login

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
madu
Forum Commoner
Posts: 32
Joined: Sat Dec 25, 2010 3:19 am
Location: india

login

Post by madu »

hi friends,,,,
now i am doing a simple login program with database application,,,here is my code--->

<html>
<body>
<div style='position:absolute;top:150px;left:780px'>
<table border='0'>
<form method=post action="<?php echo $_SERVER['PHP_SELF']; ?>">
<tr>
<td>User Name:<input type=text name=uname>
</tr>
<tr>
<td>Password: &nbsp; <input type=password name=pwd>
</tr>
<tr>
<td>
<center><input type=submit name=sub value=submit></center>
</td>
</tr>
</form>
</div>
</body>
</html>

<?php

if(isset($_POST['sub']))
{
$uname=$_POST['uname'];
$pwd=$_POST['pwd'];
$con=mysql_connect("localhost","root","");
mysql_select_db("my_db",$con);
$result=mysql_query("select * from logi where uname='$uname' and pwd='$pwd' ");
if($result)
{
echo "login sucess";
}
else
{
echo "loggin error";
}
}
?>


But it is not working ,,,if i gave anything as uname ,pwd it would show login success ,,,wat is the problem here,,,,,,,,,
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: login

Post by social_experiment »

The code below will work even if you enter two non-existant values because to check for $result means to check if the query has been completed successfully and NOT if a match has been found.

Code: Select all

<?php $result=mysql_query("select * from logi where uname='$uname' and pwd='$pwd' "); ?>
To check for a match, use mysql_num_rows() or COUNT()

Code: Select all

<?php
 // other code
 if ($result) {
 // if the query is correct, look for matches
 $row = mysql_num_rows($result);
 //
 if ($row != 1) { 
 // invalid login details
 }
 else {
 // valid username + password 
 echo 'Success login';
 }
 }
 else {
 // at this point there was a problem with the query
 }
?>
Lastly, you should use mysql_real_escape_string() for any input received from a user and hash your login details.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
DigitalMind
Forum Contributor
Posts: 152
Joined: Mon Sep 27, 2010 2:27 am
Location: Ukraine, Kharkov

Re: login

Post by DigitalMind »

social_experiment wrote:Lastly, you should use mysql_real_escape_string() for any input received from a user and hash your login details.
That's suppose to prevent an SQL injection.
Try to enter something like " ' or 1=1 " as a user name.
User avatar
DigitalMind
Forum Contributor
Posts: 152
Joined: Mon Sep 27, 2010 2:27 am
Location: Ukraine, Kharkov

Re: login

Post by DigitalMind »

I would probably use "select 1 from logi where uname='...' and pwd='...' limit 1", but it depends on goals.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: login

Post by social_experiment »

DigitalMind wrote:I would probably use "select 1 from logi where uname='...' and pwd='...' limit 1", but it depends on goals.
If the registration process is set up correctly "LIMIT 1" would be moot because this would prevent usernames from being similar so (in theory) there will never be 2 similar usernames.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
DigitalMind
Forum Contributor
Posts: 152
Joined: Mon Sep 27, 2010 2:27 am
Location: Ukraine, Kharkov

Re: login

Post by DigitalMind »

I know but as you said above:
social_experiment wrote:If the registration process is set up correctly...
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: login

Post by social_experiment »

And if it isn't the application won't be worth much use anyway regardless of the query.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply