Thanks to everyone so far who has responded, but the other posts are going
down a different road than what I currently need.
In my code below I am building a login page. I am continuing to do
different things to debug this problem myself and I think I have narrowed it
down a bit. Like I said in my previous post...the program does work without
error, it just doesnt produce the expected results. When I enter username1
and password 1 I get pasword1. When I enter username2 and password2 I get
password2. When I enter username2 and password1 I get password2. This isnt
a very effective login program.
If you look at the last if statement:
if (!$_POST['passw'] = mysql_result($result,0,"pass")){
$error = "Invalid Password.<br>";
echo "$error<br>";
} else {
printf("Password is %s<br>\n", mysql_result($result,0,"pass"));
}
I am trying to validate what is entered in the form with what is in the
database. That looks like good code to me, but like I said before, when I
enter username2 and password1 I get password2. I think $result should only
contain the row that username2 is in so the pass field should have
password2. I believe it does. But If I put password1 in the form and the
program checks to see if it is equil to password2 it should echo the error.
You may be able to tell, but I am getting really confused by this.
If anyone can help with this I would really appreciate it.
Aaron
"Aaron Todd" <aaloki88@xxxxxxxxxxx> wrote in message
news:20040719165504.2786.qmail@xxxxxxxxxxxxxxx
> I am just starting out with PHP and I have created a simple login program
> that is supposed to check users input with a mysql database. I am doing 5
> verifications before the program is completed...Check for the Submit
button,
> check for a valid email address(which is the username), check for a valid
> password, check to see if the username exists in the database, and finally
> check to see if the password matches the database for the coresponding
> username. Currently you dont get access to a site you only get told what
> your password is in the database.
>
> Everything is technically working, but its not perfect and I think I need
> some help. I have entered 2 records in the database for testing purposes.
> When I put in username1 and password1 it works. The program returns the
> coresponding password. When I change to username2 and still put in
> password1 it will return password1.
>
> I have done some debuging and I am unsure of what is really happening. My
> code is below. Would anyone be able to tell me what I am doing wrong.
>
> Thanks,
>
> Aaron
>
> <html>
> <body>
> <?php
> if ($submit) {
> //VALID USERNAME/EMAIL ADDRESS
> if
>
(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+\\/0-9=?A-Z^_`a
> -z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $username)) {
> $error = "You must enter a valid email address for your
username.<br>";
> echo "$error<br>";
> } else {
> $db = mysql_connect("localhost", "username", "password");
> mysql_select_db("database",$db);
> $query = "SELECT * FROM users WHERE email LIKE '".$username."'";
> echo "$query<br>";
> $result = mysql_query($query,$db);
> $num_rows = mysql_num_rows($result);
> echo "There are $num_rows records matching $username<br>";
> //VALID PASSWORD
> echo "Entered User Name: $username<br>";
> echo "Entered Password: $passw<br>";
> if (strlen($passw) < 6 || !preg_match('/[a-z]/i', $passw) ||
> !preg_match('/[0-9]/', $passw)) {
> $error = "Invalid Password. Must be greater than six characters
> containing at least one number.<br>";
> echo "$error<br>";
> } else {
> //USERNAME/EMAIL ADDRESS IN DATABASE
> if (!$num_rows){
> $error = "Username was not found. Please Register.";
> echo "$error<br>";
> die(mysql_error());
> } else {
> //ENTERED PASSWORD IN DATABASE
> if (!$passw = mysql_result($result,0,"pass")){
> $error = "Invalid Password.<br>";
> echo "$error<br>";
> } else {
> printf("Password is %s<br>\n", mysql_result($result,0,"pass"));
> }
> }
> }
> }
> } else {
>
> ?>
>
> <form method="post" action="<?php echo $PHP_SELF?>">
>
> User Name:<input type="Text" name="username"><br>
>
> Password:<input type="Text" name="passw"><br>
>
> <input type="Submit" name="submit" value="Enter information">
>
> </form>
>
> <?php
>
> } // end if
>
>
> ?>
>
> </body>
>
> </html>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
