Login in system
Posted: Sun Sep 28, 2003 3:25 pm
<HTML>
<HEAD>
<TITLE>Retrieving Data from a Database</TITLE>
</HEAD>
<BODY>
<?php
// Set the variables for the database access:
$Host = "localhost";
$User = "******";(blanked out)
$Password = "*********************";(blanked out)
$DBName = "eeorg";
$TableName = "Users";
$db_connection = mysql_connect ($Host, $User, $Password) or die (mysql_error());;
mysql_select_db ($DBName, $db_connection) or die (mysql_error());
$query = "SELECT name, pass FROM Users WHERE user='$USERNAME_TYPED'";
$query_result = mysql_query ($query, $db_connection) or die (mysql_error());
$result = mysql_fetch_array ($query_result);
if ($PASSWORD_TYPED == $result[pass]){ print("its working");
}else{
print("NOPE SORRY");
}
?>
</BODY>
</HTML>
-----------------------------------------------
Everything works except for the fact that users that do not exsist supposedly exist can still log in!
<HEAD>
<TITLE>Retrieving Data from a Database</TITLE>
</HEAD>
<BODY>
<?php
// Set the variables for the database access:
$Host = "localhost";
$User = "******";(blanked out)
$Password = "*********************";(blanked out)
$DBName = "eeorg";
$TableName = "Users";
$db_connection = mysql_connect ($Host, $User, $Password) or die (mysql_error());;
mysql_select_db ($DBName, $db_connection) or die (mysql_error());
$query = "SELECT name, pass FROM Users WHERE user='$USERNAME_TYPED'";
$query_result = mysql_query ($query, $db_connection) or die (mysql_error());
$result = mysql_fetch_array ($query_result);
if ($PASSWORD_TYPED == $result[pass]){ print("its working");
}else{
print("NOPE SORRY");
}
?>
</BODY>
</HTML>
-----------------------------------------------
Everything works except for the fact that users that do not exsist supposedly exist can still log in!