MySQL Php Login Error

tpstudent · September 18, 2008

Hi,

I had create a login for user. However, when I enter in the wrong userid or password, it did not prompt an error but it just refresh the login page. It should go through some checks to see if the user post is correct or not.

These are the codes


       <?php

			// read the value of the hidden text field and check whether it has been set
			$submitted = isset($_POST['formSubmitted']);
			$success = FALSE;


			// retrieve the user input in the name and password textfield
			if($submitted){


			// determine if the user name and password field is empty. show an error message if it is

			if(!empty($_POST['staffid'])){
				$staffid = $_POST['staffid'];
			}
			else {
				$staffid = NULL;
				echo "<br><font color=red><center><span class = 'text'> You forgot to enter your staff ID! </span></center></font>";
			}

			if(!empty($_POST['password'])) {
				$password = $_POST['password'];
			}
			else{
				$password = NULL;
				echo "<br><font color=red><center><span class = 'text'> You forgot to enter your password! </span></center></font>";
			}


			//Verify that the user name and password is the same before going into the registration page
			if($staffid && $password){
				// Set value into session
				require_once('staffSql.php');
					// connect to the mysql database server.
				mysql_select_db($dbname); 

				//assign the data passed from Flex to variables
				$staffid = mysql_real_escape_string($_POST["staffid"]);
				$password = mysql_real_escape_string($_POST["password"]);
				$name = mysql_real_escape_string($_POST["name"]);
				//Query the database to see if the given username/password combination is valid.
				$query = "SELECT staffid ,password, name FROM staff where staffid='$staffid' and password= '$password'";
				$_SESSION['staffid'] = $staffid;
				$result = mysql_query($query);

			//echo $staffid;

				if($staffid == $staffid && $password == $password){


						if ($staffid == admin && $password == password)
						{
							$_SESSION['$staffid'] = $$staffid;
							$success=TRUE;
							echo "Login Successful! You will be directed to the homepage in 3 seconds";
							echo"<meta http-equiv='Refresh' content='3; URL=try2.html'>";
						}


					else{

					while ($row = mysql_fetch_array ($result)) {

					$name=$row['name'];
					echo "<br><P><B><center><span class = 'text'>Log in successful! Welcome ".$name.".</span></center></b></p>";
					echo"<span class = 'text'>You will be redirected to the home page in 3 seconds.</span>";
					echo"<meta http-equiv='Refresh' content='3; URL=main.php'>";
						$_SESSION['name'] = $name;			
						$success = TRUE;
					}//close of while

					}
				}
				else{
					echo "<P><font color=red><center><span class = 'text'>Either your username or password is incorrect. Please try again.<span class = 'text'></center></font>";
				}	
			}

		}




?>            
            </div></td>
            
          </tr>
        </table>        
      <?php if($success==FALSE) { ?>
         <br>
          
           <form name="form1" method="post" action="index.php">
<table width="86%" border="0" align="center" cellspacing="0">
                    <tr>
                      <td><span class="text">Employee ID:</span></td>
                      <td><input type="text" name="staffid" class="inputtext" value="<?php if(isset($_POST['staffid'])) echo $staffid; ?>" /></td>
                    </tr>
                    <tr>
                      <td width="44%"><span class="text">Password:</span></td>
                      <td width="56%"><input type="password" name="password" class="inputtext"/></td>
                    </tr>
                    <?php //echo $staffid; ?>
                    <tr>
                      <td><label></label></td>
                      <td><span class="style1">*Please note that all fields are case sensitive</span></td>
                    </tr>
                    <tr>
                      <td></td>
                      
                      
                      <td>                        <div align="right"><br>
                        <input type="submit" name="Submit" value="Login" />
                        <input type="reset" name="Submit2" value="Reset">
                      </div>
                        <label>
                      <div align="center"></div>
                            </label>                      </td>
          </tr>
                  </table>
			  
			  
<!-- TODO insert a hidden field -->
                  <input type="hidden" name="formSubmitted" value="TRUE" />
                  
          </form>
			  

			  
  <?php } ?>

I felt the error is here:

	if($staffid == $staffid && $password == $password){

but i do not know what to put.

can anyone please help

thanks!!!

AV1611 · September 18, 2008

that statement will always be true because you are saying if 1 == 1.

tpstudent · September 18, 2008

so what should i go about checking if the login input is what the user has enter?

cos last time i did in mysqli, i am able to pass the variable in.

// Set value into session
				$_SESSION['staffid'] = $staffid;		

				// Connect to database
				$mysqli = new mysqli("localhost", "root", null, "staffsignage");
				// Prepare statement
				$stmt = $mysqli->prepare("SELECT staffid ,password, name FROM staff where staffid=? and password=?");
				// Bind parameters
				//echo $staffid;
				$stmt->bind_param ("ss",$staffid,$password);
				// Execute
				$result = $stmt->execute();
				// Bind result
				$stmt->bind_result($u,$p,$name);
				echo $u;
				// Fetch
				$stmt->fetch();

			//echo $staffid;

				if($staffid == $u && $password == $p){

However after changing it to mysql, i am facing this error.

how do i change it?

anyway, thanks for replying!

Sign In

MySQL Php Login Error

Recommended Posts

tpstudent

Link to comment

Share on other sites

AV1611

Link to comment

Share on other sites

tpstudent

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information