password error alert message?!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
simmsy
Forum Newbie
Posts: 24
Joined: Wed Apr 14, 2010 9:50 am

password error alert message?!

Post by simmsy »

Hi i was just wondering if anyone could tell me why i get this javascript alert when the username is entered wrong but it just refreshes page when the password is entered wrong and doesnt display error? Heres the code:

Code: Select all

// Check matching of username and password.
$result=mysql_query("select username, password from users where username='$username' and password='$md5_password'");
while($row = mysql_fetch_array($result))
{
	$user = $row['username'];
        $password = $row['password'];
if(($username==$user)AND($password==$md5_password)){ // If match.
session_register("username"); // Craete session username.
header("location:index.php"); // Re-direct to main.php
exit;
}else{ // If not match.
echo "<script language=\"JavaScript\">\n";
echo "alert('Username or Password was incorrect!');\n";
echo "window.location='login.php'";
echo "</script>";
please help?
Last edited by califdon on Fri Apr 16, 2010 7:31 pm, edited 2 times in total.
Reason: Added [syntax=php] tags.
mrcoffee
Forum Commoner
Posts: 31
Joined: Tue Nov 10, 2009 3:03 pm
Location: Wyoming, USA

Re: password error alert message?!

Post by mrcoffee »

The code you provided was missing some brackets, so I'm basing my reply on this bracket-matched code:

Code: Select all

// Check matching of username and password.
$result=mysql_query("select username, password from users where username='$username' and password='$md5_password'");

while($row = mysql_fetch_array($result)) {
	$user = $row['username'];
	$password = $row['password'];
	if( ($username==$user) AND ($password==$md5_password) ) { // If match.
		session_register("username"); // Craete session username.
		header("location:index.php"); // Re-direct to main.php
		exit;
	}
	else { // If not match.
		echo "<script language=\"JavaScript\">\n";
		echo "alert('Username or Password was incorrect!');\n";
		echo "window.location='login.php'";
		echo "</script>";
	}
}
The code in the while block will only run if there is a result from your query (which would only happen if both the username and password are correct).

This would trigger the alert if either the username and password don't match:

Code: Select all

$result=mysql_query("select username, password from users where username='$username' and password='$md5_password'");

if(mysql_num_rows($result) == 1) { // then there is a row with matching username and password hash
	// don't need to check username and password again
	session_register("username"); // Craete session username.
	header("location:index.php"); // Re-direct to main.php
	exit;
}
else {
	echo "<script language=\"JavaScript\">\n";
	echo "alert('Username or Password was incorrect!');\n";
	echo "window.location='login.php'";
	echo "</script>";
}
User avatar
JAY6390
Forum Newbie
Posts: 20
Joined: Sat Apr 17, 2010 6:51 am
Location: UK

Re: password error alert message?!

Post by JAY6390 »

You should also add LIMIT 1 to the end of your query
I also don't understand why it is you have checked the username and password in the while loop, since they are already checked in the query, and will only ever reach the while if they match up already. You are basically authenticating the same data twice which is pointless
Post Reply