Not recognising user/pass?

Harrypph · September 10, 2018, 2:51am

I’m following ‘https://codingcyber.org/simple-shopping-cart-application-php-mysql-6394/#comment-87566’ to get just a working php website (I’m attempting to make it print out the order in store once payment is made but that’s for later when it actually works)
When I attempt to login to the Admin section it says invalid login credentials. I have tried adding a new user in the database, adding just a character password and tried adding a hash password but to no luck. Anybody know what may be going on?

    <?php 
session_start();
require_once '../config/connect.php'; 
if(isset($_POST) & !empty($_POST)){
  $email = mysqli_real_escape_string($connection, $_POST['email']);
  $password = md5($_POST['password']);
  $sql = "SELECT * FROM admin WHERE email='$email' AND password='$password'";
  $result = mysqli_query($connection, $sql) or die(mysqli_error($connection));
  $count = mysqli_num_rows($result);
  if($count == 1){
    //echo "User exits, create session";
    $_SESSION['email'] = $email;
    header("location: index.php");
  }else{
    $fmsg = "Invalid Login Credentials";
  }
}

astonecipher · September 10, 2018, 2:20pm

Honestly, that is out dated and shouldn’t be used. It raises large security concerns, which if you are using this for a business, should make you cringe.

Harrypph · September 10, 2018, 11:15pm

All the admin does is add and change products, if someone wants to go to the effort to bypass it i dont care, it would pretty easily be noticeable. i just am trying to get it to work for now.

benanamen · September 11, 2018, 4:11am

If you “don’t care” if someone changes it and “just want it to work” you are wasting our time. We are here to help people that want to learn and and learn correctly.

astonecipher · September 11, 2018, 1:07pm

It would also be pretty noticeable when the database is gone.