Login Checking Error

shebbycs · January 9, 2012

<?php
    session_start();
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());
    $username = $_POST['username'];
    $_POST['pass'] = md5($_POST['pass']);
    $password = $_POST['pass'];
    if (isset($_POST["submit"]))
    {
     $log1 = "SELECT * FROM regis WHERE username = '$username'";
     $login1 = mysql_query($log1);
     $log2 = "SELECT * FROM regis WHERE password = '$password'";
     $login2 = mysql_query($log2);
     $log3 = "SELECT * FROM regis WHERE username = '$username' AND password = '$password'";
     $login3 = mysql_query($log3);
     $row = mysql_fetch_array($login3);
     $number = mysql_num_rows($login3);

     if($login1==FALSE)
     {
       echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('This.$username.is not available.')</SCRIPT>");
     }
     if($login2==FALSE)
     {
       echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('This.$password.is incorrect.')</SCRIPT>");
     }
     if ($number == 0)
     {
      print "This user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>";
     }
     if ($number > 0)
     {
        $_SESSION['username'] = $row['username'];
        $_SESSION['password'] = $row['password'];
        $_SESSION['userlevel'] = $row['userlevel'];
        $_SESSION['is_logged_in'] = 1;


        if($_SESSION['userlevel']==1)
       {
         $_SESSION['is_logged_in'] = 1;
         header("Location: form2.php");
       }
        else if($_SESSION['userlevel']== 0)
       {
         $_SESSION['is_logged_in'] = 1;
         header("Location: form3.php");
       }
       }

    }

    else
    {


?>
<html>
<head>
<script type="text/javascript">
function a()
{
   var x = document.login.username.value;
   var y = document.login.pass.value;

   if(x==""&& y=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
}
</script>
</head>



<body>
<center>
<table border="0" align="center">
<form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onsubmit="return a()">
<tr><td colspan=2><center><h1>Login</h1></center></td></tr>
<tr><td>Username:<input type="text" name="username" maxlength="40"></td></tr>
<tr><td>Password:<input type="password" name="pass" maxlength="50"></td></tr>
<tr align=center><td><input type="button" value="Register" ONCLICK="window.location.href='registration.php'"></a>
<input type="submit" name="submit" value="Login"></td>

</tr>
</form>
</center>
</body>
<?php

  }



?>

this is login code as im want it show the error if i put any username or password error but instead it will directly show this error "if ($number == 0)

{

print "This user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>";

}

"

but im want to show this if($login1==FALSE)

{

echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('This.$username.is not available.')</SCRIPT>");

}

if($login2==FALSE)

{

echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('This.$password.is incorrect.')</SCRIPT>");

}

error first.

may i know which code or if statement im put wrong

Muddy_Funster · January 9, 2012

you should never SELECT * from a user information table. You should never SELECT password information from a user information table. you should never store password information in plain text format.

That said, try doing a print_r($login1) and see what you get, It's not what you think it is.

Sign In

Login Checking Error

Recommended Posts

shebbycs

Link to comment

Share on other sites

Muddy_Funster

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information