small problem here :)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Baby Kosub
Forum Newbie
Posts: 3
Joined: Fri May 05, 2006 10:12 pm

small problem here :)

Post by Baby Kosub »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


here is an example of my problem in story form 

i made a starting account, example being pizza with the password atypeoffood

i make a new account, totally different password

the password for the new account doesn't work, but when i try to put in the password for pizza account into the new account, it works.

what is the problem?

heres an example of what i'm using.

Code: Select all

if(isset($_POST['login'])){
	$username=$_POST['username'];
	$_POST['password']=md5($_POST['password']);
	$h=mysql_query("select password from users where username='$username'");
	if($_POST['password']==$h){
		setcookie("etrin_username",$_POST['username'],time()+60*60*24*365);
		setcookie("etrin_password",$_POST['password'],time()+60*60*24*365); 
		echo"<meta http-equiv=\"Refresh\" content=\"3;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; 
	}
}
the other information for login cycles simply just says what your username is and checks for these cookies


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

you're trying to compare a string to a resource...that won't work.

you need use mysql_fetch_row() or ..fetch_assoc() or ..fetch_array() or the like to make something usable for your comparison.
Baby Kosub
Forum Newbie
Posts: 3
Joined: Fri May 05, 2006 10:12 pm

Post by Baby Kosub »

could i see an example? i am still having trouble getting it to work
EDIT: nevermind, i got it to work after a little bit of trial and error, plus i looked at the php.net site which helped a small bit.
someberry
Forum Contributor
Posts: 172
Joined: Mon Apr 11, 2005 5:16 am

Re: small problem here :)

Post by someberry »

Code: Select all

if(isset($_POST['login'])){
	$username=$_POST['username'];
	$password = md5($_POST['password']);

	$h=mysql_query("SELECT password FROM users WHERE username='$username' AND password='$password'");

	if(mysql_num_rows($h) == 1){
		setcookie("etrin_username",$_POST['username'],time()+60*60*24*365);
		setcookie("etrin_password",$_POST['password'],time()+60*60*24*365); 
		echo"<meta http-equiv=\"Refresh\" content=\"3;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; 
	}
	else{
		echo('Oh dear. It would appear you entered an incorrect password.');
	}
}
User avatar
apoltix
Forum Newbie
Posts: 11
Joined: Fri Sep 30, 2005 3:27 pm
Location: Denmark

Post by apoltix »

Shouldnt the "username" field in the query also be selected along with the password field? I've had that problem many times, so I usually just select all (*)
E.g.

Code: Select all

mysql_query("SELECT username,password FROM users WHERE username='$username' AND password='$password");
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

<off-topic>
apoltix wrote:Shouldnt the "username" field in the query also be selected along with the password field? I've had that problem many times, so I usually just select all (*)
Why would you want to select a username if you already know it? It's not like it's going to change somewhere...
Are you aware that 'SELECT ALL' and 'SELECT *' mean different things?

Imho 'SELECT *' is a bad practice.
</off-topic>



Btw, i prefer:

Code: Select all

SELECT COUNT(primary_key_column) AS count FROM users WHERE username='$username' AND password='$password'
When the count is >= 1 (are there situations where it can be > 1 ?) i know that there is (atleast) one account with the same username and password and thus the credentials are valid...
Post Reply