I know it won't do anything right now except to echo whether you are logged in or not. The password and user are insecure too. I just want to know about the rest of the code.. Is it a good enough way?
Code: Select all
<?php
$host="localhost";
$user="root";
$pass="";
$db="mydiary";
$ip=$_SERVER['REMOTE_ADDR'];
$con = mysql_connect($host,$user,$pass);
//connection to database
if (!$con)
{
die('couldnt connect'.mysql_error());
}
else
{
mysql_select_db ($db,$con);
}
/////////////////////////////////////////////
/////////////////////////////////////////////
//Function to compare username and password from database
function checkuserpass($fuser,$fpassword)
{
$result = mysql_query("SELECT * FROM Authentication");
while($row = mysql_fetch_array($result))
{
if ($row['username']==$fuser and $row['password']==$fpassword)
{
echo "you are authenticated";
}
else
{
echo "error in password or user";
}
}
}
/////////////////////////////////////////////
//Just a variable for displaying the error if the length is too small,
// It is used in the conditional statement later.
$lengthError="
<script type=\"text/javascript\">
alert(\"Username and password should be longer than 3 characters\")
</script>";
////////////////////////////////////////////
if (isset($_POST['Submit']))
{
$username=$_POST['username'];
$password=$_POST['password'];
if (strlen($username)<3 or strlen($password)<3) // To check the length of the username and password
{
echo $lengthError;
}
else
{
checkuserpass($username,$password); // Function created above to check for user and pass from database
}
}
?>