Page 1 of 1
Username/Password Verification
Posted: Tue Jul 07, 2009 10:26 am
by sleepydad
I'm using the following to test for duplicate username and password. It's not working, and I'm wondering why. It does not recognize the $dupe and inserts a new record into my database every time rather than updating in the case of a $dupe. Any assistance would be greatly appreciated.
Code: Select all
<?php
session_start();
$_SESSION['task']=$_POST['task'];
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['username']=md5($_POST['username']);
$_SESSION['password']=md5($_POST['pword']);
$_SESSION['home']=$_POST['home'];
$_SESSION['cell']=$_POST['cell'];
$db=new mysqli('localhost', 'root', 'pword', 'dbname');
$query="select * from `addresses`";
$result=$db->query($query);
$numRows=$result->num_rows;
$dupe=false;
for ($I=0; $i<$numRows; $i++) {
$row=$result->fetch_assoc();
if ($_SESSION['username']==$row['username'] && $_SESSION['password']==$row['password']) {
$dupe=true;
$useID=$row['id'];
break;
}
}
if ($dupe) {
$query="update `addresses` set `firstname`='".$_SESSION['firstname']."' , `lastname`='".$_SESSION['lastname']."', `username`='".$_SESSION['username']."', `password`='".$_SESSION['password']."', `home`='".$_SESSION['home']."', `cell`='".$_SESSION['cell']."' where `id`='$useID'";
$result=$db->query($query);
} else {
$query="insert into `addresses` values ('', '".$_SESSION['firstname']."', '".$_SESSION['lastname']."', '".$_SESSION['username']."', '".$_SESSION['password']."', '".$_SESSION['home']."', '".$_SESSION['cell']."')";
$result=$db->query($query);
}
$result->free();
$db->close();
session_destroy();
?>
Re: Username/Password Verification
Posted: Tue Jul 07, 2009 11:19 am
by Mark Baker
Try changing your query
Code: Select all
$query="SELECT *
FROM `addresses`
WHERE username='".$_SESSION['username']."'
AND password='".$_SESSION['password']."'";
and is the username really hashed in the database?
Re: Username/Password Verification
Posted: Tue Jul 07, 2009 12:12 pm
by sleepydad
Thanks very much for the reply.
So if there is a 'match/dupe' as a result of your 'select from ...' query, how would I then target that record to update? ie $query=update `addresses` set `firstname`=$_SESSION['firstname']...WHERE id=???
If there is NO match, how would I send to the else part of the statement else { $query="INSERT into ...}
Not absolutely necessary to hash username, and yes that's how I have been saving to db. I could disable that if need be.
Re: Username/Password Verification
Posted: Tue Jul 07, 2009 12:31 pm
by Mark Baker
Well
doesn't look too good either. Variables are case-sensitive in PHP, so $I and $i are not the same.
You should really use a
Code: Select all
while ($row=$result->fetch_assoc()) {
loop when retrieving more than one row from the database.
However, using the query I gave, you should get either 0 or 1 rows returned: 0 if this is a new user, 1 for an existing user; and can use that rather than $dupe
Re: Username/Password Verification
Posted: Tue Jul 07, 2009 12:41 pm
by flying_circus
sleepydad wrote:Code: Select all
<?php
...
for ($I=0; $i<$numRows; $i++) {
...
?>
Why is there 2 different variable names in your for statement?
And yes, as was mentioned above about the query, you could improve it. Rather than gathering ALL of the rows from the database and then loop through each to compare it, why dont you just gather the rows that match (if any) and then determine your dupe. Make the SQL server do this type of work, for a large project it will make a large performance difference.
EDIT: Mark, you beat me to it

Re: Username/Password Verification
Posted: Tue Jul 07, 2009 12:54 pm
by sleepydad
Thanks again, everyone. Obviously I'm a greenhorn when it comes to php, so I appreciate your patience. Now I have the following. I'm still unclear on how to target the row and update it's contents or insert a new record. I read the reply saying that it would produce either 0 or 1, but I don't understand how to use that in subsequent queries. Also, sorry about the typo on "i" and "I". I do know better than that - just an oversight on my part.
Code: Select all
<?php
session_start();
$_SESSION['task']=$_POST['task'];
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=md5($_POST['pword']);
$_SESSION['home']=$_POST['home'];
$_SESSION['cell']=$_POST['cell'];
$db=new mysqli('localhost', 'root', 'password', 'db');
$query="SELECT * FROM `addresses` WHERE username='".$_SESSION['username']."' AND password='".$_SESSION['password']."'";
$result=$db->query($query);
$result->free();
$db->close();
session_destroy();
?>
Re: Username/Password Verification
Posted: Tue Jul 07, 2009 2:31 pm
by flying_circus
See Comments In Line
Code: Select all
<?php
session_start();
$_SESSION['task']=$_POST['task'];
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=md5($_POST['pword']);
$_SESSION['home']=$_POST['home'];
$_SESSION['cell']=$_POST['cell'];
$db=new mysqli('localhost', 'root', 'password', 'db');
$query="SELECT * FROM `addresses` WHERE username='{$_SESSION['username']}' AND password='{$_SESSION['password']}';";
$result=$db->query($query);
/////////////////
// METHOD 1
// Probably the best method if only 1 dupe can ever exist
/////////////////
if($result->num_rows != 0) {
# Username and Password Exist in DB (dupe)
# Do Something...
} else {
# Username and Password Do Not Exist in DB
# Do Something...
}
/////////////////
// METHOD 2
// If you more than 1 dupe can exist
/////////////////
# This is a Ternary Operator
# Format: (If ? Then : Else);
$dupes_exist = ($result->num_rows != 0) ? true : false;
if($dupes_exist) {
while($row = $result->fetch_assoc()) {
# Parse through each row of query result
# Grab the unique id field, generally primary key id (as you defined in your database) from each row
$current_dupe = $row['pk_id'];
# Do Something with the current dupe
}
}
$result->free();
$db->close();
session_destroy();
?>