Re: Begining PHP...Have Questions

[Jonathan Haddad <jon@xxxxxxxxxxxxxxxxx>]

You want to use $_POST['username'] instead of $username everywhere you 
have a POST variable.  I believe this became the standard around PHP4.2.

Can you give us the table def and the results of that select?  Also, can 
you copy that query ( echo "$query<br>";)  into your next reply?

I think you're query looked something like this before:

SELECT * from user where username LIKE ""?

That would select the entire table.  You could do it like this:

SELECT * from user WHERE username = '{$_POST['username']} AND password = 
'{$_POST['password']}

that will only return the row that matches both the username and 
password - so if 1 row is returned it must be the login info.  That'll 
cut down on the PHP code you need to write.

Aaron Todd wrote:

> Jon,
>
> Thanks for the info.  I did change the LIKE to =.  This was done just for my
> debugging.  I do have it set to = on a normal basis.
>
> I am a little unsure what you mean at the end of your reply about register
> globals.  Are you saying that everywhere I use $username to refer to the
> users inputed username I should use $_POST['username'] instead?  Or are you
> suggesting to use this in one location.
>
> Thanks again for the reply,
>
> Aaron
>
>
> "Jonathan Haddad" <jon@xxxxxxxxxxxxxxxxx> wrote in message
> news:40FC00A8.1080402@xxxxxxxxxxxxxxxxxxxx
>  
>
> > if you have shell access, please do the following
> >
> > describe users;
> > select * from users;
> >
> > also, why are you using LIKE instead of =?
> > use this instead:
> >
> > $query = "SELECT * FROM users WHERE email = '".$username."'";
> >
> > i would also suggest turning off register globals and using
> > $_POST['username'] and not $username. (i'm assuming it's on given your
> >    
> code)
>  
>
> > Jon
> >
> > Aaron Todd wrote:
> >
> >    
> >
> > > I am just starting out with PHP and I have created a simple login program
> > > that is supposed to check users input with a mysql database.  I am doing
> > >      
> 5
>  
>
> > > verifications before the program is completed...Check for the Submit
> > >      
> button,
>  
>
> > > check for a valid email address(which is the username), check for a valid
> > > password, check to see if the username exists in the database, and
> > >      
> finally
>  
>
> > > check to see if the password matches the database for the coresponding
> > > username.  Currently you dont get access to a site you only get told what
> > > your password is in the database.
> > >
> > > Everything is technically working, but its not perfect and I think I need
> > > some help.  I have entered 2 records in the database for testing
> > >      
> purposes.
>  
>
> > > When I put in username1 and password1 it works.  The program returns the
> > > coresponding password.  When I change to username2 and still put in
> > > password1 it will return password1.
> > >
> > > I have done some debuging and I am unsure of what is really happening.
> > >      
> My
>  
>
> > > code is below.  Would anyone be able to tell me what I am doing wrong.
> > >
> > > Thanks,
> > >
> > > Aaron
> > >
> > > <html>
> > > <body>
> > > <?php
> > > if ($submit) {
> > > //VALID USERNAME/EMAIL ADDRESS
> > > if
> > >      
> > (!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+\\/0-9=?A-Z^_`
> >    
> a
>  
>
> > > -z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $username)) {
> > >   $error = "You must enter a valid email address for your
> > >      
> username.<br>";
>  
>
> > >   echo "$error<br>";
> > > } else {
> > >   $db = mysql_connect("localhost", "username", "password");
> > >   mysql_select_db("database",$db);
> > >   $query = "SELECT * FROM users WHERE email LIKE '".$username."'";
> > >   echo "$query<br>";
> > >   $result = mysql_query($query,$db);
> > >   $num_rows = mysql_num_rows($result);
> > >   echo "There are $num_rows records matching $username<br>";
> > >   //VALID PASSWORD
> > >   echo "Entered User Name:  $username<br>";
> > >   echo "Entered Password:  $passw<br>";
> > >   if (strlen($passw) < 6 || !preg_match('/[a-z]/i', $passw) ||
> > > !preg_match('/[0-9]/', $passw)) {
> > >     $error = "Invalid Password.  Must be greater than six characters
> > > containing at least one number.<br>";
> > >     echo "$error<br>";
> > >   } else {
> > >     //USERNAME/EMAIL ADDRESS IN DATABASE
> > >     if (!$num_rows){
> > >       $error = "Username was not found.  Please Register.";
> > >       echo "$error<br>";
> > >       die(mysql_error());
> > >     } else {
> > >       //ENTERED PASSWORD IN DATABASE
> > >       if (!$passw = mysql_result($result,0,"pass")){
> > >         $error = "Invalid Password.<br>";
> > >         echo "$error<br>";
> > >       } else {
> > >         printf("Password is %s<br>\n", mysql_result($result,0,"pass"));
> > >       }
> > >     }
> > >   }
> > > }
> > > } else {
> > >
> > > ?>
> > >
> > > <form method="post" action="<?php echo $PHP_SELF?>">
> > >
> > > User Name:<input type="Text" name="username"><br>
> > >
> > > Password:<input type="Text" name="passw"><br>
> > >
> > > <input type="Submit" name="submit" value="Enter information">
> > >
> > > </form>
> > >
> > > <?php
> > >
> > > } // end if
> > >
> > >
> > > ?>
> > >
> > > </body>
> > >
> > > </html>
> > >
> > >
> > >
> > >      
>
>  

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php