PWD", "DB");

if (!$conn->connect_error) {
  echo("connected");

  if(isset($_POST['Login'])){
    $user = $_POST['user'];
    $pass = $_POST['pass'];

    $query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' LIMIT 1";
    $result = $conn->query($query);
    $logged_user = $result->fetch_array(MYSQLI_ASSOC);
    $conn->close();

    if(is_array($logged_user) && $logged_user['username'] == $user)  {
      echo '<script type="text/javascript">alert("you are login successfully and you are logined as ' . $logged_user['usertype'] .'")</script>';
      if($logged_user['usertype'] == "admin"){
        echo '<script type="text/javascript">window.location.href="index.php"</script>';
      } else {
        echo '<script type="text/javascript">window.location.href="user.php"</script>';
      }
    } else {
    echo 'no result';
    }
  }
}

Dont forget to validate for preventing SQL injections.