Page 1 of 1

php log in registration probelm

Posted: Sat Feb 20, 2010 9:39 pm
by oscarere05
Hello,

Basically I am trying to create a php website that is connected to a server and a mysql database. I am using the programming xampp to do this.

I have made a log in form and added functions so that if the user enters the incorrect password or incorrect username the website does not allow access. However it works correctly when I enter the incorrect user name the site stops access, although when trying to put the correct username and password it is coming up with the same error message.

Not sure why as it should allow me to log in correctly,any help would be greatly appreciated !
<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{


$connect = mysql_connect("localhost", "root", "") or die ("could not connect");
mysql_select_db("phplogin") or die("Could not find db");


$query = mysql_query("SELECT * FROM users WHERE username='$username'");

$numrows = mysql_num_rows($query);

if ($numrows!=0)
{

while ($row = mysql_fetch_assoc($query));
{

$dbusername = $row['username'];
$dbpassword = $row['password'];


}

//check to see if they match

if ($username==$dbusername&&$password==$dbpassword)
{
echo"correct click here to enter the member page";

}
else
echo "Incorrect password";

}
else
die("That user does not exist");

}
else
die("Please enter username and a password");


?>

Re: php log in registration probelm

Posted: Sat Feb 20, 2010 10:54 pm
by Trahb

Code: Select all

<?php
session_start();
 
$username = $_POST['username'];
$password = $_POST['password'];
 
if ($username&&$password)
{
$connect = mysql_connect("localhost", "root", "") or die ("could not connect");
mysql_select_db("phplogin") or die("Could not find db");
 
$query = mysql_query("SELECT *  FROM users WHERE username='$username'");            
$numrows = mysql_num_rows($query);
 
if ($numrows!=0)
{
  while ($row = mysql_fetch_assoc($query)); //Personally I would use mysql_fetch_array
  {
       $dbusername = $row['username'];
       $dbpassword = $row['password'];
  } 
    //check to see if they match
    if ($username==$dbusername&&$password==$dbpassword)
    {
        echo"correct click here to enter the member page";
    }
    else
        echo "Incorrect password";
}
else
    die("That user does not exist");
 
}
else
    die("Please enter username and a password");
 
 
?>
 
Instead of using "while" I would just define $row
I also think you kinda messed up with the $query.. Not 100% on that though. Try this.

Code: Select all

 
$query = mysql_query("SELECT *  FROM users WHERE username='".$username."'");  
$numrows = mysql_num_rows($query);
 
if ($numrows > 0)
{
  $row = mysql_fetch_array($query));
  $dbusername = $row['username'];
  $dbpassword = $row['password'];
 
    //check to see if they match
    if ($username==$dbusername&&$password==$dbpassword)
    {
        echo"correct click here to enter the member page";
    }
    else
        echo "Incorrect password";
}