[SOLVED] username and password check.

[MDanz]

$numrows = mysql_num_rows($query);

if ($numrows!=0)

 

{

while ($row = mysql_fetch_assoc($query));

{

$dbusername = $row ['username'];

$dbpassword = $row ['password'];

}

//check to see if they match

 

if ($username==$dbusername&&$password==$dbpassword)

{

echo "Welcome!";

}

else

echo "Incorrect Password!";

 

 

It keeps saying incorrect password.. only time it said welcome is when i deleted the echo "incorrect password" ;

 

 

 

[sKunKbad]

if ($numrows!=0) should have an double equals ==

 

I think I was cross-eyed... I didn't even see the exclamation point..

[MDanz]

tried it doesnt work... :'(

[sKunKbad]

Where are the values for $username and $password coming from? Also, what is your query?

[Philip]

Is the password in the DB hashed (e.g.. did you use md5() when storing it?)

[MDanz]

<?php

$username = $_POST['username'];

$password = $_POST['password'];

 

if($username&$password)

 

{

 

 

$connect = mysql_connect ("localhost","ustackc1_Master","password")or die("Couldn't Connect");

mysql_select_db("ustackc1_Login")or die("Couldn't Connect");

 

$query = mysql_query("SELECT * FROM Users WHERE username ='$username'");

 

$numrows = mysql_num_rows($query);

if ($numrows!=0)

 

{

while ($row = mysql_fetch_assoc($query));

{

$dbusername = $row ['username'];

$dbpassword = $row ['password'];

}

//check to see if they match

 

if ($username==$dbusername&&$password==$dbpassword)

{

echo "Welcome!";

}

else

echo "Incorrect Password!";

}

else

die("That user doesn't exist!");

 

}

 

else {

 

die ("Please enter a username and password");

}

?>

 

heres the full php

 

 

[lonewolf217]

the problem is you are going through the while loop for all of the possible values of username and password, AND THEN you are comparing them. 

 

<?php
$numrows = mysql_num_rows($query);
if ($numrows!=0)

{
    while ($row = mysql_fetch_assoc($query));
   {
      $dbusername = $row ['username'];
      $dbpassword = $row ['password'];
      //check to see if they match
   
      if ($username==$dbusername && $password==$dbpassword)
      {
         echo "Welcome!";
      }
      else
         echo "Incorrect Password!";
   }

 

edit:  technically for logging in you should only be returning one row anyway, so yours will work, but its still bad practice.

 

as a previous poster said, how are you storing the passwords ?  One would hope that you hash them before setting them in your database, in which case you would have to hash the input from $_POST before trying to compare it

 

if it still doesn't work, then try echoing $username and $password and $dbusername and $dbpassword and visually compare them and also print them out here so we can see where you could be going wrong

[MDanz]

this is my second day on php.. i'm not good at it yet. I was following a tutorial on youtube and in comment some people have the same problem.. 

 

whats the best way to alter it just to check is password and username are correct?

 

[lonewolf217]

like we said, we need to know how the passwords are stored in the database.  can you post the registration page code ? or at least post the input and output that i requested in my previous post

[TeNDoLLA]

Also worth a note. You are comparing here with bitwise operator not logical operator. This happens to work probably for you now but might lead into akward situations later.

if($username&$password)

 

Should be instead..

if($username && $password)

 

even better would be to check if they are not empty and exists..

if(!empty$(username) && !empty($password))