so i have been trying for a while to get the data which is password in my database which i stored using md5 function.Now what i am trying to do is,i am asking user to enter id and password then if they click the button i send that data to function.
I also change the user's input as a md5 file to match the one in the database if it is true.
For example if user entered "hello" as password i change it with md5 file using $abc = md5($aramasonucu2);
However i can't make this happen for some reason and would really appriciate some help.
function func1()
{
$servername = "127.0.0.1";
$username = "root";
$password="";
$database = "customer_list";
$port = 3306;
$con = mysqli_connect($servername,$username,$password, $database, $port);
$aramasonucu = $_POST['uname'];
$aramasonucu2 = $_POST['psw']; //user input as password
$abc = md5($aramasonucu2); //user input translated to md5
$sql="SELECT * FROM customer_list WHERE ad_soyad LIKE '%$aramasonucu%' AND sifre = '$abc'";
$result=$con->query($sql);
if ($abc="ab4b5f7503")
{
?>
<html>
<head>
<style>
table {
border-collapse: collapse;
width: 180%;
}
th, td {
padding: 12px;
text-align: left;
border-bottom: 2px solid #DDD;
}
tr:hover {background-color: lightblue;}
</style>
</head>
<?php
if($row=$result->fetch_assoc())
{
echo "<table>";
echo "<tr>";
echo "<th>Ad ve Soyad</th>";
echo "<th>Telefon</th>";
echo "<th>E-Posta</th>";
echo "<th>Cari Kart Kodu</th>";
echo "<th>Olusturma Tarihi</th>";
echo "<th>Guncelleme Tarihi</th>";
echo "</tr>";
echo "<tr>";
echo "<td> $row[ad_soyad]</td>";
echo "<td> $row[telefon]</td>";
echo "<td> $row[e_posta]</td>";
echo "<td> $row[cari_kart_kodu]</td>";
echo "<td> $row[olusturma_tarihi]</td>";
echo "<td> $row[guncelleme_tarihi]</td>";
echo "</tr>";
}
else
{
echo "Wrong Password!";
}
}
}
CodePudding user response:
why you don't do it simply just check if entered id & password exists then do your next step else show an error message like this
$sql="SELECT * FROM `customer_list` WHERE `ad_soyad`='$aramasonucu' AND `sifre` = '$abc'";
//check if that id & password exists or not
$result=$con->query($sql);
if(mysqli_num_rows($result)>0){
// if number of rows greater than 0 than your next step
echo "next step";
}else{
// if some error than your error message
echo "Wrong Password";
}
CodePudding user response:
To compare the submitted password with the one in your DB do:
// Submitted details
$aramasonucu = $_POST['uname'];
$aramasonucu2 = $_POST['psw']; //user input as password
$abc = md5($aramasonucu2); //user input translated to md5
// Details held in DB
$sql="SELECT * FROM customer_list WHERE ad_soyad LIKE '%$aramasonucu%'
AND sifre = '$abc'";
$result=$con->query($sql);
while ($row=$result->fetch_assoc()){
// assuming the column name is password
$password_in_db = $row['password'];
}
// Finally compare the two
if($abc == $password_in_db){
// The two passwords match hence allow user all their privileges
}