Revil_Wevil Posted August 13, 2013 Share Posted August 13, 2013 i have been working on minor project this is login script of that page i am facing some problem i want to echo if user name password and category both 3 conditions dont match with error "wrong username/password" in form i have tried everything as per my knowledge please help me in this i am new to php so dont have much experience and knowledge of php <?php$msg=''; $con=mysql_connect('localhost','root',''); if(!$con) { die("Error While connecting......."); } else { mysql_select_db("sms",$con); if(isset($_POST['btnlog'])) { $res=mysql_query("select * from tbl_login where un='".$_POST['username']."' and pw='".$_POST['password']."' and cat='".$_POST['cat']."'"); while($r=mysql_fetch_array($res)) { mail("[email protected]".$_POST['username']."Successfully Logged In"."From:[email protected]"); if($r['cat']=="admin") header("Location:admin/admin.php"); elseif($r['cat']=="faculty") header("Location:faculty/faculty.php"); else $msg="Incorrect Username/Password"; } } }?><body><section class="login_container"> <div class="login_box"> <h1>Login</h1> <form method="post"> <center><?php echo $msg; ?></center> <p><input type="text" name="username" value="" placeholder="Username"></p> <p><input type="password" name="password" value="" placeholder="Password"></p> <center><select class="select" name="cat">Category <option selected="selected">Select A Category</option> <option value="admin">Administrator</option> <option value="faculty">Faculty</option> </select></center> <p class="submit"><input type="submit" name="btnlog" value="Login"> <input type="reset" value="Clear" /></p> </form> </div> </section> Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/ Share on other sites More sharing options...
davidannis Posted August 13, 2013 Share Posted August 13, 2013 Not sure what this is doing wrong but... A few suggestions: You need a space after Location: in the header() Use mysqli instead of mysql sanitize your data to prevent SQL injection attacks $password=mysqli_real_escpe_string($con, $_POST['password']) salt and hash your passwords so they are not stored in the clear. when posting here put code in code tags (the <> symbol in the editor) Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/#findComment-1444881 Share on other sites More sharing options...
davidannis Posted August 13, 2013 Share Posted August 13, 2013 also your mail() function is wrong. You need to separate the to, subject, and body with commas. To change the from, you need to use headers as a fourth parameter Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/#findComment-1444884 Share on other sites More sharing options...
Matt_C Posted August 13, 2013 Share Posted August 13, 2013 Hey, you have a lot of problems in your code, spend a little time and go check out some resources on what you are trying to do. http://w3schools.com/php/ has all the basics and more. Doing this will help you quicker than we can and you will become a better developer over all. Try setting out your connections and queries better, get into some good habits. <?php define("DB_SERVER", "server"); define("DB_USER", "username"); define("DB_PASS", "password"); define("DB_NAME", "database_name"); $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME); if(mysqli_connect_errno()) { die("Database connection failed: " . mysqli_connect_error() . " (" . mysqli_connect_errno() . ")" ); } // set queries up like this $query = "SELECT * "; $query .= "FROM table_name "; $query .= "ORDER BY value ASC"; // query the database $data_set = mysqli_query($connection, $query); confirm_query($data_set); // use the results while($upload = mysqli_fetch_assoc($data_set)) { // do something here } function confirm_query($result_set) { if (!$result_set) { die("Database query failed."); } } ?> I could also achieve the same with oop and set up a class and some class methods for crud. class DatabaseObject { public static function find_all() { return static::find_by_sql("SELECT * FROM ".static::$table_name); } public static function find_by_id($id=0) { global $database; $result_array = static::find_by_sql("SELECT * FROM ".static::$table_name." WHERE id=".$database->escape_value($id)." LIMIT 1"); return !empty($result_array) ? array_shift($result_array) : false; } public static function find_by_sql($sql="") { global $database; $result_set = $database->query($sql); $object_array = array(); while ($row = $database->fetch_array($result_set)) { $object_array[] = static::instantiate($row); } return $object_array; } public static function count_all() { global $database; $sql = "SELECT COUNT(*) FROM ".static::$table_name; $result_set = $database->query($sql); $row = $database->fetch_array($result_set); return array_shift($row); } private static function instantiate($record) { // Could check that $record exists and is an array $class_name = get_called_class(); $object = new $class_name; foreach($record as $attribute=>$value){ if($object->has_attribute($attribute)) { $object->$attribute = $value; } } return $object; } private function has_attribute($attribute) { // We don't care about the value, we just want to know if the key exists // Will return true or false return array_key_exists($attribute, $this->attributes()); } protected function attributes() { // return an array of attribute names and their values $attributes = array(); foreach(static::$db_fields as $field) { if(property_exists($this, $field)) { $attributes[$field] = $this->$field; } } return $attributes; } public function save() { // A new record won't have an id yet. return isset($this->id) ? $this->update() : $this->create(); } protected function sanitized_attributes() { global $database; $clean_attributes = array(); // sanitize the values before submitting // Note: does not alter the actual value of each attribute foreach($this->attributes() as $key => $value){ $clean_attributes[$key] = $database->escape_value($value); } return $clean_attributes; } public function create() { global $database; $attributes = $this->sanitized_attributes(); $sql = "INSERT INTO ".static::$table_name." ("; $sql .= join(", ", array_keys($attributes)); $sql .= ") VALUES ('"; $sql .= join("', '", array_values($attributes)); $sql .= "')"; if($database->query($sql)) { $this->id = $database->insert_id(); return true; } else { return false; } } public function update() { global $database; $attributes = $this->sanitized_attributes(); $attribute_pairs = array(); foreach($attributes as $key => $value) { $attribute_pairs[] = "{$key}='{$value}'"; } $sql = "UPDATE ".static::$table_name." SET "; $sql .= join(", ", $attribute_pairs); $sql .= " WHERE id=". $database->escape_value($this->id); $database->query($sql); return ($database->affected_rows() == 1) ? true : false; } public function delete() { global $database; $sql = "DELETE FROM ".static::$table_name; $sql .= " WHERE id=". $database->escape_value($this->id); $sql .= " LIMIT 1"; $database->query($sql); return ($database->affected_rows() == 1) ? true : false; } } Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/#findComment-1444886 Share on other sites More sharing options...
Matt_C Posted August 13, 2013 Share Posted August 13, 2013 P.s don't try and just copy and paste my code, you are missing includes like the const file and database class and it will not work. Just trying to push you in the right direction, working it out on your own will be far more rewarding. Good luck Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/#findComment-1444889 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.