php login error

[mingger]

Hey php masters !

i ran into a problem while making my login page, im new to php so please dont rage at me

the code that i think gives the problem is this:

if ($numrows!=0)

{

 

while ($row = mysql_fetch_assoc($query))

{

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

if ($username==$dbusername&&$password==$dbpassword)

{

 

echo "du er logget ind $username"

 

}

else

echo "Adgangskoden er Forkert";

 

}

else

die("Denne burger findes ikke");

}

else

die("Angiv venligst brugernavn og adgangskode");

?>

 

Hope you can help me

 

- MinG

[Psycho]

And the problem is?

 

What is it supposed to do that it isn't? Errors you are getting? What?

 

 

EDIT:

It does look like your If/Else conditions are out of whack. Could you provide comments in English for the echo/die statements so we can understand what the expectations are for those branches

[mingger]

Hey thanks for the reply.

you can go to my test website here: and write some random text in the text boxes and press log in.

i watched this tutorial: http://www.youtube.com/watch?v=4oSCuEtxRK8.

here is the comments on English, i know there is something wrong with the else/if and dreamweaver says that its the else i now marked bold:

echo "You are now logged in $username"

 

}

else

echo "The password is wrong";

 

}

else

die("The user doesnt exist");

}

else

die("please write username and password.");

 

Thanks again

 

- MinG

[Psycho]

Use CODE tags when posting code.

 

You have three else statemetns in succession, but I don't see three if statement to match those up with.

[mingger]

Can you please describe it with some php code ? im new to this shit. So i dont know what to do.

 

[Psycho]

Can you please describe it with some php code ? im new to this shit. So i dont know what to do.

 

If you are new, then you should be reading the manual or some tutorial.

 

Anyway, you can have an if() statement by itself

if(1==1) { echo "foo"; }
echo "bar";
//Output: foobar

 

You can have an if() statement with ONE optional else statement

if(1==2) { echo "foo"; }
else { echo "bar"; }
//Output: bar

 

You can have an if() statemetn with multiple elseif() conditions and ONE optional else statement

if(1==2) { echo "foo"; }
elseif(1==1) { echo "bar"; }
else { echo "nada"; }
//Output: bar

 

You cannot have an if() statement with multiple else statements

if(1==2) { echo "foo"; }
else { echo "bar"; }
else { echo "nada"; }
//Output: ???? will create error

 

Here is your previous code with some modifications and comments highlighting the problems

if ($row = mysql_fetch_assoc($query))
{
   while ($row = mysql_fetch_assoc($query))
   {
      $dbusername = $row['username'];
      $dbpassword = $row['password'];
   }

   if ($username==$dbusername&&$password==$dbpassword)
   {
      echo "du er logget ind $username"
   }
   else //This else corresponds to the previous if() statement - OK
      echo "Adgangskoden er Forkert";
   
   //This curly brace and the following else do not correspond to
   //any opening brace or if() statement
   }
   else
      die("Denne burger findes ikke");
}
else //This else corresponds to the if() at the verytop of this code - OK
   die("Angiv venligst brugernavn og adgangskode");

 

You did a pretty good job of structuring your code by indenting it, but didn't quite get it right. Had you been more careful with the formatting the errors shoudl have been obvious. You also appear to have some closing curly braces (}) that don't have a corresponding opening brace. I see you don't enclose the line of code following the else statements in curly braces - and technically you don't have to if it is only a single line of code. But, IMHO, it is much easier to read the code when you always do the same thing. So, I always enclose my code-blocks after an if/elseif/else conditions within curly braces.

 

Also, that while() loop makes no sense. You are simply redefining the variables in the loop and not doing anything with them - in the loop. So, you are left with the values from the last record only. I have to assume you expect only ONE record in the query results. If so, test for one record and don't use a while() loop

 

Lastly, I think your logic is completely wrong. You don't show the query, but I assume the query is looking for records matching the username and possibly the password. So, why are you checking the returned values from the query to the username and password? The query will do that for you. You only need to check if a record was returned. The problem with checking the DB values against the user entered value is that the username will need to be an EXACT match (i.e. "myname" != "MyName"). Your DB should likely be set to do case insensitive matches.

 

Without seeing some of the previous code I can't be sure, but here is how your logic could look.

$username = trim($_POST['username']);
$password = trim($_POST['password']);

if(empty($username) || empty($password))
{
    echo "Error: Username and password are required";
}
else
{
    //Escape and prepare input values for query
    $username = mysql_real_escape_string($username);
    //Run password through your hashing method (never store in plain text)
    $password = md5($password);

    $query = "SELECT username FROM users WHERE username='{$username}' AND password='{$password}'";
    $result = mysql_query($query) or die (mysql_error());

    if(!mysql_num_rows($result))
    {
        echo "Username and/or password are incorrect.
    }
    else
    {
        echo "Login passed!";
    }
}

[mingger]

Omfg, you are amazing !!! ;b btw i watched a tutorial by phpacademy on youtube. and when the error popped up i tried to fix it, but i couldnt. so i stopped half passed the video, and searched for answers. that maybe explains some missing code.

 

Thank you again, if there is anything i can do to support you on some way, please let me know

 

- MinG