Cyberspace Posted April 9, 2008 Share Posted April 9, 2008 Im looking to check a password against a MemberRef in database table when i user enter a MemberRef and Password into a form: I have the code so far to do the check, but its not checking the database Password, can anyone please help me if (isset($_POST['submit']) && $error_stat == 0) { $account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' && Password='$Password'"); if ($MemberRef != $Password) { $error_stat = 1; //Set the message to tell the user to enter a username $Password2_message = '*Incorrect Password*'; The line "if ($MemberRef != $Password) {" is wrong Quote Link to comment Share on other sites More sharing options...
paul2463 Posted April 9, 2008 Share Posted April 9, 2008 where do you set the variables $MemberRef and $Password Quote Link to comment Share on other sites More sharing options...
Cyberspace Posted April 9, 2008 Author Share Posted April 9, 2008 where do you set the variables $MemberRef and $Password Hey my full code is: <?php if (isset($_POST['submit'])) { $error_stat = 0; $MemberRef_message = ''; $Password_message = ''; $Password2_message = ''; $User_message = ''; $Walk_message = ''; $MemberRef = mysql_real_escape_string(stripslashes($_POST['MemberRef'])); $Password = mysql_real_escape_string(stripslashes($_POST['Password'])); //Error checking // MemberRef Check) if (!$MemberRef) { //Set the error_stat to 1, which means that an error has occurred $error_stat = 1; //Set the message to tell the user to enter a username $MemberRef_message = '*Please enter MemberRef*'; } else if (!ctype_digit($MemberRef)) { $error_stat = 1; $MemberRef_message .= '*MemberRef must be a number*'; } if (!$Password) { //Set the error_stat to 1, which means that an error has occurred $error_stat = 1; //Set the message to tell the user to enter a username $Password_message = '*Please enter a Password*'; } if (isset($_POST['submit']) && $error_stat == 0) { $account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND Password='$Password'"); if ($MemberRef != $Password) { $error_stat = 1; //Set the message to tell the user to enter a username $Password2_message = '*Incorrect Password*'; } } } ?> <hr class="hr_blue"/></p><font face="Arial" size="3">Join Walk</font><form method="post" class="addwalkerform" action=""> </font> <fieldset> <label for="MemberRef">MemberRef:</label> <input name="MemberRef" type="text" id="MemberRef" value="<?php echo $_POST['MemberRef']; ?>"/> <span class="redboldtxt"><?php echo "$MemberRef_message";?></fieldset></span> </fieldset> <fieldset> <label for="Password">Password:</label> <input name="Password" type="text" id="Password" value="<?php echo $_POST['Password']; ?>"/> <span class="redboldtxt"><?php echo "$Password_message";?></fieldset></span> <span class="redboldtxt"><?php echo "$Password2_message";?></fieldset></span> <fieldset> <p class="submit"><input type="submit" name="submit" value="Join Walk" /> <span class="redboldtxt"><?php echo "$User_message";?></fieldset></span> <span class="redboldtxt"><?php echo "$Walk_message";?></fieldset></span> </fieldset> </fieldset> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
paul2463 Posted April 9, 2008 Share Posted April 9, 2008 i am confused as to what you are checking.... so $MemberRef and $password come from the post variable then you run a query to select everything from the database that match the two variables then you check to see if $MemberRef does not equal $password are you trying to get the password from the database and check to see if the entered password matches the one in the database? Quote Link to comment Share on other sites More sharing options...
Cyberspace Posted April 9, 2008 Author Share Posted April 9, 2008 i am confused as to what you are checking.... so $MemberRef and $password come from the post variable then you run a query to select everything from the database that match the two variables then you check to see if $MemberRef does not equal $password are you trying to get the password from the database and check to see if the entered password matches the one in the database? Yeah im trying to check to see if the password matches the one in the database Quote Link to comment Share on other sites More sharing options...
paul2463 Posted April 9, 2008 Share Posted April 9, 2008 change this bit if (isset($_POST['submit']) && $error_stat == 0) { $account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND Password='$Password'"); if ($MemberRef != $Password) { $error_stat = 1; //Set the message to tell the user to enter a username $Password2_message = '*Incorrect Password*'; } } to this, i have put some comments in so you should be able to follow it through if (isset($_POST['submit']) && $error_stat == 0) { $account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND Password='$Password'"); $numrows = mysql_num_rows($account); //get rows returned if ($numrows > 0)// if more than 0 its in database, if not throw new error message { $row = mysql_fetch_assoc($result); $dbpassword = $row['Password']; //get the password from the database if ($dbpassword != $Password) { // check it agains the inputted password, if not the same $error_stat = 1; //Set the message to tell the user to enter a username $Password2_message = '*Incorrect Password*'; } } //new error message $error_stat = 1; $new_message = "MemberRef and Password do not exist"; } Quote Link to comment Share on other sites More sharing options...
Cyberspace Posted April 9, 2008 Author Share Posted April 9, 2008 Hey thanks for that, really appreciate your help Quote Link to comment Share on other sites More sharing options...
Cyberspace Posted April 9, 2008 Author Share Posted April 9, 2008 I have the code checking that the MemberRef exists and it works, but if i enter a correct MemberRef and an incorrect password it outputs that the user does not exist instead of outputting the incorrect password message, is there anyway i can fix this? The code is now: if (isset($_POST['submit']) && $error_stat == 0) { $account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND Password='$Password'"); $numrows = mysql_num_rows($account); //get rows returned if(mysql_num_rows($account) == 0){ $error_stat = 1; //Set the message to tell the user MemberRef does not exist $User_message = '*Member does not exist*'; } else if ($numrows < 1)// if more than 0 its in database, if not throw new error message { $row = mysql_fetch_assoc($result); $dbpassword = $row['Password']; //get the password from the database if ($dbpassword != $Password) { // check it agains the inputted password, if not the same $error_stat = 1; //Set the message to tell the user to enter a username $Password2_message = '*Incorrect Password*'; } } } } ?> Quote Link to comment Share on other sites More sharing options...
paul2463 Posted April 10, 2008 Share Posted April 10, 2008 change this line $account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND Password='$Password'"); to read $account = mysql_query("SELECT Password FROM members WHERE MemberRef='$MemberRef' "); so it pulls the password for that selected MemberRef, before you were checking to see if both the memberRef and Password existed, this would never happen if you input a wrong password hope that helps Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.