Jon, The table contains 2 fields...email and pass. My plan is to use the email address as the username. $query = "SELECT * FROM users WHERE email='".$username."'"; I used this query because a persons whole email address should be unique. I didnt feel it was necessary to add the AND password= because there shouldnt ever be 2 of the same exact email address' in the table. Thanks again, Aaron "Jonathan Haddad" <jon@xxxxxxxxxxxxxxxxx> wrote in message news:40FC0DBE.7050401@xxxxxxxxxxxxxxxxxxxx > You want to use $_POST['username'] instead of $username everywhere you > have a POST variable. I believe this became the standard around PHP4.2. > > Can you give us the table def and the results of that select? Also, can > you copy that query ( echo "$query<br>";) into your next reply? > > I think you're query looked something like this before: > > SELECT * from user where username LIKE ""? > > That would select the entire table. You could do it like this: > > SELECT * from user WHERE username = '{$_POST['username']} AND password = > '{$_POST['password']} > > that will only return the row that matches both the username and > password - so if 1 row is returned it must be the login info. That'll > cut down on the PHP code you need to write. > > Aaron Todd wrote: > > >Jon, > > > >Thanks for the info. I did change the LIKE to =. This was done just for my > >debugging. I do have it set to = on a normal basis. > > > >I am a little unsure what you mean at the end of your reply about register > >globals. Are you saying that everywhere I use $username to refer to the > >users inputed username I should use $_POST['username'] instead? Or are you > >suggesting to use this in one location. > > > >Thanks again for the reply, > > > >Aaron > > > > > >"Jonathan Haddad" <jon@xxxxxxxxxxxxxxxxx> wrote in message > >news:40FC00A8.1080402@xxxxxxxxxxxxxxxxxxxx > > > > > >>if you have shell access, please do the following > >> > >>describe users; > >>select * from users; > >> > >>also, why are you using LIKE instead of =? > >>use this instead: > >> > >>$query = "SELECT * FROM users WHERE email = '".$username."'"; > >> > >>i would also suggest turning off register globals and using > >>$_POST['username'] and not $username. (i'm assuming it's on given your > >> > >> > >code) > > > > > >>Jon > >> > >>Aaron Todd wrote: > >> > >> > >> > >>>I am just starting out with PHP and I have created a simple login program > >>>that is supposed to check users input with a mysql database. I am doing > >>> > >>> > >5 > > > > > >>>verifications before the program is completed...Check for the Submit > >>> > >>> > >button, > > > > > >>>check for a valid email address(which is the username), check for a valid > >>>password, check to see if the username exists in the database, and > >>> > >>> > >finally > > > > > >>>check to see if the password matches the database for the coresponding > >>>username. Currently you dont get access to a site you only get told what > >>>your password is in the database. > >>> > >>>Everything is technically working, but its not perfect and I think I need > >>>some help. I have entered 2 records in the database for testing > >>> > >>> > >purposes. > > > > > >>>When I put in username1 and password1 it works. The program returns the > >>>coresponding password. When I change to username2 and still put in > >>>password1 it will return password1. > >>> > >>>I have done some debuging and I am unsure of what is really happening. > >>> > >>> > >My > > > > > >>>code is below. Would anyone be able to tell me what I am doing wrong. > >>> > >>>Thanks, > >>> > >>>Aaron > >>> > >>><html> > >>><body> > >>><?php > >>>if ($submit) { > >>> //VALID USERNAME/EMAIL ADDRESS > >>> if > >>> > >>> > >>(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[!#$%&\'*+\\/0-9=?A-Z^_ ` > >> > >> > >a > > > > > >>>-z{|}`]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $username)) { > >>> $error = "You must enter a valid email address for your > >>> > >>> > >username.<br>"; > > > > > >>> echo "$error<br>"; > >>> } else { > >>> $db = mysql_connect("localhost", "username", "password"); > >>> mysql_select_db("database",$db); > >>> $query = "SELECT * FROM users WHERE email LIKE '".$username."'"; > >>> echo "$query<br>"; > >>> $result = mysql_query($query,$db); > >>> $num_rows = mysql_num_rows($result); > >>> echo "There are $num_rows records matching $username<br>"; > >>> //VALID PASSWORD > >>> echo "Entered User Name: $username<br>"; > >>> echo "Entered Password: $passw<br>"; > >>> if (strlen($passw) < 6 || !preg_match('/[a-z]/i', $passw) || > >>>!preg_match('/[0-9]/', $passw)) { > >>> $error = "Invalid Password. Must be greater than six characters > >>>containing at least one number.<br>"; > >>> echo "$error<br>"; > >>> } else { > >>> //USERNAME/EMAIL ADDRESS IN DATABASE > >>> if (!$num_rows){ > >>> $error = "Username was not found. Please Register."; > >>> echo "$error<br>"; > >>> die(mysql_error()); > >>> } else { > >>> //ENTERED PASSWORD IN DATABASE > >>> if (!$passw = mysql_result($result,0,"pass")){ > >>> $error = "Invalid Password.<br>"; > >>> echo "$error<br>"; > >>> } else { > >>> printf("Password is %s<br>\n", mysql_result($result,0,"pass")); > >>> } > >>> } > >>> } > >>> } > >>>} else { > >>> > >>> ?> > >>> > >>><form method="post" action="<?php echo $PHP_SELF?>"> > >>> > >>> User Name:<input type="Text" name="username"><br> > >>> > >>> Password:<input type="Text" name="passw"><br> > >>> > >>> <input type="Submit" name="submit" value="Enter information"> > >>> > >>> </form> > >>> > >>><?php > >>> > >>>} // end if > >>> > >>> > >>>?> > >>> > >>></body> > >>> > >>></html> > >>> > >>> > >>> > >>> > >>> > > > > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
