Page 1 of 1

User Authentication

Posted: Wed Nov 26, 2003 1:33 pm
by Rmias
Hi,

I created a database with the table 'user' using MySQL. What I wanted to do is when the user logged in with the user name and password and submit it should check the database to check if the user exist or not. However when I enter valid username and password and click on submit all I see is a blank page. Can you help me please here is my login.html and login.php

<HTML>
<HEAD>
<TITLE>Login Form</Title>
</HEAD>
<!-- Configure the form -->
<BODY>
<FORM ACTION="login.php" METHOD="post">
<table border=0>
<tr>
<td><strong>Username</strong></td>
<td><input type="text" name="username" size="10" maxsize="10"></td>
</tr>
<tr>
<td><strong>Password</strong></td>
<td><input type="password" name="password" size="10" maxsize="10"></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="submit">
</td>
</tr>
</table>
</FORM>
</BODY>
</HTML>

and login.php
---------------------------------------------------------------------------

Code: Select all

<?php
<?php //login.php

if(isset($_POST["submit"] )) {

	// Open the database connection

  $db=mysql_connect("localhost") or die ("Unable to connect to databse.");
  mysql_select_db("authenticate") or die ("Unable to select database.");

	$username = $_POST['username'];
	$password = $_POST['password'];
	// Formulate the query
   $sql = "SELECT count(*)
              FROM user
              WHERE username='$username' and password='$password'";

	// Execute the query and put results in $result
	$result = mysql_query($sql) or die ("Couldn't get reults.");

           //Get number of rows in $result.  Should be 0 if invalid, 1 if valid.
	$count = mysql_result($result,0,0);
	// Present results based on validity.
	if ($count == 1) {
	echo "<P>You are a valid user!<br>";
	}
	else if ($count == 0) {
	echo "You are not authorized!";
	}
}
?>
?>
Thanks again for your help

Posted: Wed Nov 26, 2003 1:37 pm
by infolock
try using this for your query :

$sql = "SELECT count(*) FROM user WHERE username='".$username."' and password='".$password."'";

and this for $count :

$count = mysql_num_rows($result);

Posted: Wed Nov 26, 2003 2:02 pm
by microthick
infolock wrote:try using this for your query :

$sql = "SELECT count(*) FROM user WHERE username='".$username."' and password='".$password."'";

and this for $count :

$count = mysql_num_rows($result);
To comment on the above solution:

Since no two users will have the same username and password, count(*) will always be 1, as long as the username and password are correct.

Plus, $count will also only be 1 since only one record is being returned.

A better method would be to use the query:

$sql = "SELECT * FROM user WHERE username='".$username."' and password='".$password."'";

Then to assign a value to $count, as you mentioned above use:

$count = mysql_num_rows($result);

This will give the expected values that the original coder was looking for (although yours would too).

Posted: Wed Nov 26, 2003 2:26 pm
by Rmias
Thank you guys for all the help I re-wrote the code by replacing the query to 'SELECT id FROM user WHERE username='$username' and password='$password'";' and also make some minor changes, it works now. What I would like to do is add extra fields to the table, 'application_id' with boolean value 0 or 1. if the 'application_id' for authorised user is 0 direct it to page 1 or if the id is 1 redirect to page 2. Is there an easy way to modify the above code?

Thank you

Posted: Wed Nov 26, 2003 2:45 pm
by microthick
To do this easily, it'd be a good idea to use some of the code that infolock gave above, and adapt it in this way:

Code: Select all

$sql = "SELECT id, application_id FROM user WHERE username='".$username."' and password='".$password."'"; 

// cut out some code for example...

$count = mysql_num_rows($result); 

if ($count == 1) &#123;
     if ($result&#1111;"application_id"] == 1) &#123;
           // do something
           echo "<script>window.location='somewebpage.php';</script>";
           // or use header();
     &#125; else &#123;
           // do something else
           echo "<script>window.location='someotherwebpage.php';</script>";
           // or use header();
     &#125;
&#125;

Posted: Wed Nov 26, 2003 3:10 pm
by Rmias
Thank you microthick I will try it.

Rmias

Posted: Wed Nov 26, 2003 3:18 pm
by microthick
I forgot a square bracket in my code. It's now been added.