Error verifying result of variables with else and if

0

I'm having a problem with returning an authentication message on a login page. Specifically and where it verifies that the login and password field are checked as TRUE, if yes and the user does not contain in the database it will return "invalid user", if it contains the user and the password is wrong it should return the error of "invalid password ". The problem is that it returns invalid user and invalid password in the same condition. I have already tried several shapes there in the else and if the same thing always happens in other ways I tried.

Where did I go wrong?

Where inconsistency happens:

if ($login == TRUE && $senha == TRUE) {
        $_SESSION['login']=$login;
        unset ($_SESSION['senha']);
        echo "Senha inválida";      
}
if ($login == TRUE && $senha == TRUE) {
        unset ($_SESSION['login']);
        echo "Usúario inválido";
}

Full Validation:

session_start(); 
$login = $_POST['login']; $senha = $_POST['senha']; 
$con = mysql_connect("localhost", "root", "") or die ("Sem conexão com o servidor"); 
$select = mysql_select_db("portal") or die("Sem acesso ao DB");  
$result = mysql_query("SELECT * FROM 'USUARIO' WHERE 'NOME' = '$login' AND 'SENHA'= '$senha'"); 
if(mysql_num_rows ($result) > 0 ) {
     $_SESSION['login'] = $login; 
     $_SESSION['senha'] = $senha; 
     header('location:editar-excluir.php');
 } 
 else {
if ($login == FALSE && $senha == FALSE){
         echo"Por favor preencha o nome do usuário e senha" ;
         } 
if ($login == FALSE && $senha == TRUE) {
        echo "Por favor preencha o campo do usuário";
        }
if ($login == TRUE && $senha == FALSE) {
        echo "Por favor preencha o campo senha";
        }

if ($login == TRUE && $senha == TRUE) {
        $_SESSION['login']=$login;
        unset ($_SESSION['senha']);
        echo "Senha inválida";      
}
if ($login == TRUE && $senha == TRUE) {
        unset ($_SESSION['login']);
        echo "Usúario inválido";
}
    }
    
asked by anonymous 20.04.2016 / 01:34

1 answer

2

Two things. First you're making a lot of comparisons separated. Second, the ideal would be to check if it is empty, and use else to eliminate conditions:

if ( empty( $login ) && empty( $senha ) ){
    echo"Por favor preencha o nome do usuário e senha" ;
} elseif ( empty( $login ) ) {
    echo "Por favor preencha o campo do usuário";
} elseif ( empty( $senha ) ) {
    echo "Por favor preencha o campo senha";
} elseif ( $_SESSION['login'] == $login ) {
    unset ($_SESSION['senha']);
    echo "Senha inválida";      
} else {
    unset ($_SESSION['login']);
    echo "Usúario inválido";
}

To complement, die() (or exit() ) has been missing from redirect:

header('location:editar-excluir.php');
die();

It goes without saying that working with an open password like you are doing is inadmissible in systems for real use, but if it is just an exercise, "even goes".

Also, since you're not sanitizing POST values, it's a great chance for a curious with a minimum of knowledge to erase your entire DB remotely.

Another strange thing is the use you are making of unset() . Since I do not really understand what the real purpose of these lines is, I can not give details if they should be as they are.

It may have other problems, because just looking at the snippet of the code posted, you can not be sure how it really works.

    
20.04.2016 / 02:18