Stumped

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
bobthebobert
Forum Commoner
Posts: 25
Joined: Sat Feb 15, 2003 5:56 pm

Stumped

Post by bobthebobert »

What I am trying to do is create a PHP/MYSQL based login and register system. So far, I have managed to make it so you can register, which will create a table with a name the user specifies in my database. I can login fine after I create it, it's just my problem is for dealing with people who entered in a login name that doesn't exist. Please tell me what i am doing wrong, or at least some type of clue :)

Login.php

Code: Select all

<?php
$link = mysql_pconnect("localhost:3306","The master", "")
	or die ;
mysql_select_db(RPG);

$loginname = $_POST&#1111;'loginname'];
$password = $_POST&#1111;'password'];
$blank = "";
$result = mysql_query("SELECT password FROM $loginname WHERE (loginname = '$loginname')");
	
while ($row = mysql_fetch_array($result)) &#123;
	$passcheck = ("$row&#1111;0]");
&#125;

if ($password <> $passcheck)  &#123;
	echo "Did you type the wrong password in?  Click" ?> <a href="http://localhost/login.html">here</a> to go back. 
<?php
&#125; 
elseif ($passcheck == $blank)  &#123;
	echo "That login name does not exist. Click" ?> <a href="http://localhost/login.html">here</a>to go back.
<?php &#125; ?>
And yes, it does work if you enter in a viable loginname, just if you don't it gives error messages..
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

If your only checking for one user then you don't need to do a while on the result set.
I'd just do something like:

Code: Select all

$row = mysql_fetch_array($result);
if ($password != $row['password']){
   //error message here
}
I also wouldn't do the "That login name does not exist" bit as it tells someone that the password was correct but the username was bad, you should just generally say "Bad login" and don't tell the user if it was down to a bad username and/or password.
User avatar
itsmani1
Forum Regular
Posts: 791
Joined: Mon Sep 29, 2003 2:26 am
Location: Islamabad Pakistan
Contact:

check

Post by itsmani1 »

check
mysql_fetch_array
function in help
....................................
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

why do you create a table for each user?
is there a very special reason why you don't simply add a new record to an existing user table?
Never put userinput untreated into a database query

Code: Select all

$loginname = mysql_escape_string($_POST['loginname']);
$password = mysql_escape_string($_POST['password']);
$query = "SELECT count(*) FROM $usertable WHERE loginname=$loginname AND password='$password'"
$result = mysql_query($query);
// <- if the database reports no error ->
$num = array_pop(mysql_fetch_row($result));

if ($num > 0)
{	valid login }
bobthebobert
Forum Commoner
Posts: 25
Joined: Sat Feb 15, 2003 5:56 pm

Post by bobthebobert »

Thanks for your help :)

No volka, there isn't really, I just wanted to try it.
Post Reply