PHP Logon Script - Simple Script - Annoying problem (Newbie)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Murf
Forum Newbie
Posts: 2
Joined: Thu Jul 14, 2005 1:44 am

PHP Logon Script - Simple Script - Annoying problem (Newbie)

Post by Murf »

Hey,

Im really new to PHP and really don't know much about it, ive been trying to figure out the script below, for a simple logon box (been googling, but nothing to meet my needs), back ended with mysql. Ive got all the database setup worked out, tables, users, and databases created, and the info in the php script, but when i type in the user and password in the database it just says wrong password and wont do any thing more.

Can any one see a problem with the script?

Thank's A Lot
Murf

Code: Select all

<?php


//Enter MySQL login information
$user="user1";
$pass="pass1";
$server="localhost";
$db="db1";



//Database Information - Variables defined.



//Now define variable which determines output / url direction if creditatals are correct

$output="<a href=\"http://www.google.com\">http://www.google.com</a>";
//Do not change information below this

$mysql_link = mysql_connect($server, $user, $pass);


mysql_select_db($db, $mysql_link);

$sql = "SELECT * FROM testTable WHERE username=\"$_POST[username]\"";

$result= mysql_query($sql, $mysql_link);

if( $_POST[username] AND $_POST[password]){
	if ($result == 0) {
		echo("Username not found, please go back and try again");
	} 
	else {
		$sql= "SELECT password FROM testTable WHERE username = $_POST[username]";
		$result= mysql_query($sql, $mysql_link);
		if (strcmp($result, $_POST[password]) == 0)
		{
			echo($output);
		} 
		else {
			echo("Password that was entered was invalid. Please go back and try again");
		}	
	}	
}
else {

echo("<form action=\"$PHP_SELF\" method=\"POST\">\nUser: <input type=\"text\" name=\"username\">\nPass: <input type=\"text\" name=\"password\">\n<input type=\"submit\" value=\"Submit\"></form>");
}


?>
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

you can check the username and password with one query for starters...secondly, you need to use && as an operator not AND in your if statement and finally here's how your query should look:

Code: Select all

$sql = "SELECT * FROM testTable WHERE username='".$_POST[username]."' and password = '".$_POST['password']."'";
// you should also throw an error if there are problems with your sql.
$result = mysql_query($sql)
  or die(mysql_error());
//now check to see if it was valid or not
if($row = mysql_fetch_assoc($result))
  // all is good, do stuff
else
  //bad user bad Bad BAD user...no soup for you!
Murf
Forum Newbie
Posts: 2
Joined: Thu Jul 14, 2005 1:44 am

Post by Murf »

thank you very much for your help :)

murf
Post Reply