Login in system

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
aso_demon
Forum Newbie
Posts: 1
Joined: Sun Sep 28, 2003 3:25 pm
Location: somewhere

Login in system

Post by aso_demon »

<HTML>
<HEAD>
<TITLE>Retrieving Data from a Database</TITLE>
</HEAD>
<BODY>
<?php
// Set the variables for the database access:
$Host = "localhost";
$User = "******";(blanked out)
$Password = "*********************";(blanked out)
$DBName = "eeorg";
$TableName = "Users";

$db_connection = mysql_connect ($Host, $User, $Password) or die (mysql_error());;
mysql_select_db ($DBName, $db_connection) or die (mysql_error());

$query = "SELECT name, pass FROM Users WHERE user='$USERNAME_TYPED'";
$query_result = mysql_query ($query, $db_connection) or die (mysql_error());
$result = mysql_fetch_array ($query_result);
if ($PASSWORD_TYPED == $result[pass]){ print("its working");
}else{
print("NOPE SORRY");
}
?>
</BODY>
</HTML>
-----------------------------------------------
Everything works except for the fact that users that do not exsist supposedly exist can still log in! :oops:
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

Yes.

If the user doesn't type in a password, they could get by, as the system doesn't check if any rows were returned.

A better SQL query would be something like

Code: Select all

SELECT COUNT(*) FROM Useres WHERE user = '$USERNAME_TYPED' AND pass = '$PASSWORD_TYPED' LIMIT 1
And then you cound the number of rows returned, either a 1 or a 0. If 1, the person is valid, if 0, then not.
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

nice! i used to call the mysql_num_rows function before, thnx jason
Post Reply