0

I am writing a simple login validation. (I know people say I shouldn't deal with passwords in plaintext, because it's dangerous, however, I am doing this for a school assignment where we do not need to use any security.) The issue I am having here is that I can't get the message for login to be successful. I am getting a login failure. I inserted a couple of users and passwords into a database table. What I need to do is to get the value from the "name" column and the "pwd" (password) column from my database table and allow a successful login (in Javascript) if the user's input has a match with the user and password in the database table.

Here is my form code:

 <form method="post" action="login.php"  onsubmit="validateForm()"  id="loginForm" name="loginForm">


         Name:<br>

         <input type="text" name="personName"><br>

         Password:<br>

         <input type="password" name="pswd"><br>

      <input type="submit" name="submit" id="submit" value="Login" />

</form>

Javascript:

<script>
       function validateForm() 
       {
        var n = document.loginForm.personName.value;
        var p = document.loginForm.pswd.value;
        //The var below is what I need help on.
       var name = "<?php echo $row['name']; ?>"; 
        //The var below is what I need help on.
        var ps =  "<?php echo $row['pwd']; ?>";
        if ((n == name) && (p == ps)) 
        {
            alert ("Login successful!");
            return true;
        }
        else 
        {
            alert ("Login failed! Username or password is incorrect!");
            return false;
        }
       }
</script>

PHP code (I have an empty while statement just in case I need it):

  <?php

    function validateLogin() 
    {
        //I hid this information from here.
        $servername = "";
        $username = "";
        $password = "";
        $dbname = "";

        // Create connection
        $dbc = new mysqli($servername, $username, $password, $dbname);
        // Check connection
        if ($dbc->connect_error) 
        {
            die("Connection failed: " . $dbc->connect_error);
        }


            $n = $_POST["personName"];
            $p = $_POST["pswd"];


            $query = "SELECT `name`, `pwd` FROM `chatApp`";
            $result = $dbc->query($query);

            $numRows = mysql_num_rows($result);

            $count = 1;

        if ($result->num_rows > 0) 
        {

            while($row = $result->fetch_assoc()) 
            {



            }

        } 
        else
        {
            echo "0 results";
        }

        $dbc->close();

    }

    if(array_key_exists('loginForm',$_POST))
    {
       validateLogin();
    }

    ?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Wash Hands
  • 11
  • 3
  • Have you tried adding `WHERE` clause on the SQL? e.g. `WHERE name = '$n' AND pwd = '$p';` – Luffy Apr 18 '18 at 03:22
  • @Emerald If I try doing that, what do I do if name is not equal to $n or if password is not equal to $p? – Wash Hands Apr 18 '18 at 03:28
  • Read the top two answers here to get an understanding of the variable usage: https://stackoverflow.com/questions/23740548/how-to-pass-variables-and-data-from-php-to-javascript. Apart from that, you also need to use a `where` clause in your SQL as mentioned above. If there is no match, it is a login failure, isn't it? – cnvzmxcvmcx Apr 18 '18 at 03:55
  • you're mixing different mysql apis also – Funk Forty Niner Apr 18 '18 at 13:40
  • @WashHands you have to check if exist an user with name = '$n' and pwd = '$p', if retrieve a row, it exist, if no exist rows is becouse validation going false/wrong – Roy Bogado Apr 18 '18 at 15:11
  • @Roy Sorry I solved the issue doing something else so I just decided to delete my question (but I had to edit and delete the code) so that my professor doesn't see this and think I copied. – Wash Hands Apr 18 '18 at 15:30
  • I rolled your question back. If you're wanting to delete the post, either delete it yourself or flag your post for moderation. – Funk Forty Niner Apr 20 '18 at 13:05

0 Answers0