Re: Begining PHP...Have Questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



if you have shell access, please do the following

describe users;
select * from users;

also, why are you using LIKE instead of =?
use this instead:

$query = "SELECT * FROM users WHERE email = '".$username."'";

i would also suggest turning off register globals and using $_POST['username'] and not $username. (i'm assuming it's on given your code)

Jon

Aaron Todd wrote:

I am just starting out with PHP and I have created a simple login program
that is supposed to check users input with a mysql database.  I am doing 5
verifications before the program is completed...Check for the Submit button,
check for a valid email address(which is the username), check for a valid
password, check to see if the username exists in the database, and finally
check to see if the password matches the database for the coresponding
username.  Currently you dont get access to a site you only get told what
your password is in the database.

Everything is technically working, but its not perfect and I think I need
some help.  I have entered 2 records in the database for testing purposes.
When I put in username1 and password1 it works.  The program returns the
coresponding password.  When I change to username2 and still put in
password1 it will return password1.

I have done some debuging and I am unsure of what is really happening.  My
code is below.  Would anyone be able to tell me what I am doing wrong.

Thanks,

Aaron

<html>
<body>
<?php
if ($submit) {
 //VALID USERNAME/EMAIL ADDRESS
 if
(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+\\/0-9=?A-Z^_`a
-z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $username)) {
   $error = "You must enter a valid email address for your username.<br>";
   echo "$error<br>";
 } else {
   $db = mysql_connect("localhost", "username", "password");
   mysql_select_db("database",$db);
   $query = "SELECT * FROM users WHERE email LIKE '".$username."'";
   echo "$query<br>";
   $result = mysql_query($query,$db);
   $num_rows = mysql_num_rows($result);
   echo "There are $num_rows records matching $username<br>";
   //VALID PASSWORD
   echo "Entered User Name:  $username<br>";
   echo "Entered Password:  $passw<br>";
   if (strlen($passw) < 6 || !preg_match('/[a-z]/i', $passw) ||
!preg_match('/[0-9]/', $passw)) {
     $error = "Invalid Password.  Must be greater than six characters
containing at least one number.<br>";
     echo "$error<br>";
   } else {
     //USERNAME/EMAIL ADDRESS IN DATABASE
     if (!$num_rows){
       $error = "Username was not found.  Please Register.";
       echo "$error<br>";
       die(mysql_error());
     } else {
       //ENTERED PASSWORD IN DATABASE
       if (!$passw = mysql_result($result,0,"pass")){
         $error = "Invalid Password.<br>";
         echo "$error<br>";
       } else {
         printf("Password is %s<br>\n", mysql_result($result,0,"pass"));
       }
     }
   }
 }
} else {

 ?>

<form method="post" action="<?php echo $PHP_SELF?>">

 User Name:<input type="Text" name="username"><br>

 Password:<input type="Text" name="passw"><br>

 <input type="Submit" name="submit" value="Enter information">

 </form>

<?php

} // end if


?>

</body>

</html>




-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux