Wondering how I can stop certain infomation from showing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Mythic Fr0st
Forum Contributor
Posts: 137
Joined: Sat Dec 02, 2006 3:23 am
Contact:

Wondering how I can stop certain infomation from showing

Post by Mythic Fr0st »

Wondering how I can stop certain infomation from showing if your username & password isnt correct


Code: Select all

<?php
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);

if (!$con = mysql_connect("localhost","root",""))
{
  die('Could not connect: ' . mysql_error());
}

if (!mysql_select_db("userdetails", $con))
{
  die('Could not select the database: ' . mysql_error());
}

// Check to see if this var is set
if (isset($_POST['login']))
{
  $login = mysql_real_escape_string($_POST['login']);
  $password = mysql_real_escape_string($_POST['loginpw']);
  $sql = "SELECT * FROM `users` WHERE `username` = '$login' AND `userpass` = '$password'";

  if (!$result = mysql_query($sql))
  {
    die('Could not execute the query: ' . mysql_error());
  }

  while($row = mysql_fetch_array($result))
  {
    echo $row['username'] . ' ' . $row['password'] . '<br />';
  }
}
else
{
  echo 'The post var login was not set';
}

?>
thats the code, where would I put stuff so if it doesnt find ur details in the Data base, it wont show the err, Buttons for the home page (for logged in only)
User avatar
ok
Forum Contributor
Posts: 393
Joined: Wed May 31, 2006 9:20 am
Location: The Holy Land

Post by ok »

You need something like that:

Code: Select all

<?php
$error_login = false;

//Login check...
else
{
  echo 'The post var login was not set';
  $error_login = true;
} 

echo "<html>
...
</head>
<body>
";
if(!$error_login)
{
  echo "<a href=\"index.php?secret_stuff\" title=\"\">See some secret stuff</a>";
}
echo "How are you ".$_SERVER['REMOTE_ADDR']."?";
echo "</body></html>";
?>
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Probably each username is unique in your table. Therefore the query SELECT * FROM `users` WHERE `username` = '$login' ... can return one or zero records. You don't need a while loop to fetch that. mysql_fetch_array return false if there is no record left to fetch. In your case: If there is no record matching the WHERE clause it will return false on the first call -> invalid credentials.

Code: Select all

<?php
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);

$userdata = false;

$con = mysql_connect("localhost","root","") or die('Could not connect: ' . mysql_error());
mysql_select_db("userdetails", $con) or die('Could not select the database: ' . mysql_error());

if (isset($_POST['login'])) {
  $login = mysql_real_escape_string($_POST['login'], $con);
  $password = mysql_real_escape_string($_POST['loginpw'], $con);
  
  $sql = "SELECT * FROM `users` WHERE `username` = '$login' AND `userpass` = '$password'";

  // it's not always a good idea to reveal the mysql_error to users
  $result = mysql_query($sql) or die('Could not execute the query: ' . mysql_error());
  $userdata = mysql_fetch_array($result);
}
else
{
  echo 'The post var login was not set';
}

// ...

if ( false!== $userdata) {
	// show page fore registered users
}
else {
	// show page fore un-registered users
}
?>
Post Reply