Checking username and password

[inulled]

<?php
session_start();
include("global-settings.php");
mysql_connect($dbhost, $dbuser, $dbpass)or die("Could Not Connect: " . mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$email = mysql_real_escape_string(strip_tags($_POST["email"]));
$password = sha1($_POST["password"]);
$result = mysql_query("SELECT * FROM users WHERE email = '{$email}' AND password = '{$password}'");
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$_SESSION["userid"] = $row['user_pid'];
echo "logged in";
} else {
$userid_generator = uniqid(rand(), false);
mysql_query("INSERT INTO users (user_pid, email, password, datetime_registered, is_leader) VALUES ('$userid_generator', '{$email}', '{$password}', NOW(), 'no')");
$id = mysql_insert_id();
	$leaders = mysql_query("SELECT * FROM users WHERE is_leader LIKE '%yes%'");
	while($rows = mysql_fetch_array($leaders)) {
		if ($rows['is_leader'] == 'yes') {
			$leader_id = $rows['user_pid'];
			mysql_query("INSERT IGNORE INTO friends (node1id, node2id, friends_since, friend_type)
			VALUES('$leader_id', '$userid_generator', NOW(), 'full')");
			$_SESSION["userid"] = $userid_generator;
			echo "new user created and logged in";

if(is_dir($userid_generator)) {
echo "Something wen't wrong. A bug report has been sent and we are doing what we can to fix it.";
$message = 'Registration problem on account number $userid_generator. The user succesfully registered, but there is already
a directory with the account id of $userid_generator.';
mail($bug_report_email, "Registration Bug!", $message);
} else {
mkdir('../media/User-PID{' . $userid_generator . '}', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/photos', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/backups', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/videos', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/documents', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer/apps', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer/themes', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/xml', 0777);
}

	}
}
}
?>

 

It logs in fine. It even registers fine, but how do I code it to do something if username is correct but password isn't correct?

[voip03]

This is only example

 $sql = "SELECT usename FROM USER WHERE username ='". $_POST['username']."'";
$res = mysql_query($sql);
if(!res){ 	die(" Could not query the database  : <br/>". mysql_error() ); }
$numRows =  mysql_num_rows($res);

if( $numRows != 0 )
{
	// ? check the passowrd
}
else
{
	// ! username error
}

[freelance84]

Typically it is simpler to have the "logging" script and "registering" script separate.

 

 

However, to do things your way you could:

 

1: select password from users where "WHERE email = '{$email}'"

2: if the password returned equals the value you have calculated (in the $password), then go ahead and log the user in (create the session), otherwise return with an error message saying incorrect username or password.

3. if the query returned zero results, then the email is not registered on your system, then go ahead and do as you need, register...etc

 

[inulled]

<?php
session_start();
include("global-settings.php");
mysql_connect($dbhost, $dbuser, $dbpass)or die("Could Not Connect: " . mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$email = mysql_real_escape_string(strip_tags($_POST["email"]));
$password = sha1($_POST["password"]);
$result = mysql_query("SELECT * FROM users WHERE email = '{$email}' AND password = '{$password}'");$row = mysql_fetch_array($result);

if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$_SESSION["userid"] = $row['user_pid'];
echo "logged in";
} elseif ($row['email'] == $email && $row['password'] != $password) {
echo "sorry, wrong username or password";
} elseif ($row['email'] != $email && $row['password'] != $password) {
$userid_generator = uniqid(rand(), false);
mysql_query("INSERT INTO users (user_pid, email, password, datetime_registered, is_leader) VALUES ('$userid_generator', '{$email}', '{$password}', NOW(), 'no')");
$id = mysql_insert_id();
	$leaders = mysql_query("SELECT * FROM users WHERE is_leader LIKE '%yes%'");
	while($rows = mysql_fetch_array($leaders)) {
		if ($rows['is_leader'] == 'yes') {
			$leader_id = $rows['user_pid'];
			mysql_query("INSERT IGNORE INTO friends (node1id, node2id, friends_since, friend_type)
			VALUES('$leader_id', '$userid_generator', NOW(), 'full')");
			$_SESSION["userid"] = $userid_generator;
			echo "new user created and logged in";

if(is_dir($userid_generator)) {
echo "Something wen't wrong. A bug report has been sent and we are doing what we can to fix it.";
$message = 'Registration problem on account number $userid_generator. The user succesfully registered, but there is already
a directory with the account id of $userid_generator.';
mail($bug_report_email, "Registration Bug!", $message);
} else {
mkdir('../media/User-PID{' . $userid_generator . '}', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/photos', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/backups', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/videos', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/documents', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer/apps', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer/themes', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/xml', 0777);
}

	}
}
}
?>

still no success even with this logic... The logic is probably messed up anyways. But what it is doing is if $username is correct but $password is not correct it runs the while loop which is located in the second else...if statement.