- Please help! I have seen how to create a login form from this article:
https://www.thaicreate.com/community/sqlsrv-function-php-sql-server-login-form-check-username-password.html
- But in my database there is a Password field that is encrypted and has NULL values as shown in the figure:
- I type in my Password field which is not encrypted or set to NULL value then I will report the error Username and Password Incorrect!
Quote:
$strSQL = "SELECT * FROM Sys_Users WHERE User_Code='sa' AND User_Password=' ';
$parameters = [$_POST["txtUsername"], $_POST["txtPassword"]];
$objQuery = sqlsrv_query($conn, $strSQL, $parameters);
$objResult = sqlsrv_fetch_array($objQuery,SQLSRV_FETCH_ASSOC);
1) if you want pass through parameter No.1 , No.2 via ?(question mark) don't remove it.
$strSQL = "SELECT * FROM member WHERE Username=? and Password=?";
$parameters = [$_POST["txtUsername"], $_POST["txtPassword"]];
$objQuery = sqlsrv_query($objCon, $strSQL, $parameters);
$objResult = sqlsrv_fetch_array($objQuery,SQLSRV_FETCH_ASSOC);
? Color=RED mean prameter No.1 <= from [$_POST["txtUsername"] ? Color=BLUE mean prameter No.2 <= from $_POST["txtPassword"];
2) you can try with no parameter(static value for test)
$strSQL = "SELECT * FROM Sys_Users WHERE User_Code='sa' AND User_Password IS NULL";
$objQuery = sqlsrv_query($conn, $strSQL);
$objResult = sqlsrv_fetch_array($objQuery,SQLSRV_FETCH_ASSOC);
-Thanks for the feedback to me.
-However, the Password null field can run to the admin_page page, but the encrypted password field cannot access it. Error Username and Password Incorrect!
$ip_address_for_admin = ['xxx.xxx.xxx.xxx', 'yyy.yyy.yyy.yyy'];
if(!in_array( $_SERVER['REMOTE_ADDR', $ip_address_for_admin) ){
$sql.=' where Password=? and Password is not null';
.....
}
Important!!
Passwords are absolutely necessary
Should not leave blank
I understand the problem, but in the database User: Admin and Pass are encoded as:W/0-s2AB. But when the encrypted Admin user is not encrypted: 123456.
In the Login Form I type: User: Admin and Pass: 123456, the error is Error Username and Password Incorrect!