Login with only username

[freddyw]

Hi there. This will sound as obscure as much as is insecure. But all i want is a login system where the user enters only their username to log into the site.

 

this is the code im curretnly working with..

 

<?php       $username = (isset($_POST['username'])) ? pg_escape_string($_POST['username']) : "";
            $referer = (isset($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : "noreferer";
        
                
                $conn = @pg_connect("connection details hidden");
                
                $psql="select * from users where username =\'$username\'";
                
                $rs = @pg_query ($psql, $conn)
                    or die ("login failed! <br /><br />" . pg_last_error());
                    
            #get number of rows that match username
                $num = pg_num_rows($rs);
            
            #if there is a match log in successful
            if ( $num ==1 )
                {
                $msg = "Welcome $username - You are logged in";
                }
            else #return to log in page
                {
                header ( "location:$referer" );
                exit();
                }
        
?>

<html>
    <head><title>You are logged in</title></head>
        <body>
            <? echo ( $msg );
            ?>
        </body>
<html>
                

 

 

the username is a primary key so therefore the number of rows equalling the match of a username can only be one. I'm testing it with a username that exists in the database and im getting log in failed.

 

If anyone can tell me what im doing wrong that would be great.

thanks.[/code]

[DEVILofDARKNESS]

It is possible that it is because you do $username = (isset($_POST['username']))

try $username = $_POST['username']

 

maybe it helps,

 

btw would you like to explain why you only want a username?!

[freddyw]

Thanks

i made the change u suggested and the login is still failing

[DEVILofDARKNESS]

But do you get: Login failed or are you redirected to the login page?

[gergy008]

It is possible that it is because you do $username = (isset($_POST['username']))

try $username = $_POST['username']

 

maybe it helps,

 

btw would you like to explain why you only want a username?!

 

Maybe you should try:

 

if(isset($_POST['username']){
$username=$_POST['username'];
}

[freddyw]

still doesnt work

 

and im recieving log in failed

 

 

btw would you like to explain why you only want a username?!

 

 

this is only tempory while im having trouble with the database

[lynxus]

I knwo it wont make much difference, however maybe change

 

if ( $num ==1 )

                {

 

to

 

if ( $num == "1" )

                {

 

Its things like this that probably wont make any difference, but always seem to bugger me up.

Id also check your reffering to the correct vars.

[PFMaBiSmAd]

The "login failed!" failed message is coming from the die() statement on your query. That means that the query itself failed to execute and has nothing to do with the login failing. The query is never executed to even find any matching rows. Edit: And if pg_last_error() did not produce any output, it is likely that the pg extension is not even installed.

 

Remove all the @'s from your code (and never put any @ back in your code if you ever want to get to the point where your code will work)  and add the following two lines of code immediately after the first opening <?php tag to get php to help you by showing all the errors it finds -

 

ini_set("display_errors", "1");
error_reporting(E_ALL);