Help needed in login script1

[raghavthagreat]

I created a losignup page stored the info in database successfully but in the login form how to verify the username and password with the values in the database?Pls can anyone give me a code or a way to do it?

[justsomeguy]

When you have the username, get the record from the database that matches the username. Once you get the record (all you really need is the password, and if you are using a salt or something to determine if the user is active or deleted), compare the password from the database with what they entered on the form. If the password in the database is hashed then make sure to hash the password they entered the same way or the two won't match. If you try to get the record and the result comes back empty then they entered a user name that does not exist.

[raghavthagreat]

I knew that. But the code which i have entered isnt working I have changed it 100 times looked in 100 sites but no use. Can u give me syntax to verify. I mean first the code to select the password using where statement then using if statement with password.$_POST[username]$_POST[password]^^These are the two things to be used!Thanx again

[raghavthagreat]

back to top

[yoshida]

Easy, just check if the number of records with the combination of the username and password equals to one.If so, have a session created and let the protected script check if the session exists.You said you tried and checked it a number of times, can you please post the code so we can see if anything is wrong?PS this method will likely not work with a redirect domain.

[raghavthagreat]

k i take two values from the login page and then use the post variable to verify from databse on a page named login_check.phplogin_check.php<html><body><?php$con = mysql_connect("localhost","muhahah","hahaah");if (!$con) { die('Could not connect: ' . mysql_error()); }mysql_select_db("_pokemon", $con);$username = "$_POST[username]";$result = mysql_query("SELECT password FROM users WHERE username=$username");echo $result;mysql_close($con);?>I know this is not the code to check but to display because of "echo $result;" but the problem is dat it doesnt displays the password. It doesnt displays anything!

[Lulzim]

You cannot print the results of a query just by printing the $result variable. you have to use mysql_fetch_array or mysql_fetch assoc and then echo the rows one by oneaslo the sql query doesn't seem to be correct. Username is text and should be enclosed on single quotes$result = mysql_query("SELECT password FROM users WHERE username=' ".$username." ' ");

[raghavthagreat]

thx a ton for teh query I knew there was syntax problem(s) can u tell me how to use that fetch variable?

[windancer]

try this<html><body><?php$con = mysql_connect("localhost","muhahah","hahaah");if (!$con){die('Could not connect: ' . mysql_error());}mysql_select_db("_pokemon", $con);$username = "$_POST[username]";$password = "$_POST[password]";$result = mysql_query("SELECT password FROM users WHERE username='".$username."'");if($row = mysql_fetch_array($result)){ if($row['password'] == $password) //correct authentication else //wrong password}else//no such username providedmysql_close($con);?>

[raghavthagreat]

I exactly used that code but it didnt worked, oblviousely after changing those comments and changing the username and pass to correct. Sorry to bug you guys!

[windancer]

hmmm.. what does it mean by "it didnt worked"?any error message or just blank?

[raghavthagreat]

blank

[windancer]

why not u modify and try this part.. see what the program will displayif($row = mysql_fetch_array($result)){if($row['password'] == $password)echo "correct login"elseecho "wrong login"}

[raghavthagreat]

why not u modify and try this part.. see what the program will displayif($row = mysql_fetch_array($result)){if($row['password'] == $password)echo "correct login"elseecho "wrong login"}

erm..sorry but its not working its just showing blank screen. Isnt there any other way?neways heres my full code:-

<html><body><?php$con = mysql_connect("localhost","*********","*********");if (!$con){die('Could not connect: ' . mysql_error());}mysql_select_db("_pokemon", $con);$username = "$_POST[username]";$password = "$_POST[password]";$result = mysql_query("SELECT password FROM users WHERE username='".$username."'");if($row = mysql_fetch_array($result)){if($row['password'] == $password)echo "correct login"elseecho "wrong login"}else//no such username providedmysql_close($con);?>

[windancer]

can u also paste out the <form></form> part from your HTML documents? sorry for the trouble

[raghavthagreat]

well no trouble you are helping methe form is another pagelogin.php(the one I pasted was login_check.php)<html><body><form action="logincheck.php" method="post">Username:-<input type="text" name="username"><br>Password:-<input type="text" name="password"><br><input type="submit"></body></html>

[windancer]

hmm.. i tested ur code on my side, and it work well.. did u try entering a username which is in ur database?

[raghavthagreat]

cn i get the page on which u tested?

[windancer]

cn i get the page on which u tested?

i just modified the database name and the mysql login information.. can u replace the last part of ur login_check.php with this?elseecho "no such username";mysql_close($con);

[shujjah]

dude you are just not getting it u have written the wrong (action="logincheck.php") in the html form whereas it should be login_check.php as provided by u in ur previous postslolz

[justsomeguy]

Turn on error reporting, check for errors, and print out whatever values you are working with. That is part of how you debug code, it's not going to do you any good if you are testing code with error messages disabled (as they clearly are), and not checking for SQL errors. I also added mysql_real_escape_string to prevent a SQL attack, and you were getting the values out of $_POST incorrectly.

<?phpini_set("display_errors", 1);error_reporting(E_ALL);$con = mysql_connect("localhost","*********","*********");if (!$con){  die('Could not connect: ' . mysql_error());}mysql_select_db("_pokemon", $con);$username = $_POST['username'];$password = $_POST['password'];if (!$result = mysql_query("SELECT password FROM users WHERE username='".mysql_real_escape_string($username)."'")){  echo "database error:<br>" . mysql_error();  exit();}if($row = mysql_fetch_array($result)){  if($row['password'] == $password)	echo "correct login"  else	echo "wrong login.<br>entered password: {$password}<br>database password: {$row['password']}"}else{  echo "username not found: {$username}";}mysql_close($con);?>