Jon, Thanks for the info. I did change the LIKE to =. This was done just for my debugging. I do have it set to = on a normal basis. I am a little unsure what you mean at the end of your reply about register globals. Are you saying that everywhere I use $username to refer to the users inputed username I should use $_POST['username'] instead? Or are you suggesting to use this in one location. Thanks again for the reply, Aaron "Jonathan Haddad" <jon@xxxxxxxxxxxxxxxxx> wrote in message news:40FC00A8.1080402@xxxxxxxxxxxxxxxxxxxx > if you have shell access, please do the following > > describe users; > select * from users; > > also, why are you using LIKE instead of =? > use this instead: > > $query = "SELECT * FROM users WHERE email = '".$username."'"; > > i would also suggest turning off register globals and using > $_POST['username'] and not $username. (i'm assuming it's on given your code) > > Jon > > Aaron Todd wrote: > > >I am just starting out with PHP and I have created a simple login program > >that is supposed to check users input with a mysql database. I am doing 5 > >verifications before the program is completed...Check for the Submit button, > >check for a valid email address(which is the username), check for a valid > >password, check to see if the username exists in the database, and finally > >check to see if the password matches the database for the coresponding > >username. Currently you dont get access to a site you only get told what > >your password is in the database. > > > >Everything is technically working, but its not perfect and I think I need > >some help. I have entered 2 records in the database for testing purposes. > >When I put in username1 and password1 it works. The program returns the > >coresponding password. When I change to username2 and still put in > >password1 it will return password1. > > > >I have done some debuging and I am unsure of what is really happening. My > >code is below. Would anyone be able to tell me what I am doing wrong. > > > >Thanks, > > > >Aaron > > > ><html> > ><body> > ><?php > >if ($submit) { > > //VALID USERNAME/EMAIL ADDRESS > > if > >(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+\\/0-9=?A-Z^_` a > >-z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $username)) { > > $error = "You must enter a valid email address for your username.<br>"; > > echo "$error<br>"; > > } else { > > $db = mysql_connect("localhost", "username", "password"); > > mysql_select_db("database",$db); > > $query = "SELECT * FROM users WHERE email LIKE '".$username."'"; > > echo "$query<br>"; > > $result = mysql_query($query,$db); > > $num_rows = mysql_num_rows($result); > > echo "There are $num_rows records matching $username<br>"; > > //VALID PASSWORD > > echo "Entered User Name: $username<br>"; > > echo "Entered Password: $passw<br>"; > > if (strlen($passw) < 6 || !preg_match('/[a-z]/i', $passw) || > >!preg_match('/[0-9]/', $passw)) { > > $error = "Invalid Password. Must be greater than six characters > >containing at least one number.<br>"; > > echo "$error<br>"; > > } else { > > //USERNAME/EMAIL ADDRESS IN DATABASE > > if (!$num_rows){ > > $error = "Username was not found. Please Register."; > > echo "$error<br>"; > > die(mysql_error()); > > } else { > > //ENTERED PASSWORD IN DATABASE > > if (!$passw = mysql_result($result,0,"pass")){ > > $error = "Invalid Password.<br>"; > > echo "$error<br>"; > > } else { > > printf("Password is %s<br>\n", mysql_result($result,0,"pass")); > > } > > } > > } > > } > >} else { > > > > ?> > > > ><form method="post" action="<?php echo $PHP_SELF?>"> > > > > User Name:<input type="Text" name="username"><br> > > > > Password:<input type="Text" name="passw"><br> > > > > <input type="Submit" name="submit" value="Enter information"> > > > > </form> > > > ><?php > > > >} // end if > > > > > >?> > > > ></body> > > > ></html> > > > > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
