PHP login validation

  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

I'm having trouble with my php validation code to check if the username and password matches the one in my database.



Code: [ Select ]
  

//Connect to database myblog
if ($dbc = @mysql_connect('localhost', 'webuser')) { //connect to MySQL
    mysql_select_db('myblog); //Select database
    
    if (($user) AND ($pass)) {

  $query = "SELECT user, pass FROM blog_users WHERE $user = {$_POST['user']} AND $pass= {$_POST['pass']}";
 
  $result = mysql_query($query, $dbc);
   if(mysql_num_rows($result)) {
  
    $query = "UPDATE from blog_users SET date_entered=NOW() WHERE $user = {$_POST['user']} AND $pass= {$_POST['pass']}";
  
   mysql_query($query,$dbc);
  
   }
   }
  
  
   else {
    print("Sorry, this login is invalid.");
    exit;
   }
       
    mysql_close(); //Close the connection.     

}

else {

print '

<table border="0">


<h3> Log In </b> </h3>

<form action="login.php" method="post">


<tr>
<td> Username: </td> <td> <input type="text" name="user" size="20" maxsize = "100"> </td>
</tr>

<tr>
<td> Password </td> <td> <input type="password" name="pass" size="20"> </td>
</tr>

<tr>
<td> <input type="submit" name="submit" value="Login"> </td>
</tr>


</form>
</table>';

}

?>
  1.   
  2. //Connect to database myblog
  3. if ($dbc = @mysql_connect('localhost', 'webuser')) { //connect to MySQL
  4.     mysql_select_db('myblog); //Select database
  5.     
  6.     if (($user) AND ($pass)) {
  7.   $query = "SELECT user, pass FROM blog_users WHERE $user = {$_POST['user']} AND $pass= {$_POST['pass']}";
  8.  
  9.   $result = mysql_query($query, $dbc);
  10.    if(mysql_num_rows($result)) {
  11.   
  12.     $query = "UPDATE from blog_users SET date_entered=NOW() WHERE $user = {$_POST['user']} AND $pass= {$_POST['pass']}";
  13.   
  14.    mysql_query($query,$dbc);
  15.   
  16.    }
  17.    }
  18.   
  19.   
  20.    else {
  21.     print("Sorry, this login is invalid.");
  22.     exit;
  23.    }
  24.        
  25.     mysql_close(); //Close the connection.     
  26. }
  27. else {
  28. print '
  29. <table border="0">
  30. <h3> Log In </b> </h3>
  31. <form action="login.php" method="post">
  32. <tr>
  33. <td> Username: </td> <td> <input type="text" name="user" size="20" maxsize = "100"> </td>
  34. </tr>
  35. <tr>
  36. <td> Password </td> <td> <input type="password" name="pass" size="20"> </td>
  37. </tr>
  38. <tr>
  39. <td> <input type="submit" name="submit" value="Login"> </td>
  40. </tr>
  41. </form>
  42. </table>';
  43. }
  44. ?>


It just isn't working... any suggestions?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • jblow
  • Student
  • Student
  • jblow
  • Posts: 96

Post 3+ Months Ago

looks like you copy pasted a bunch of codes together? true?


1) maybe register globals isnt enabled on your server, therefore it will never get to the second if statement, instead try:
Code: [ Select ]
if ($_POST['user'] && $_POST['pass']) {



2) maybe when you first set the username and password you encrypted it using md5, therefore you're not checking to match for the encrypted password


3)
Code: [ Select ]
//you can replace this:
mysql_query($query,$dbc);

//with this...
mysql_query($query);

//you dont need this:
mysql_close(); //Close the connection. 
  1. //you can replace this:
  2. mysql_query($query,$dbc);
  3. //with this...
  4. mysql_query($query);
  5. //you dont need this:
  6. mysql_close(); //Close the connection. 


4)
Code: [ Select ]
//dont get into the habit of using this for comparisons
if (($user) AND ($pass))

//instead use
if($user && $pass)
  1. //dont get into the habit of using this for comparisons
  2. if (($user) AND ($pass))
  3. //instead use
  4. if($user && $pass)
  • nuhorizon
  • Student
  • Student
  • nuhorizon
  • Posts: 68

Post 3+ Months Ago

alright, i made it a bit simpler, it's still not working and now i'm just confused with my code.. don't know what to do now .

Code: [ Select ]


<?php

ini_set('display_errors', 1);
error_reporting(E_ALL & ~E_NOTICE);


$user = $_POST['user'];
$pass = $_POST['pass'];



//Connect to database myblog
if ($dbc = @mysql_connect('localhost', 'webuser')) { //connect to MySQL
    mysql_select_db('myblog'); //Select database

    if ($user && $pass) {
     $query = "SELECT user, pass FROM blog_users WHERE user= $user AND pass= $pass";
    
     mysql_query($query);
    
     print '<p> Your in! </p>';
    }
    

   else {
    print("Sorry, this login is invalid."); 
   }
       

}

 
?>
  1. <?php
  2. ini_set('display_errors', 1);
  3. error_reporting(E_ALL & ~E_NOTICE);
  4. $user = $_POST['user'];
  5. $pass = $_POST['pass'];
  6. //Connect to database myblog
  7. if ($dbc = @mysql_connect('localhost', 'webuser')) { //connect to MySQL
  8.     mysql_select_db('myblog'); //Select database
  9.     if ($user && $pass) {
  10.      $query = "SELECT user, pass FROM blog_users WHERE user= $user AND pass= $pass";
  11.     
  12.      mysql_query($query);
  13.     
  14.      print '<p> Your in! </p>';
  15.     }
  16.     
  17.    else {
  18.     print("Sorry, this login is invalid."); 
  19.    }
  20.        
  21. }
  22.  
  23. ?>
  • Niall Lally
  • Student
  • Student
  • User avatar
  • Posts: 71
  • Loc: Galway, Ireland

Post 3+ Months Ago

your code looks okay, you left out the '$var' around the variable in the sql statement anyway ill post my code so you can see. if you arent getting an error you might have made a mistake with the names of your variables

PHP Code: [ Select ]
 
<?php
 
$connection = mysql_connect("localhost","mydb8303489736","mydb83600Y");  
 
mysql_select_db("mydb83", $connection);  
 
$username = addslashes($_POST['txtUsername']);
 
$password = $_POST['txtPassword'];
 
$sql = "SELECT * FROM Users WHERE Name = '$username' AND Password ='$password'";  
 
$row = mysql_fetch_assoc(mysql_query($sql));  
 
if( $row['Name'] == $username && $row['Password'] == $password ){
 
    session_start();  
 
    $_SESSION["myusername"] = $username;  
 
    header("location:newindex.php");  
 
} else {  
 
    header("location:errorlog.html");  
 
}  
 
?>
 
 
  1.  
  2. <?php
  3.  
  4. $connection = mysql_connect("localhost","mydb8303489736","mydb83600Y");  
  5.  
  6. mysql_select_db("mydb83", $connection);  
  7.  
  8. $username = addslashes($_POST['txtUsername']);
  9.  
  10. $password = $_POST['txtPassword'];
  11.  
  12. $sql = "SELECT * FROM Users WHERE Name = '$username' AND Password ='$password'";  
  13.  
  14. $row = mysql_fetch_assoc(mysql_query($sql));  
  15.  
  16. if( $row['Name'] == $username && $row['Password'] == $password ){
  17.  
  18.     session_start();  
  19.  
  20.     $_SESSION["myusername"] = $username;  
  21.  
  22.     header("location:newindex.php");  
  23.  
  24. } else {  
  25.  
  26.     header("location:errorlog.html");  
  27.  
  28. }  
  29.  
  30. ?>
  31.  
  32.  


for this to work you have to have both fields in the db set to binary so that it will check the correct casing of the user input
  • sandeep87
  • Born
  • Born
  • sandeep87
  • Posts: 1

Post 3+ Months Ago

hey what does the header tag do?
header("location:newindex.php");

if it points to that php page. what should be done if the required page is in different folder??
  • rexxy
  • Beginner
  • Beginner
  • rexxy
  • Posts: 41

Post 3+ Months Ago

sandeep87 wrote:
hey what does the header tag do?
header("location:newindex.php");

if it points to that php page. what should be done if the required page is in different folder??


header('Location: different_folder/different_file.php');
exit(); /// add exit so the script finishes here, doesn't execute anything beyond this point
  • jaakhermans
  • Born
  • Born
  • jaakhermans
  • Posts: 1

Post 3+ Months Ago

CHECK OUT the database abstraction Layer : MDB2.php
this will really help you for better DB development!!!

;)
just a hint

Post Information

  • Total Posts in this topic: 7 posts
  • Users browsing this forum: No registered users and 111 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.