I have error and I don't know why

StackOverflow https://stackoverflow.com/questions/20801499

Domanda

Edit: now i have other problem. It is always return me an error. The right error but still it shouldn't. I mean that if I entered email it is writes me "email or password incorrect". If I writing name it's writes "name or password incorrect". Even if I writes the right details.

fixed: I have no idea why, but if I fill both of the fields it writes "success". It doesn't matter what I write in the fields. In the user database I have the id, username, first name, last name, email and password. This Login form should detect what the user entered: email, name or username. If there are more than one user with the same name (first or last) it won't allow him to log in with the name - only with username or password. username can contain only English letters and numbers and _ but not spaces. the first and the last name contains only letters and not spaces. Every update (changing password, username etc...) is saves in the "user" table in different row. The current row (with the newest info) written in the "action" column "current" or "register" (if user hasn't changed the info yet). 

<?php
$name = $_POST["email"];
$password = md5($_POST["password"]);
$right = false;

if(filter_var($name, FILTER_VALIDATE_EMAIL))
{//is email
    $query=mysqli_query($mysqli, "SELECT * FROM user WHERE email='".$name."' AND password='".$password."' AND (action='current' OR action='register')");
    if(mysqli_num_rows($query) != 1)
    {
        echo "Email OR password are incorrect.";
    }else{
        $right = true;
        $row = mysqli_fetch_array($query);
        $userid = $row['id'];
    }
}elseif(!empty($name))
{
    $array = explode(' ', $name);
    //detect if needs username of regular login
    if(count($array) == 1) //username
    {
        $query=mysqli_query($mysqli, "SELECT * FROM user WHERE username='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
        if(mysqli_num_rows($query) == 1)
        { //yes
            $right = true;
            $row = mysqli_fetch_array($query);
            $userid = $row['id'];
        }
        else
        { //no
            echo '<b>Username OR password are incorrect.</b> Note that if you tried to log in with your name, you need to enter the first AND last name as you entered them in the registry.';
        }
    }
    elseif(count($array) == 2) //regular
    {
        $query1=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[0]."' AND lastname='".$array[1]."' AND (action='current' OR action='register')"); 
        $query2=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[1]."' AND lastname='".$array[0]."' AND (action='current' OR action='register')"); 

        if (mysqli_num_rows($query1) == 1 && (mysqli_num_rows($query1) != mysqli_num_rows($query2)))
        { //no need for username
            $query=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[0]."' AND lastname='".$array[1]."' AND password='".$password."' AND (action='current' OR action='register')");
            if(mysqli_num_rows($query) == 1)
            {
                $right = true;
                $row = mysqli_fetch_array($query);
                $userid = $row['id'];
            }
        }
        elseif(mysqli_num_rows($query2) == 1 && (mysqli_num_rows($query1) != mysqli_num_rows($query2)))
        {
            $query=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[1]."' AND lastname='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
            if(mysqli_num_rows($query) == 1)
            {
                $right = true;
                $row = mysqli_fetch_array($query);
                $userid = $row['id'];
            }
        }
        else
        {
            echo 'Unfortunately you can not log in with your name. Please enter a user name (which you received by email) OR email address in ORDER to connect';
        }
    }
    else //error
    {
        echo 'Error Input Email';
    }
}
else
{
    echo 'Please fill all the fields.';
}

if($right){
    setcookie("userid", $userid, time() + 60 * 60 * 24 * 30, "/");
    setcookie("password", $password, time() + 60 * 60 * 24 * 30, "/");
    echo 'Success!';
}
?>

Thanks

È stato utile?

Soluzione 

$query=mysqli_query($mysqli, "SELECT * FROM user WHERE username='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
if(mysqli_num_rows($query) == 0) { //yes
    $right = true;
    $row = mysqli_fetch_array($query);
    $userid = $row['id'];
}

Right here, you are saying if there are no records that match the username and password combination, then set $right to true and proceed. I am pretty sure your check should be 

if (mysqli_num_rows($query) != 0)
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top