Syntaxe requete certainement erronée
Résolu/Fermé
Akimme
Messages postés
33
Date d'inscription
vendredi 10 août 2018
Statut
Membre
Dernière intervention
19 mai 2019
-
3 déc. 2018 à 20:43
Akimme Messages postés 33 Date d'inscription vendredi 10 août 2018 Statut Membre Dernière intervention 19 mai 2019 - 4 déc. 2018 à 09:49
Akimme Messages postés 33 Date d'inscription vendredi 10 août 2018 Statut Membre Dernière intervention 19 mai 2019 - 4 déc. 2018 à 09:49
A voir également:
- Syntaxe requete certainement erronée
- Syntaxe precise - Forum Mail
- Erreur dimension erronée ti 83 ✓ - Forum calculatrices
- La requête graphql n’est pas autorisée facebook - Forum Facebook
- Trouver erreur de syntaxe fichier txt ✓ - Forum Programmation
- Requête sql pix - Forum Python
1 réponse
jordane45
Messages postés
38136
Date d'inscription
mercredi 22 octobre 2003
Statut
Modérateur
Dernière intervention
16 avril 2024
4 647
3 déc. 2018 à 22:42
3 déc. 2018 à 22:42
Bonjour
D'où viennent tes variables ?
As tu fais un écho de ta requête puus testé directement dans la bdd via phpmyadmin ?
Comment utilises tu cette requête dans ton code php ?
Nb:
https://codes-sources.commentcamarche.net/faq/11288-les-balises-de-code
.nb2:. On ne stocke jamais led password en clair dans la bdd.
Renseigne toi sur la fonction password_hash et password_verify
D'où viennent tes variables ?
As tu fais un écho de ta requête puus testé directement dans la bdd via phpmyadmin ?
Comment utilises tu cette requête dans ton code php ?
Nb:
https://codes-sources.commentcamarche.net/faq/11288-les-balises-de-code
.nb2:. On ne stocke jamais led password en clair dans la bdd.
Renseigne toi sur la fonction password_hash et password_verify
Modifié le 4 déc. 2018 à 09:56
Merci pour ton intervention.
Mon bout de code vient d'ici:
<?php //Add a file to connect to the database require_once("../dbconnect.php"); //We declare a cell to add errors that may occur during form processing. $_SESSION["error_messages"] = ''; //Declare a cell to add successful messages $_SESSION["success_messages"] = ''; /* Check if the form has been submitted, that is, if the Enter button has been clicked. If yes, then go ahead, if not, then we will display to the user an error message, that he went to this page directly. */ if(isset($_POST["submitButtonName"]) && !empty($_POST["submitButtonName"])){ //(2) Place to handle postal address if(isset($_POST["email"])){ //We cut the spaces from the beginning and from the end of the line $email = trim($_POST["email"]); if(!empty($email)){ $email = htmlspecialchars($email, ENT_QUOTES); //Check the format of the received email address using a regular expression. $reg_email = "/^[a-z0-9][a-z0-9\._-]*[a-z0-9]*@([a-z0-9]+([a-z0-9-]*[a-z0-9]+)*\.)+[a-z]+/i"; //If the format of the received postal address does not match the regular expression if( !preg_match($reg_email, $email)){ // Save the error message to the session. $_SESSION["error_messages"] .= "<p class='mesage_error' >Incorrect email</p>"; //We return the user to the login page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."admin/admin_auth.php"); //Removable script exit(); } } }else{ // Save the error message to the session. $_SESSION["error_messages"] .= "<p class='mesage_error' >Input Email</p>"; //We return the user to the login page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."admin/admin_auth.php"); //Removable script exit(); } //(3) Password processing location if(isset($_POST["password"])){ //We cut the spaces from the beginning and from the end of the line $password = trim($_POST["password"]); if(!empty($password)){ $password = htmlspecialchars($password, ENT_QUOTES); //Encrypt password $password = md5($password."top_secret"); }else{ // Save the error message to the session. $_SESSION["error_messages"] .= "<p class='mesage_error' ><b>Oops! Veuillez taper votre password..</b></p>"; //We return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."admin/admin_auth.php"); //Removable script exit(); } }else{ // Save the error message to the session. $_SESSION["error_messages"] .= "<p class='mesage_error' >Missing password field !</p>"; //We return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."admin/admin_auth.php"); //Removable script exit(); } //Request to the database on the user's selection. $result_query_select = $mysqli->query("SELECT * FROM `admin` WHERE email = '".$email."' AND password = '".$password."'"); if(!$result_query_select){ // Save the error message to the session. $_SESSION["error_messages"] .= "<p class='mesage_error' >Request failed to fetch user from DB</p>"; //We return the user to the registration page //Removable script exit(); }else{ //We check if there is no user in the database with such data, then we display an error message if($result_query_select->num_rows == 1){ //place to add data to the session // If the entered data coincides with the data from the database, then we save the login and password into an array of sessions. $_SESSION['email'] = $email; $_SESSION['password'] = $password; //We return the user to the main page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."admin/"); }else{ // Save the error message to the session. $_SESSION["error_messages"] .= "<p class='mesage_error' ><b>Incorrect username and / or password</b></p>"; //We return the user to the login page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."admin/admin_auth.php"); //Removable script exit(); } } } else{ exit("<p><strong>Oops!</strong> The requested page is only accessible when the user is logged on. Please, visit the <a href='index.php'> Main page </a> and log in.</p>"); }Et voici le formulaire de login présumé donner accès à mon interface
<?php //Connecting caps include_once("header_q.php"); ?> <script type="text/javascript"> $(document).ready(function(){ "use strict"; //================ Check email ================== //regular expression for checking email var pattern = /^[a-z0-9][a-z0-9\._-]*[a-z0-9]*@([a-z0-9]+([a-z0-9-]*[a-z0-9]+)*\.)+[a-z]+/i; var mail = $('input[name=email]'); mail.blur(function(){ if(mail.val() != ''){ // Check if the email matches the regular expression. if(mail.val().search(pattern) == 0){ // We remove the error message $('#valid_email_message').text(''); //Activate the submit button $('input[type=submit]').attr('disabled', false); }else{ //We display an error message $('#valid_email_message').text('Invalid Email'); // Desactivate the submit button $('input[type=submit]').attr('disabled', true); } }else{ $('#valid_email_message').text('Enter your email'); } }); //================ Password length check ================== var password = $('input[name=password]'); password.blur(function(){ if(password.val() != ''){ //If the length of the entered password is less than six characters, then we display an error message. if(password.val().length < 6){ //We display an error message $('#valid_password_message').text('The minimum password length is 6 characters.'); // Desactivate the submit button $('input[type=submit]').attr('disabled', true); }else{ // We remove the error message $('#valid_password_message').text(''); //Activate the submit button $('input[type=submit]').attr('disabled', false); } }else{ $('#valid_password_message').text('Enter password'); } }); }); </script> <!-- Block to display messages --> <div class="block_for_messages"> <?php if(isset($_SESSION["error_messages"]) && !empty($_SESSION["error_messages"])){ echo $_SESSION["error_messages"]; //Destroy the error_messages cell so that error messages do not reappear when the page is updated. unset($_SESSION["error_messages"]); } if(isset($_SESSION["success_messages"]) && !empty($_SESSION["success_messages"])){ echo $_SESSION["success_messages"]; //Destroy the success_messages cell so that messages do not reappear when the page is updated. unset($_SESSION["success_messages"]); } ?> </div> <?php //We check if the user is not authorized, then we display the authorization form, //otherwise display a message stating that it is already authorized if(!isset($_SESSION["email"]) && !isset($_SESSION["password"])){ ?> <div id="form_auth"> <p> <h1>Connecting to the interface</h1></p> <form action="auth.php" method="post"> <table border="0" cellpadding="2" cellspacing="2" width="400"> <tr> <td> <fieldset> <legend> Admin login </a> </legend><br> <table border="0" cellpadding="0" cellspacing="2" whidt="600"> <tbody> <tr> <td valign="top" width="241"> <div align="left"> Username:</div> </td> <td width="342"><input type="text" name="email" placeholder="your email address.." size="24"></td> </tr> <tr> <td width="241"> <div align="left"> Password:</div> </td> <td width="342"><input type="password" name="password" size="24"></td> </tr> <tr> <td valign="top" width="241"> <p></p> <p><input type="submit" name="submitButtonName" value="Log in"></p> <p></p> </td> </tr> </tbody> </table> </fieldset> </td> </tr> </table> </form> </div> <?php }else{ ?> <div id="authorized"> <h2>You are already logged in.</h2> </div> <?php } ?> <?php //Connecting to the footer require_once("footer.php"); ?>J'utilise ce code (mon site, Wamp et cPanel) et dans la table il y a bien mon email + pw criptée par mySql. J'ai l'ai changée 2 fois directement dans la table et activé le cryptage. J'ai aussi vidé le cache de mon navigateur mais le problème démeure: "Incorrect username and / or password"
Modifié le 4 déc. 2018 à 00:33
Modifié le 4 déc. 2018 à 09:53
Je te l'ai dit..passe par le password_hash et password_verify
4 déc. 2018 à 09:49
Je dois d'abord m'excuser. J'ai essayé de virer tout ce code mais il est resté. Il n’apparaissait plus de mon côté. Poser une question, oui, mais je ne m'attendais pas que le code s'affiche ainsi.