Do not receive data from POST

1

I'm trying to generate the login according to the data of the database and proceed to the page restricted to registered users, but the incorrect password error occurs.

Front-end:

<div class="login-form">    
        <form action="modulo.php" method="POST">
        <input type="email" placeholder="E-mail" value="email" >
        <input type="password" placeholder="Senha" value="password" >
        <input type="submit" class="btn-submit" value="Login"> 
    </div>

Back-end

 <?php

    session_start();
    // error_reporting('1');
    include 'config.php';

    // username and password sent from form
    $myusername=$_POST['email'];
    $mypassword=$_POST['password'];


    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);

    $sql="SELECT * FROM login WHERE email='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);


    // If result matched $myusername and $mypassword, table row must be 1 row

    if($count==1){

    // Register $myusername, $mypassword and redirect to file "menu.php"
    $_SESSION['email']=$myusername;
    $_SESSION['password']=$mypassword;
    header("location:menu.php");
    }
    else {
    echo "<b class='error'>Wrong Username or Password</b>";
    }
    ?>
    
asked by anonymous 29.06.2014 / 19:13

3 answers

4

You are missing name="nomeDoCampo" on your form inputs ...

Try this:

<div class="login-form">    
    <form action="modulo.php" method="POST">
    <input type="email" name="email" placeholder="E-mail" value="email" >
    <input type="password" name="password" placeholder="Senha" value="password" >
    <input type="submit" class="btn-submit" value="Login"> 
</div>
    
29.06.2014 / 19:15
1

The problem is the mysql_* function you are using.

It is already obsolete and very vunerable. use the mysqli_ * library or learn PDO.

In this case, your code will look like this.

$myusername=mysqli_real_escape_string(stripslashes($_POST['email']));
$mypassword=mysqli_real_escape_string(stripslashes($_POST['password']));

NOTE: Since you are using the mysqli_ * library in the example above, you will have to adapt all of your code with this lib, for most functions, put the "i" at the end.     

30.06.2014 / 18:31
0

Try this:

<?php

session_start();
// error_reporting('1');
include 'config.php';

// username and password sent from form
$myusername=mysql_real_escape_string(stripslashes($_POST['email']));
$mypassword=mysql_real_escape_string(stripslashes($_POST['password']));


$sql="SELECT * FROM login WHERE email='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);


// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "menu.php"
$_SESSION['email']=$myusername;
$_SESSION['password']=$mypassword;
header("location:menu.php");
}
else {
echo "<b class='error'>Wrong Username or Password</b>";
}
?>
    
29.06.2014 / 21:22