php login and validating code
Posted: Sun Sep 21, 2008 2:34 pm
For future posting reference, please use the special BBcode tags to enclose code that you post, as I have edited your post, below. This being PHP code, use [ php ] ... [ /php ] around your code (without the spaces). Also, eliminate multiple blank lines that only make your code longer. Your questions will receive much more attention when they are not so difficult to read. -Moderator
Hallo
I would like to build in a code that checks if the user has put in the right details. If i put in this code then it shows the sql code, instead of desplaying the webpage. Can somebody please help me? Here is the login code and the validating code follows.
Validating/or checking code/test code
Somebody please help.
Hallo
I would like to build in a code that checks if the user has put in the right details. If i put in this code then it shows the sql code, instead of desplaying the webpage. Can somebody please help me? Here is the login code and the validating code follows.
Code: Select all
<?php
require_once("header.html");
?>
<?php
require_once('config.php');
if ($_POST['username'] != '' && $_POST['passwd'] != ''){
$user = $_POST[username];
$password = $_POST[passwd];
$sql = "SELECT * from vehicle WHERE VE_Reg_Number = '$user' and VE_Password= '$password'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$num_rows = mysql_num_rows($result);
if (!$num_rows){
$errormessage = "Incorrect username OR password, please try again";
}
else{
$_SESSION['veid'] = $user;
$_SESSION['id'] = $row[VE_ID];
header("location:ptransactions.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LOG BOOK TRACKER</title>
<link href="file:///C|/Documents and Settings/Anthony/Local Settings/Temporary Internet Files/Content.IE5/U2TC5HJO/styles/admin.css" rel="stylesheet" />
</head>
<body>
<form id="form1" name="form1" method="post" action="">
<table width="200" align="center">
<tr >
<td colspan="2"><div align="center"><strong>TRACKING LOGIN</strong></div></td>
</tr>
<tr align="center" bgcolor="#008DC6">
<td colspan="2" class="header">LOGIN</td>
</tr>
<tr bgcolor="#EEEEEE">
<td>UserName</td>
<td><input type="text" class="text" name="username" id="username" /></td>
</tr>
<tr bgcolor="#EEEEEE" >
<td>PassWord</td>
<td><input type="password" class="text" name="passwd" id="passwd" /></td>
</tr>
<tr bgcolor="#008DC6" >
<td align="right"> </td>
<td><input type="submit" name="submit" class="button" id="button" value="Submit" /></td>
</tr>
<tr>
<td colspan="2" class="loginbox" ><span class="orangebold"><?php print $errormessage;?></span></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
</form>
</div>
<?php
require_once("footer.html");
?>
</body>
</html>
Code: Select all
<?php
require_once('config.php');
$registration_number = $_REQUEST['username'];
$password = $_REQUEST['password'];
//Check that password entered is correct and get the clients email address for this vehicle ID
$password_query = "SELECT VE_ID
FROM `vehicle`
WHERE `VE_Reg_Number` = '$registration_number'
AND `VE_Password` = md5( '$password' ) " ;
echo $password_query;
echo "<br>";
if(!$password_result = mysql_query($password_query)) {
die("Error with the database. Please try again later");
}
if(mysql_num_rows($password_result)== 0) {
die("Password is incorrect. Please try again.");
}
$row = mysql_fetch_assoc($password_result);
$Vehicle_ID = $row['VE_ID'];
echo "Vehicle id is $Vehicle_ID<br>";
//Get records for this vehicle_id from the
$petrol_query = "SELECT `PE_Place` , `PE_Date_Time` , `PE_Total_KM` , `PE_KM_Travelled` , `PE_Litres_Used`
FROM `petrol_entries`
WHERE `VE_ID` =$Vehicle_ID
ORDER BY `petrol_entries`.`PE_Date_Time` ASC ";
echo $petrol_query;
echo "<br>";
if(!$petrol_result = mysql_query($petrol_query)) {
die("Error with the database. Please try again later");
}
if(mysql_num_rows($petrol_result)== 0) {
die("No records exist");
}
while($row = mysql_fetch_assoc($petrol_result)) {
$number_of_entries ++;
echo "Date: ".$row['PE_Date_Time']." ";
echo "Place: ".$row['PE_Place']." ";
echo "PE_Total_KM: ".$row['PE_Total_KM']." ";
echo "PE_KM_Travelled: ".$row['PE_KM_Travelled']." ";
echo "PE_Litres_Used: ".$row['PE_Litres_Used']." ";
echo "<br>";
}
?>