Jump to content

[SOLVED] Cant get user authentication to work from database

goocharlton

By goocharlton
in PHP Coding Help

Recommended Posts

goocharlton Member

goocharlton

Posted
Posted

Here is the code I am trying to use:

            <?php
		session_start();
		$result = mysql_query("SELECT username, password FROM user WHERE username='password'");
		$passwords = mysql_fetch_assoc($result);
		if ($_POST['password'] == $passwords[$_POST['username']]) {
			echo "Login Successfull";
			$_SESSION['auth_username'] = $_POST['username'];
		} else { ?>
                <form method="post">
                	<div class="login-form">
                        Username<?php if(isset($_POST['login']) and !$_POST['username']) { echo "<span style='color:#FF0000;'>*</span>"; } ?><br>
                        <input name="username" type="text">
                    </div>
                    <div class="login-form">
                        Password<?php if(isset($_POST['login']) and !$_POST['password']) { echo "<span style='color:#FF0000;'>*</span>"; } ?><br>
                        <input name="password" type="password">
                    </div>
                    <div class="login-button">
                        <input name="login" type="submit" value="Login" style="width:40px;">
                    </div>
                </form>
                <?php } ?>

 

What am I doing wrong?

captbaritone Newbie

captbaritone

Posted
Posted

Since you haven't told us what you have tried, or what the symptoms are, I can't help you much at all. But his looks all wrong:

 

// Here you query the database for the username and passwords of users named "password"
$result = mysql_query("SELECT username, password FROM user WHERE username='password'");

// Here you set the array of users (named "password") to a variable names $passwords
$passwords = mysql_fetch_assoc($result);

// Here you comparing the password your user has given with a field in the database named "whatever username they typed in".
if ($_POST['password'] == $passwords[$_POST['username']]) {
echo "Login Successfull";
$_SESSION['auth_username'] = $_POST['username'];
}

And that's as far as I got.

Fadion Newbie

Fadion

Posted
Posted

Yep actually it doesnt make any sense. Most of all the "WHERE username='password'". What's the aim of that, do you have users with username=password. A normal approach should be:

 

<?php
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = sha1($_POST['password']); //i took for granted that you are using sha1() hashing for passwords
$results = @mysql_query("SELECT id FROM user WHERE username='$username' AND password='$password'") or die();
if(mysql_num_rows($results) == 1){ //this means a user exists and the password was correct
     echo 'Login Successful';
     $_SESSION['auth_username'] = $username;
} else{
    //show the form
}
?>

adam291086 Advanced Member

adam291086

Posted
Posted

you have messed up the code a little. Heres an example \

 

<?php
//these variables are from the login form 
$username = $_POST['Username'];
$password = $_POST['password'];

//connect to the database

$con = mysql_connect("localhost","peter","abc123");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
else
{
//search the database 

$result = mysql_query("SELECT * FROM person
WHERE username='$username' AND password='$password'");

//count to see how many rows are found
$num_rows = mysql_num_rows($result);

if($num_rows >0)
{
redirect to sucessful login
}
else
{
bad login
}
?>

}

 

hope this gives you an idea

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.