Username/Password Verification

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sleepydad
Forum Commoner
Posts: 75
Joined: Thu Feb 21, 2008 2:16 pm

Username/Password Verification

Post by sleepydad »

I'm using the following to test for duplicate username and password. It's not working, and I'm wondering why. It does not recognize the $dupe and inserts a new record into my database every time rather than updating in the case of a $dupe. Any assistance would be greatly appreciated.

Code: Select all

 
<?php
 
session_start();
 
$_SESSION['task']=$_POST['task'];
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['username']=md5($_POST['username']);
$_SESSION['password']=md5($_POST['pword']);
$_SESSION['home']=$_POST['home'];
$_SESSION['cell']=$_POST['cell'];
 
$db=new mysqli('localhost', 'root', 'pword', 'dbname');
 
$query="select * from `addresses`";
$result=$db->query($query);
$numRows=$result->num_rows;
 
$dupe=false;
 
for ($I=0; $i<$numRows; $i++) {
$row=$result->fetch_assoc();
if ($_SESSION['username']==$row['username'] && $_SESSION['password']==$row['password']) {
$dupe=true;
$useID=$row['id'];
break;
} 
}
 
if ($dupe) {
$query="update `addresses` set `firstname`='".$_SESSION['firstname']."' , `lastname`='".$_SESSION['lastname']."', `username`='".$_SESSION['username']."', `password`='".$_SESSION['password']."', `home`='".$_SESSION['home']."', `cell`='".$_SESSION['cell']."' where `id`='$useID'";
$result=$db->query($query);
} else {
$query="insert into `addresses` values ('', '".$_SESSION['firstname']."', '".$_SESSION['lastname']."', '".$_SESSION['username']."', '".$_SESSION['password']."', '".$_SESSION['home']."', '".$_SESSION['cell']."')";
$result=$db->query($query);
}
 
$result->free();
$db->close();
 
session_destroy();
 
 
?>
 
Mark Baker
Forum Regular
Posts: 710
Joined: Thu Oct 30, 2008 6:24 pm

Re: Username/Password Verification

Post by Mark Baker »

Try changing your query

Code: Select all

 
$query="SELECT * 
FROM `addresses`
WHERE username='".$_SESSION['username']."'
AND password='".$_SESSION['password']."'";
 
 
and is the username really hashed in the database?
sleepydad
Forum Commoner
Posts: 75
Joined: Thu Feb 21, 2008 2:16 pm

Re: Username/Password Verification

Post by sleepydad »

Thanks very much for the reply.

So if there is a 'match/dupe' as a result of your 'select from ...' query, how would I then target that record to update? ie $query=update `addresses` set `firstname`=$_SESSION['firstname']...WHERE id=???

If there is NO match, how would I send to the else part of the statement else { $query="INSERT into ...}

Not absolutely necessary to hash username, and yes that's how I have been saving to db. I could disable that if need be.
Mark Baker
Forum Regular
Posts: 710
Joined: Thu Oct 30, 2008 6:24 pm

Re: Username/Password Verification

Post by Mark Baker »

Well

Code: Select all

for ($I=0; $i<$numRows; $i++) {
doesn't look too good either. Variables are case-sensitive in PHP, so $I and $i are not the same.
You should really use a

Code: Select all

while ($row=$result->fetch_assoc()) {
loop when retrieving more than one row from the database.

However, using the query I gave, you should get either 0 or 1 rows returned: 0 if this is a new user, 1 for an existing user; and can use that rather than $dupe
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Username/Password Verification

Post by flying_circus »

sleepydad wrote:

Code: Select all

 
<?php
 ...
 
for ($I=0; $i<$numRows; $i++) {
 
...
?>
 
Why is there 2 different variable names in your for statement?

And yes, as was mentioned above about the query, you could improve it. Rather than gathering ALL of the rows from the database and then loop through each to compare it, why dont you just gather the rows that match (if any) and then determine your dupe. Make the SQL server do this type of work, for a large project it will make a large performance difference.

EDIT: Mark, you beat me to it :)
sleepydad
Forum Commoner
Posts: 75
Joined: Thu Feb 21, 2008 2:16 pm

Re: Username/Password Verification

Post by sleepydad »

Thanks again, everyone. Obviously I'm a greenhorn when it comes to php, so I appreciate your patience. Now I have the following. I'm still unclear on how to target the row and update it's contents or insert a new record. I read the reply saying that it would produce either 0 or 1, but I don't understand how to use that in subsequent queries. Also, sorry about the typo on "i" and "I". I do know better than that - just an oversight on my part.

Code: Select all

 
<?php
 
session_start();
 
$_SESSION['task']=$_POST['task'];
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=md5($_POST['pword']);
$_SESSION['home']=$_POST['home'];
$_SESSION['cell']=$_POST['cell'];
 
$db=new mysqli('localhost', 'root', 'password', 'db');
 
$query="SELECT * FROM `addresses` WHERE username='".$_SESSION['username']."' AND password='".$_SESSION['password']."'";
$result=$db->query($query);
 
$result->free();
$db->close();
 
 
session_destroy();
 
 
?>
 
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Username/Password Verification

Post by flying_circus »

See Comments In Line

Code: Select all

<?php
  session_start();
 
  $_SESSION['task']=$_POST['task'];
  $_SESSION['firstname']=$_POST['firstname'];
  $_SESSION['lastname']=$_POST['lastname'];
  $_SESSION['username']=$_POST['username'];
  $_SESSION['password']=md5($_POST['pword']);
  $_SESSION['home']=$_POST['home'];
  $_SESSION['cell']=$_POST['cell'];
 
  $db=new mysqli('localhost', 'root', 'password', 'db');
 
  $query="SELECT * FROM `addresses` WHERE username='{$_SESSION['username']}' AND password='{$_SESSION['password']}';";
  $result=$db->query($query);
 
  /////////////////
  // METHOD 1
  // Probably the best method if only 1 dupe can ever exist
  /////////////////
  if($result->num_rows != 0) {
    # Username and Password Exist in DB (dupe)
    # Do Something...
  } else {
    # Username and Password Do Not Exist in DB
    # Do Something...
  }
 
  /////////////////
  // METHOD 2
  // If you more than 1 dupe can exist
  /////////////////
  # This is a Ternary Operator
  # Format: (If ? Then : Else);
  $dupes_exist = ($result->num_rows != 0) ? true : false;
 
  if($dupes_exist) {
    while($row = $result->fetch_assoc()) {
    # Parse through each row of query result
    # Grab the unique id field, generally primary key id (as you defined in your database) from each row
      $current_dupe = $row['pk_id'];
      # Do Something with the current dupe
    }
  }
 
  $result->free();
  $db->close();
 
  session_destroy();
?>
Post Reply