Page 1 of 1

password error alert message?!

Posted: Fri Apr 16, 2010 5:19 pm
by simmsy
Hi i was just wondering if anyone could tell me why i get this javascript alert when the username is entered wrong but it just refreshes page when the password is entered wrong and doesnt display error? Heres the code:

Code: Select all

// Check matching of username and password.
$result=mysql_query("select username, password from users where username='$username' and password='$md5_password'");
while($row = mysql_fetch_array($result))
{
	$user = $row['username'];
        $password = $row['password'];
if(($username==$user)AND($password==$md5_password)){ // If match.
session_register("username"); // Craete session username.
header("location:index.php"); // Re-direct to main.php
exit;
}else{ // If not match.
echo "<script language=\"JavaScript\">\n";
echo "alert('Username or Password was incorrect!');\n";
echo "window.location='login.php'";
echo "</script>";
please help?

Re: password error alert message?!

Posted: Fri Apr 16, 2010 7:33 pm
by mrcoffee
The code you provided was missing some brackets, so I'm basing my reply on this bracket-matched code:

Code: Select all

// Check matching of username and password.
$result=mysql_query("select username, password from users where username='$username' and password='$md5_password'");

while($row = mysql_fetch_array($result)) {
	$user = $row['username'];
	$password = $row['password'];
	if( ($username==$user) AND ($password==$md5_password) ) { // If match.
		session_register("username"); // Craete session username.
		header("location:index.php"); // Re-direct to main.php
		exit;
	}
	else { // If not match.
		echo "<script language=\"JavaScript\">\n";
		echo "alert('Username or Password was incorrect!');\n";
		echo "window.location='login.php'";
		echo "</script>";
	}
}
The code in the while block will only run if there is a result from your query (which would only happen if both the username and password are correct).

This would trigger the alert if either the username and password don't match:

Code: Select all

$result=mysql_query("select username, password from users where username='$username' and password='$md5_password'");

if(mysql_num_rows($result) == 1) { // then there is a row with matching username and password hash
	// don't need to check username and password again
	session_register("username"); // Craete session username.
	header("location:index.php"); // Re-direct to main.php
	exit;
}
else {
	echo "<script language=\"JavaScript\">\n";
	echo "alert('Username or Password was incorrect!');\n";
	echo "window.location='login.php'";
	echo "</script>";
}

Re: password error alert message?!

Posted: Sat Apr 17, 2010 7:29 am
by JAY6390
You should also add LIMIT 1 to the end of your query
I also don't understand why it is you have checked the username and password in the while loop, since they are already checked in the query, and will only ever reach the while if they match up already. You are basically authenticating the same data twice which is pointless