Jump to content

Php Form help

Cyberspace

By Cyberspace
in PHP Coding Help

 Share

Recommended Posts

Cyberspace Member

Cyberspace

Posted
Posted

Im looking to check a password against a MemberRef in database table when i user enter a MemberRef and Password into a form:

 

I have the code so far to do the check, but its not checking the database Password, can anyone please help me

 

 

if (isset($_POST['submit']) && $error_stat == 0) {  

$account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' &&  Password='$Password'"); 

if ($MemberRef != $Password) {

    $error_stat = 1; 

//Set the message to tell the user to enter a username 
    $Password2_message = '*Incorrect Password*';

 

The line "if ($MemberRef != $Password) {" is wrong

Link to comment
Share on other sites
Cyberspace Member

Cyberspace

Posted
  • Author
Posted

where do you set the variables $MemberRef and $Password

 

Hey my full code is:

 

<?php


if (isset($_POST['submit'])) {  

$error_stat = 0;  
    $MemberRef_message = ''; 
    $Password_message = '';
    $Password2_message = '';
    $User_message = '';
    $Walk_message = '';

    $MemberRef = mysql_real_escape_string(stripslashes($_POST['MemberRef']));
    $Password = mysql_real_escape_string(stripslashes($_POST['Password']));
    
//Error checking  

// MemberRef Check)  
if (!$MemberRef) { 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 

//Set the message to tell the user to enter a username 
    $MemberRef_message = '*Please enter MemberRef*'; 
} 

else if (!ctype_digit($MemberRef)) {  
   $error_stat = 1;  
   $MemberRef_message .= '*MemberRef must be a number*';  
} 

if (!$Password) { 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 

//Set the message to tell the user to enter a username 
    $Password_message = '*Please enter a Password*'; 

}
    

if (isset($_POST['submit']) && $error_stat == 0) {  

$account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND  Password='$Password'"); 

if ($MemberRef != $Password) {

    $error_stat = 1; 

//Set the message to tell the user to enter a username 
    $Password2_message = '*Incorrect Password*'; 




}
    
}
}



?>


<hr class="hr_blue"/></p><font face="Arial" size="3">Join Walk</font><form method="post" class="addwalkerform" action="">   
</font>
<fieldset>
<label for="MemberRef">MemberRef:</label>  
<input name="MemberRef" type="text" id="MemberRef" value="<?php echo $_POST['MemberRef']; ?>"/> 
<span class="redboldtxt"><?php echo "$MemberRef_message";?></fieldset></span>  
</fieldset>

<fieldset>
<label for="Password">Password:</label>  
<input name="Password" type="text" id="Password" value="<?php echo $_POST['Password']; ?>"/> 
<span class="redboldtxt"><?php echo "$Password_message";?></fieldset></span>
<span class="redboldtxt"><?php echo "$Password2_message";?></fieldset></span>

<fieldset> 
<p class="submit"><input type="submit" name="submit" value="Join Walk" />

<span class="redboldtxt"><?php echo "$User_message";?></fieldset></span>

<span class="redboldtxt"><?php echo "$Walk_message";?></fieldset></span>


</fieldset>


</fieldset>
</form>

<?php
}
?>

Link to comment
Share on other sites
paul2463 Member

paul2463

Posted
Posted

i am confused as to what you are checking....

so $MemberRef and $password come from the post variable

then you run a query to select everything from the database that match the two variables

then you check to see if $MemberRef does not equal $password

 

are you trying to get the password from the database and check to see if the entered password matches the one in the database?

Link to comment
Share on other sites
Cyberspace Member

Cyberspace

Posted
  • Author
Posted

i am confused as to what you are checking....

so $MemberRef and $password come from the post variable

then you run a query to select everything from the database that match the two variables

then you check to see if $MemberRef does not equal $password

 

are you trying to get the password from the database and check to see if the entered password matches the one in the database?

 

Yeah im trying to check to see if the password matches the one in the database

Link to comment
Share on other sites
paul2463 Member

paul2463

Posted
Posted

change this bit

if (isset($_POST['submit']) && $error_stat == 0) {  

$account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND  Password='$Password'"); 

if ($MemberRef != $Password) {

    $error_stat = 1; 

//Set the message to tell the user to enter a username 
$Password2_message = '*Incorrect Password*';
}    
}

 

to this, i have put some comments in so you should be able to follow it through

if (isset($_POST['submit']) && $error_stat == 0) {  

$account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND  Password='$Password'");
$numrows = mysql_num_rows($account); //get rows returned
if ($numrows > 0)// if more than 0 its in database, if not throw new error message
{ 
$row = mysql_fetch_assoc($result);
$dbpassword = $row['Password']; //get the password from the database
if ($dbpassword != $Password) { // check it agains the inputted password, if not the same

    $error_stat = 1; 

//Set the message to tell the user to enter a username 
    $Password2_message = '*Incorrect Password*'; 




}
}
//new error message
$error_stat = 1;
$new_message = "MemberRef and Password do not exist";  
}

Link to comment
Share on other sites
Cyberspace Member

Cyberspace

Posted
  • Author
Posted

I have the code checking that the MemberRef exists and it works, but if i enter a correct MemberRef and an incorrect password it outputs that the user does not exist instead of outputting the incorrect password message, is there anyway i can fix this?

 

The code is now:

 

if (isset($_POST['submit']) && $error_stat == 0) {  

$account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND  Password='$Password'");
$numrows = mysql_num_rows($account); //get rows returned

if(mysql_num_rows($account) == 0){ 
         $error_stat = 1; 
//Set the message to tell the user MemberRef does not exist  
    $User_message = '*Member does not exist*'; 
     
}

else if ($numrows < 1)// if more than 0 its in database, if not throw new error message
{ 
$row = mysql_fetch_assoc($result);
$dbpassword = $row['Password']; //get the password from the database
if ($dbpassword != $Password) { // check it agains the inputted password, if not the same

    $error_stat = 1; 

//Set the message to tell the user to enter a username 
    $Password2_message = '*Incorrect Password*'; 

}
}

}
}



?>

Link to comment
Share on other sites
paul2463 Member

paul2463

Posted
Posted

change this line

$account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND  Password='$Password'");

 

to read

 

$account = mysql_query("SELECT Password FROM members WHERE MemberRef='$MemberRef' ");

 

so it pulls the password for that selected MemberRef, before you were checking to see if both the memberRef and Password existed, this would never happen if you input a wrong password

 

hope that helps

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.