Jump to content

Checking username and password


inulled
 Share

Recommended Posts

<?php
session_start();
include("global-settings.php");
mysql_connect($dbhost, $dbuser, $dbpass)or die("Could Not Connect: " . mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$email = mysql_real_escape_string(strip_tags($_POST["email"]));
$password = sha1($_POST["password"]);
$result = mysql_query("SELECT * FROM users WHERE email = '{$email}' AND password = '{$password}'");
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$_SESSION["userid"] = $row['user_pid'];
echo "logged in";
} else {
$userid_generator = uniqid(rand(), false);
mysql_query("INSERT INTO users (user_pid, email, password, datetime_registered, is_leader) VALUES ('$userid_generator', '{$email}', '{$password}', NOW(), 'no')");
$id = mysql_insert_id();
	$leaders = mysql_query("SELECT * FROM users WHERE is_leader LIKE '%yes%'");
	while($rows = mysql_fetch_array($leaders)) {
		if ($rows['is_leader'] == 'yes') {
			$leader_id = $rows['user_pid'];
			mysql_query("INSERT IGNORE INTO friends (node1id, node2id, friends_since, friend_type)
			VALUES('$leader_id', '$userid_generator', NOW(), 'full')");
			$_SESSION["userid"] = $userid_generator;
			echo "new user created and logged in";

if(is_dir($userid_generator)) {
echo "Something wen't wrong. A bug report has been sent and we are doing what we can to fix it.";
$message = 'Registration problem on account number $userid_generator. The user succesfully registered, but there is already
a directory with the account id of $userid_generator.';
mail($bug_report_email, "Registration Bug!", $message);
} else {
mkdir('../media/User-PID{' . $userid_generator . '}', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/photos', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/backups', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/videos', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/documents', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer/apps', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer/themes', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/xml', 0777);
}

	}
}
}
?>

 

It logs in fine. It even registers fine, but how do I code it to do something if username is correct but password isn't correct?

Link to comment
Share on other sites

This is only example

 $sql = "SELECT usename FROM USER WHERE username ='". $_POST['username']."'";
$res = mysql_query($sql);
if(!res){ 	die(" Could not query the database  : <br/>". mysql_error() ); }
$numRows =  mysql_num_rows($res);

if( $numRows != 0 )
{
	// ? check the passowrd
}
else
{
	// ! username error
}

Link to comment
Share on other sites

Typically it is simpler to have the "logging" script and "registering" script separate.

 

 

However, to do things your way you could:

 

1: select password from users where "WHERE email = '{$email}'"

2: if the password returned equals the value you have calculated (in the $password), then go ahead and log the user in (create the session), otherwise return with an error message saying incorrect username or password.

3. if the query returned zero results, then the email is not registered on your system, then go ahead and do as you need, register...etc

 

Link to comment
Share on other sites

<?php
session_start();
include("global-settings.php");
mysql_connect($dbhost, $dbuser, $dbpass)or die("Could Not Connect: " . mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$email = mysql_real_escape_string(strip_tags($_POST["email"]));
$password = sha1($_POST["password"]);
$result = mysql_query("SELECT * FROM users WHERE email = '{$email}' AND password = '{$password}'");$row = mysql_fetch_array($result);

if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$_SESSION["userid"] = $row['user_pid'];
echo "logged in";
} elseif ($row['email'] == $email && $row['password'] != $password) {
echo "sorry, wrong username or password";
} elseif ($row['email'] != $email && $row['password'] != $password) {
$userid_generator = uniqid(rand(), false);
mysql_query("INSERT INTO users (user_pid, email, password, datetime_registered, is_leader) VALUES ('$userid_generator', '{$email}', '{$password}', NOW(), 'no')");
$id = mysql_insert_id();
	$leaders = mysql_query("SELECT * FROM users WHERE is_leader LIKE '%yes%'");
	while($rows = mysql_fetch_array($leaders)) {
		if ($rows['is_leader'] == 'yes') {
			$leader_id = $rows['user_pid'];
			mysql_query("INSERT IGNORE INTO friends (node1id, node2id, friends_since, friend_type)
			VALUES('$leader_id', '$userid_generator', NOW(), 'full')");
			$_SESSION["userid"] = $userid_generator;
			echo "new user created and logged in";

if(is_dir($userid_generator)) {
echo "Something wen't wrong. A bug report has been sent and we are doing what we can to fix it.";
$message = 'Registration problem on account number $userid_generator. The user succesfully registered, but there is already
a directory with the account id of $userid_generator.';
mail($bug_report_email, "Registration Bug!", $message);
} else {
mkdir('../media/User-PID{' . $userid_generator . '}', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/photos', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/backups', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/videos', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/documents', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer/apps', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/developer/themes', 0777);
mkdir('../media/User-PID{' . $userid_generator . '}/xml', 0777);
}

	}
}
}
?>

still no success even with this logic... The logic is probably messed up anyways. But what it is doing is if $username is correct but $password is not correct it runs the while loop which is located in the second else...if statement.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.