subha rr Posted December 16, 2008 Share Posted December 16, 2008 Hi....Below the code for userlogin page<?phpinclude "pass.php";session_start();$user = isset($_POST['user']) ? $_POST['user'] : $_SESSION['user'];$pass = isset($_POST['pass']) ? $_POST['pass'] : $_SESSION['pass'];mysql_query("insert into login('', '$user', '$pass')");$link = mysql_connect($hostname, $username, $password);if($link){ $db = mysql_select_db("time", $link);}if(!isset($pass)){?> <form method=POST action=""> <div align=center >Enter login details</div><br> <table align = center> <tr><td>Username</td><td><input type=text name=user value=""> <tr><td>Password</td><td><input type=password name=pass value=""> <tr><td><input type=submit value="Submit"></td></tr> </table> </form><?php}$user = $_SESSION['user'];$pass = $_SESSION['pass'];$sql = "select * from login where username = '$user' and password = password('$pass')";$result2 = mysql_query($sql);include "pass.php";if($result2 == $pass){ if(isset($pass)) echo "<font>Authentication Failed</font>";}?>Error will occured.Password is wrong, cannot display authentication failed.. if not check the passwordwhat is the issue for this code...pls correct code for this pageRegardssubha Link to comment Share on other sites More sharing options...
amrita Posted December 18, 2008 Share Posted December 18, 2008 $sql = "select * from login where username = '$user' and password = password('$pass')";--> $sql = ($dbconnection, "select * from login where username = '".$user."' and password = '".$pass."'");I'm not really sure, that's the problem, but this is how I would write it - unless there is a reason why you wrote it the other way.. Link to comment Share on other sites More sharing options...
Synook Posted December 19, 2008 Share Posted December 19, 2008 amrita's code is incorrect... think about it...This line has an error: mysql_query("insert into login('', '$user', '$pass')"); Link to comment Share on other sites More sharing options...
deboni Posted December 22, 2008 Share Posted December 22, 2008 this is wrong:mysql_query("insert into login('', '$user', '$pass')");You are supposed to insert an hashed pw:mysql_query("insert into login('', '$user', password('$pass')"); Link to comment Share on other sites More sharing options...
Wander Posted December 22, 2008 Share Posted December 22, 2008 arent u supposed to put what u insert, in VALUES(), and after login(...the fields ?INSERT INTO login(`user`,`pass`) VALUES('$user','$pass'); --(or however ur table looks like) Link to comment Share on other sites More sharing options...
deboni Posted December 22, 2008 Share Posted December 22, 2008 arent u supposed to put what u insert, in VALUES(), and after login(...the fields ?INSERT INTO login(`user`,`pass`) VALUES('$user','$pass'); --(or however ur table looks like)That works as well but it's not a syntax matter, at least not at this point. The problem is that subha rr tries to recall an hashed word that actually is not hashed, simply because was not inserted as hashed.Your own is new version of the same mistake:INSERT INTO login(`user`,`pass`) VALUES('$user','$pass')should beINSERT INTO login(`user`,`pass`) VALUES('$user',password('$pass')) Link to comment Share on other sites More sharing options...
deboni Posted December 22, 2008 Share Posted December 22, 2008 arent u supposed to put what u insert, in VALUES(), and after login(...the fields ?INSERT INTO login(`user`,`pass`) VALUES('$user','$pass'); --(or however ur table looks like)Sorry, now I see!Yuo're right too VALUES keyword was missing.any way $pass must inserted as password('$pass') so there are two mistakes sintax and logical.the possible solutions are two:INSERT INTO login(`user`,`pass`) VALUES('$user',password('$pass'));as wellINSERT INTO login VALUES('','$user',password('$pass')); supposing the table had three columns;regards Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.