Page 1 of 1

Wondering how I can stop certain infomation from showing

Posted: Mon Dec 04, 2006 3:33 am
by Mythic Fr0st
Wondering how I can stop certain infomation from showing if your username & password isnt correct


Code: Select all

<?php
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);

if (!$con = mysql_connect("localhost","root",""))
{
  die('Could not connect: ' . mysql_error());
}

if (!mysql_select_db("userdetails", $con))
{
  die('Could not select the database: ' . mysql_error());
}

// Check to see if this var is set
if (isset($_POST['login']))
{
  $login = mysql_real_escape_string($_POST['login']);
  $password = mysql_real_escape_string($_POST['loginpw']);
  $sql = "SELECT * FROM `users` WHERE `username` = '$login' AND `userpass` = '$password'";

  if (!$result = mysql_query($sql))
  {
    die('Could not execute the query: ' . mysql_error());
  }

  while($row = mysql_fetch_array($result))
  {
    echo $row['username'] . ' ' . $row['password'] . '<br />';
  }
}
else
{
  echo 'The post var login was not set';
}

?>
thats the code, where would I put stuff so if it doesnt find ur details in the Data base, it wont show the err, Buttons for the home page (for logged in only)

Posted: Mon Dec 04, 2006 3:42 am
by ok
You need something like that:

Code: Select all

<?php
$error_login = false;

//Login check...
else
{
  echo 'The post var login was not set';
  $error_login = true;
} 

echo "<html>
...
</head>
<body>
";
if(!$error_login)
{
  echo "<a href=\"index.php?secret_stuff\" title=\"\">See some secret stuff</a>";
}
echo "How are you ".$_SERVER['REMOTE_ADDR']."?";
echo "</body></html>";
?>

Posted: Mon Dec 04, 2006 3:44 am
by volka
Probably each username is unique in your table. Therefore the query SELECT * FROM `users` WHERE `username` = '$login' ... can return one or zero records. You don't need a while loop to fetch that. mysql_fetch_array return false if there is no record left to fetch. In your case: If there is no record matching the WHERE clause it will return false on the first call -> invalid credentials.

Code: Select all

<?php
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);

$userdata = false;

$con = mysql_connect("localhost","root","") or die('Could not connect: ' . mysql_error());
mysql_select_db("userdetails", $con) or die('Could not select the database: ' . mysql_error());

if (isset($_POST['login'])) {
  $login = mysql_real_escape_string($_POST['login'], $con);
  $password = mysql_real_escape_string($_POST['loginpw'], $con);
  
  $sql = "SELECT * FROM `users` WHERE `username` = '$login' AND `userpass` = '$password'";

  // it's not always a good idea to reveal the mysql_error to users
  $result = mysql_query($sql) or die('Could not execute the query: ' . mysql_error());
  $userdata = mysql_fetch_array($result);
}
else
{
  echo 'The post var login was not set';
}

// ...

if ( false!== $userdata) {
	// show page fore registered users
}
else {
	// show page fore un-registered users
}
?>