raghavthagreat Posted June 21, 2007 Share Posted June 21, 2007 I created a losignup page stored the info in database successfully but in the login form how to verify the username and password with the values in the database?Pls can anyone give me a code or a way to do it? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 21, 2007 Share Posted June 21, 2007 When you have the username, get the record from the database that matches the username. Once you get the record (all you really need is the password, and if you are using a salt or something to determine if the user is active or deleted), compare the password from the database with what they entered on the form. If the password in the database is hashed then make sure to hash the password they entered the same way or the two won't match. If you try to get the record and the result comes back empty then they entered a user name that does not exist. Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 I knew that. But the code which i have entered isnt working I have changed it 100 times looked in 100 sites but no use. Can u give me syntax to verify. I mean first the code to select the password using where statement then using if statement with password.$_POST[username]$_POST[password]^^These are the two things to be used!Thanx again Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 back to top Link to comment Share on other sites More sharing options...
yoshida Posted June 22, 2007 Share Posted June 22, 2007 Easy, just check if the number of records with the combination of the username and password equals to one.If so, have a session created and let the protected script check if the session exists.You said you tried and checked it a number of times, can you please post the code so we can see if anything is wrong?PS this method will likely not work with a redirect domain. Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 k i take two values from the login page and then use the post variable to verify from databse on a page named login_check.phplogin_check.php<html><body><?php$con = mysql_connect("localhost","muhahah","hahaah");if (!$con) { die('Could not connect: ' . mysql_error()); }mysql_select_db("_pokemon", $con);$username = "$_POST[username]";$result = mysql_query("SELECT password FROM users WHERE username=$username");echo $result;mysql_close($con);?>I know this is not the code to check but to display because of "echo $result;" but the problem is dat it doesnt displays the password. It doesnt displays anything! Link to comment Share on other sites More sharing options...
Lulzim Posted June 22, 2007 Share Posted June 22, 2007 You cannot print the results of a query just by printing the $result variable. you have to use mysql_fetch_array or mysql_fetch assoc and then echo the rows one by oneaslo the sql query doesn't seem to be correct. Username is text and should be enclosed on single quotes$result = mysql_query("SELECT password FROM users WHERE username=' ".$username." ' "); Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 thx a ton for teh query I knew there was syntax problem(s) can u tell me how to use that fetch variable? Link to comment Share on other sites More sharing options...
windancer Posted June 22, 2007 Share Posted June 22, 2007 try this<html><body><?php$con = mysql_connect("localhost","muhahah","hahaah");if (!$con){die('Could not connect: ' . mysql_error());}mysql_select_db("_pokemon", $con);$username = "$_POST[username]";$password = "$_POST[password]";$result = mysql_query("SELECT password FROM users WHERE username='".$username."'");if($row = mysql_fetch_array($result)){ if($row['password'] == $password) //correct authentication else //wrong password}else//no such username providedmysql_close($con);?> Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 I exactly used that code but it didnt worked, oblviousely after changing those comments and changing the username and pass to correct. Sorry to bug you guys! Link to comment Share on other sites More sharing options...
windancer Posted June 22, 2007 Share Posted June 22, 2007 hmmm.. what does it mean by "it didnt worked"?any error message or just blank? Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 blank Link to comment Share on other sites More sharing options...
windancer Posted June 22, 2007 Share Posted June 22, 2007 why not u modify and try this part.. see what the program will displayif($row = mysql_fetch_array($result)){if($row['password'] == $password)echo "correct login"elseecho "wrong login"} Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 why not u modify and try this part.. see what the program will displayif($row = mysql_fetch_array($result)){if($row['password'] == $password)echo "correct login"elseecho "wrong login"}erm..sorry but its not working its just showing blank screen. Isnt there any other way?neways heres my full code:-<html><body><?php$con = mysql_connect("localhost","*********","*********");if (!$con){die('Could not connect: ' . mysql_error());}mysql_select_db("_pokemon", $con);$username = "$_POST[username]";$password = "$_POST[password]";$result = mysql_query("SELECT password FROM users WHERE username='".$username."'");if($row = mysql_fetch_array($result)){if($row['password'] == $password)echo "correct login"elseecho "wrong login"}else//no such username providedmysql_close($con);?> Link to comment Share on other sites More sharing options...
windancer Posted June 22, 2007 Share Posted June 22, 2007 can u also paste out the <form></form> part from your HTML documents? sorry for the trouble Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 well no trouble you are helping methe form is another pagelogin.php(the one I pasted was login_check.php)<html><body><form action="logincheck.php" method="post">Username:-<input type="text" name="username"><br>Password:-<input type="text" name="password"><br><input type="submit"></body></html> Link to comment Share on other sites More sharing options...
windancer Posted June 22, 2007 Share Posted June 22, 2007 hmm.. i tested ur code on my side, and it work well.. did u try entering a username which is in ur database? Link to comment Share on other sites More sharing options...
raghavthagreat Posted June 22, 2007 Author Share Posted June 22, 2007 cn i get the page on which u tested? Link to comment Share on other sites More sharing options...
windancer Posted June 22, 2007 Share Posted June 22, 2007 cn i get the page on which u tested?i just modified the database name and the mysql login information.. can u replace the last part of ur login_check.php with this?elseecho "no such username";mysql_close($con); Link to comment Share on other sites More sharing options...
shujjah Posted June 22, 2007 Share Posted June 22, 2007 dude you are just not getting it u have written the wrong (action="logincheck.php") in the html form whereas it should be login_check.php as provided by u in ur previous postslolz Link to comment Share on other sites More sharing options...
justsomeguy Posted June 25, 2007 Share Posted June 25, 2007 Turn on error reporting, check for errors, and print out whatever values you are working with. That is part of how you debug code, it's not going to do you any good if you are testing code with error messages disabled (as they clearly are), and not checking for SQL errors. I also added mysql_real_escape_string to prevent a SQL attack, and you were getting the values out of $_POST incorrectly. <?phpini_set("display_errors", 1);error_reporting(E_ALL);$con = mysql_connect("localhost","*********","*********");if (!$con){ die('Could not connect: ' . mysql_error());}mysql_select_db("_pokemon", $con);$username = $_POST['username'];$password = $_POST['password'];if (!$result = mysql_query("SELECT password FROM users WHERE username='".mysql_real_escape_string($username)."'")){ echo "database error:<br>" . mysql_error(); exit();}if($row = mysql_fetch_array($result)){ if($row['password'] == $password) echo "correct login" else echo "wrong login.<br>entered password: {$password}<br>database password: {$row['password']}"}else{ echo "username not found: {$username}";}mysql_close($con);?> Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.