User Authentication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Rmias
Forum Newbie
Posts: 24
Joined: Wed Nov 26, 2003 11:02 am

User Authentication

Post by Rmias »

Hi,

I created a database with the table 'user' using MySQL. What I wanted to do is when the user logged in with the user name and password and submit it should check the database to check if the user exist or not. However when I enter valid username and password and click on submit all I see is a blank page. Can you help me please here is my login.html and login.php

<HTML>
<HEAD>
<TITLE>Login Form</Title>
</HEAD>
<!-- Configure the form -->
<BODY>
<FORM ACTION="login.php" METHOD="post">
<table border=0>
<tr>
<td><strong>Username</strong></td>
<td><input type="text" name="username" size="10" maxsize="10"></td>
</tr>
<tr>
<td><strong>Password</strong></td>
<td><input type="password" name="password" size="10" maxsize="10"></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="submit">
</td>
</tr>
</table>
</FORM>
</BODY>
</HTML>

and login.php
---------------------------------------------------------------------------

Code: Select all

<?php
<?php //login.php

if(isset($_POST["submit"] )) {

	// Open the database connection

  $db=mysql_connect("localhost") or die ("Unable to connect to databse.");
  mysql_select_db("authenticate") or die ("Unable to select database.");

	$username = $_POST['username'];
	$password = $_POST['password'];
	// Formulate the query
   $sql = "SELECT count(*)
              FROM user
              WHERE username='$username' and password='$password'";

	// Execute the query and put results in $result
	$result = mysql_query($sql) or die ("Couldn't get reults.");

           //Get number of rows in $result.  Should be 0 if invalid, 1 if valid.
	$count = mysql_result($result,0,0);
	// Present results based on validity.
	if ($count == 1) {
	echo "<P>You are a valid user!<br>";
	}
	else if ($count == 0) {
	echo "You are not authorized!";
	}
}
?>
?>
Thanks again for your help
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

try using this for your query :

$sql = "SELECT count(*) FROM user WHERE username='".$username."' and password='".$password."'";

and this for $count :

$count = mysql_num_rows($result);
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

infolock wrote:try using this for your query :

$sql = "SELECT count(*) FROM user WHERE username='".$username."' and password='".$password."'";

and this for $count :

$count = mysql_num_rows($result);
To comment on the above solution:

Since no two users will have the same username and password, count(*) will always be 1, as long as the username and password are correct.

Plus, $count will also only be 1 since only one record is being returned.

A better method would be to use the query:

$sql = "SELECT * FROM user WHERE username='".$username."' and password='".$password."'";

Then to assign a value to $count, as you mentioned above use:

$count = mysql_num_rows($result);

This will give the expected values that the original coder was looking for (although yours would too).
Rmias
Forum Newbie
Posts: 24
Joined: Wed Nov 26, 2003 11:02 am

Post by Rmias »

Thank you guys for all the help I re-wrote the code by replacing the query to 'SELECT id FROM user WHERE username='$username' and password='$password'";' and also make some minor changes, it works now. What I would like to do is add extra fields to the table, 'application_id' with boolean value 0 or 1. if the 'application_id' for authorised user is 0 direct it to page 1 or if the id is 1 redirect to page 2. Is there an easy way to modify the above code?

Thank you
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

To do this easily, it'd be a good idea to use some of the code that infolock gave above, and adapt it in this way:

Code: Select all

$sql = "SELECT id, application_id FROM user WHERE username='".$username."' and password='".$password."'"; 

// cut out some code for example...

$count = mysql_num_rows($result); 

if ($count == 1) &#123;
     if ($result&#1111;"application_id"] == 1) &#123;
           // do something
           echo "<script>window.location='somewebpage.php';</script>";
           // or use header();
     &#125; else &#123;
           // do something else
           echo "<script>window.location='someotherwebpage.php';</script>";
           // or use header();
     &#125;
&#125;
Last edited by microthick on Wed Nov 26, 2003 3:17 pm, edited 1 time in total.
Rmias
Forum Newbie
Posts: 24
Joined: Wed Nov 26, 2003 11:02 am

Post by Rmias »

Thank you microthick I will try it.

Rmias
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

I forgot a square bracket in my code. It's now been added.
Post Reply