Can you give us the table def and the results of that select? Also, can you copy that query ( echo "$query<br>";) into your next reply?
I think you're query looked something like this before:
SELECT * from user where username LIKE ""?
That would select the entire table. You could do it like this:
SELECT * from user WHERE username = '{$_POST['username']} AND password = '{$_POST['password']}
that will only return the row that matches both the username and password - so if 1 row is returned it must be the login info. That'll cut down on the PHP code you need to write.
Aaron Todd wrote:
Jon,
Thanks for the info. I did change the LIKE to =. This was done just for my debugging. I do have it set to = on a normal basis.
I am a little unsure what you mean at the end of your reply about register globals. Are you saying that everywhere I use $username to refer to the users inputed username I should use $_POST['username'] instead? Or are you suggesting to use this in one location.
Thanks again for the reply,
Aaron
"Jonathan Haddad" <jon@xxxxxxxxxxxxxxxxx> wrote in message
news:40FC00A8.1080402@xxxxxxxxxxxxxxxxxxxx
code)if you have shell access, please do the following
describe users; select * from users;
also, why are you using LIKE instead of =? use this instead:
$query = "SELECT * FROM users WHERE email = '".$username."'";
i would also suggest turning off register globals and using
$_POST['username'] and not $username. (i'm assuming it's on given your
5Jon
Aaron Todd wrote:
I am just starting out with PHP and I have created a simple login program
that is supposed to check users input with a mysql database. I am doing
button,verifications before the program is completed...Check for the Submit
finallycheck for a valid email address(which is the username), check for a valid
password, check to see if the username exists in the database, and
purposes.check to see if the password matches the database for the coresponding username. Currently you dont get access to a site you only get told what your password is in the database.
Everything is technically working, but its not perfect and I think I need
some help. I have entered 2 records in the database for testing
MyWhen I put in username1 and password1 it works. The program returns the coresponding password. When I change to username2 and still put in password1 it will return password1.
I have done some debuging and I am unsure of what is really happening.
a(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+\\/0-9=?A-Z^_`code is below. Would anyone be able to tell me what I am doing wrong.
Thanks,
Aaron
<html>
<body>
<?php
if ($submit) {
//VALID USERNAME/EMAIL ADDRESS
if
username.<br>";-z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $username)) {
$error = "You must enter a valid email address for your
echo "$error<br>"; } else { $db = mysql_connect("localhost", "username", "password"); mysql_select_db("database",$db); $query = "SELECT * FROM users WHERE email LIKE '".$username."'"; echo "$query<br>"; $result = mysql_query($query,$db); $num_rows = mysql_num_rows($result); echo "There are $num_rows records matching $username<br>"; //VALID PASSWORD echo "Entered User Name: $username<br>"; echo "Entered Password: $passw<br>"; if (strlen($passw) < 6 || !preg_match('/[a-z]/i', $passw) || !preg_match('/[0-9]/', $passw)) { $error = "Invalid Password. Must be greater than six characters containing at least one number.<br>"; echo "$error<br>"; } else { //USERNAME/EMAIL ADDRESS IN DATABASE if (!$num_rows){ $error = "Username was not found. Please Register."; echo "$error<br>"; die(mysql_error()); } else { //ENTERED PASSWORD IN DATABASE if (!$passw = mysql_result($result,0,"pass")){ $error = "Invalid Password.<br>"; echo "$error<br>"; } else { printf("Password is %s<br>\n", mysql_result($result,0,"pass")); } } } } } else {
?>
<form method="post" action="<?php echo $PHP_SELF?>">
User Name:<input type="Text" name="username"><br>
Password:<input type="Text" name="passw"><br>
<input type="Submit" name="submit" value="Enter information">
</form>
<?php
} // end if
?>
</body>
</html>
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php