Not recognising user/pass?


#1

I’m following ‘https://codingcyber.org/simple-shopping-cart-application-php-mysql-6394/#comment-87566’ to get just a working php website (I’m attempting to make it print out the order in store once payment is made but that’s for later when it actually works)
When I attempt to login to the Admin section it says invalid login credentials. I have tried adding a new user in the database, adding just a character password and tried adding a hash password but to no luck. Anybody know what may be going on?
image

    <?php 
session_start();
require_once '../config/connect.php'; 
if(isset($_POST) & !empty($_POST)){
  $email = mysqli_real_escape_string($connection, $_POST['email']);
  $password = md5($_POST['password']);
  $sql = "SELECT * FROM admin WHERE email='$email' AND password='$password'";
  $result = mysqli_query($connection, $sql) or die(mysqli_error($connection));
  $count = mysqli_num_rows($result);
  if($count == 1){
    //echo "User exits, create session";
    $_SESSION['email'] = $email;
    header("location: index.php");
  }else{
    $fmsg = "Invalid Login Credentials";
  }
}

#2

Honestly, that is out dated and shouldn’t be used. It raises large security concerns, which if you are using this for a business, should make you cringe.


#3

All the admin does is add and change products, if someone wants to go to the effort to bypass it i dont care, it would pretty easily be noticeable. i just am trying to get it to work for now.


#4

If you “don’t care” if someone changes it and “just want it to work” you are wasting our time. We are here to help people that want to learn and and learn correctly.


#5

It would also be pretty noticeable when the database is gone.