How to authenticate username and password from MYSQL[SOLVED]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
james3302
Forum Commoner
Posts: 53
Joined: Thu Aug 02, 2007 11:11 am

How to authenticate username and password from MYSQL[SOLVED]

Post by james3302 »

Code: Select all

 
require 'DBConnect.php';
 
$username = $_POST['username'];
$password = md5($_POST['password']);
 
$query  = "SELECT username, password FROM users WHERE username='$username'";
$result = mysql_query($query);
 
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
  if($username == $row['username'])
  {
    echo "Username correct";
    if(PASSWORD('$password') == $row['password'])
    echo "Password Correct";
  }
}
 
 
This is how I wrote the users to the DB

Code: Select all

 
$query = "INSERT INTO users (username, password, email, fname, lname) VALUES ('$username', md5($password), '$email', '$fname', '$lname')";
mysql_query($query) or die('Error, insert query failed');
 
How do I compare $password and $row['password'] ? Even with hashing both using the same functin they do not equal!
Last edited by james3302 on Mon Jul 07, 2008 7:08 am, edited 1 time in total.
james3302
Forum Commoner
Posts: 53
Joined: Thu Aug 02, 2007 11:11 am

Re: How to authenticate username and password from MYSQL

Post by james3302 »

It would help if I gave the password column in the DB enough room to store the whole string ugh. Problem solved.
james3302
Forum Commoner
Posts: 53
Joined: Thu Aug 02, 2007 11:11 am

Re: How to authenticate username and password from MYSQL

Post by james3302 »

Okay this is what I have now and if I type the correct username and incorrect password I get redirected to the login page again, but if I type an incorrect username it displays nothing, if I login correctly it works as expected.

Code: Select all

 
require 'DBConnect.php';
 
$Date = getdate();
$LastLogin = $Date['month'] . ' ' . $Date['mday'] . ' ' . $Date['year'] . ' at ' . $Date['hours'] . ':' . $Date['minutes'];
 
 
$username = $_POST['username'];
$password = md5($_POST['password']);
 
$query  = "SELECT username, password,lastLogin FROM users WHERE username='$username'";
$result = mysql_query($query);
 
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
     if($username == $row['username'] && $password == $row['password']){
        $query = "UPDATE users SET lastLogin = '$LastLogin' WHERE username = '$username'"; //get last login date from DB
         mysql_query($query) or die('Error, query failed');
         mysql_close($conn);
        echo "<center><h2>Welcome $username!</h2></center>"; //welcome screen
        echo "Last Login was on " . $row['lastLogin']; //display last date/time logged in
    }else{
      ?>//redirect to login screen 
       <script type="text/javascript">
       <!--
       window.location = "http://www.what-i-think.org/Examples/Main.html"
       //-->
       </script>
       <?
 
    }
 
 
       
     
}
 
Last edited by james3302 on Sat Jun 28, 2008 9:19 am, edited 1 time in total.
User avatar
Bill H
DevNet Resident
Posts: 1136
Joined: Sat Jun 01, 2002 10:16 am
Location: San Diego CA
Contact:

Re: How to authenticate username and password from MYSQL

Post by Bill H »

If you enter the wrong username then no result is returned so the "while" loop is never executed.

You need a "if (mysql_num_rows())" block containing your containing "while"loop, and then an "else" clause with the same redirect (repeated).

You also don't need to match the username within that while loop. It will match, or else it would not have been returned by the query.

If you assume the username is unique, then you needn't use the "while" at all, just call the mysql_fetch_array() function.

Code: Select all

# require 'DBConnect.php';
#  
# $Date = getdate();
# $LastLogin = $Date['month'] . ' ' . $Date['mday'] . ' ' . $Date['year'] . ' at ' . $Date['hours'] . ':' . $Date['minutes'];
#  
#  
# $username = $_POST['username'];
# $password = md5($_POST['password']);
#  
# $query  = "SELECT username, password,lastLogin FROM users WHERE username='$username'";
# $result = mysql_query($query);
# if (mysql_num_rows($result)) {
#      $row = mysql_fetch_array($result, MYSQL_ASSOC);
#      if ($password == $row['password']){
#         $query = "UPDATE users SET lastLogin = '$LastLogin' WHERE username = '$username'"; //get last login date from DB
#          mysql_query($query) or die('Error, query failed');
#          mysql_close($conn);
#         echo "<center><h2>Welcome $username!</h2></center>"; //welcome screen
#         echo "Last Login was on " . $row['lastLogin']; //display last date/time logged in
#     }else{
#       ?>//redirect to login screen
#        <script type="text/javascript">
#        <!--
#        window.location = "http://www.what-i-think.org/Examples/Main.html"
#        //-->
#        </script>
#        <?
#  
#     }else{
#       ?>//redirect to login screen
#        <script type="text/javascript">
#        <!--
#        window.location = "http://www.what-i-think.org/Examples/Main.html"
#        //-->
#        </script>
#        <?
#  
#     }
#  
 
james3302
Forum Commoner
Posts: 53
Joined: Thu Aug 02, 2007 11:11 am

Re: How to authenticate username and password from MYSQL

Post by james3302 »

great thanks for the informative reply, I should have to known that.
Post Reply