Revil_Wevil Posted August 13, 2013 Share Posted August 13, 2013 i have been working on minor project this is login script of that page i am facing some problem i want to echo if user name password and category both 3 conditions dont match with error "wrong username/password" in form i have tried everything as per my knowledge please help me in this i am new to php so dont have much experience and knowledge of php <?php$msg=''; $con=mysql_connect('localhost','root',''); if(!$con) { die("Error While connecting......."); } else { mysql_select_db("sms",$con); if(isset($_POST['btnlog'])) { $res=mysql_query("select * from tbl_login where un='".$_POST['username']."' and pw='".$_POST['password']."' and cat='".$_POST['cat']."'"); while($r=mysql_fetch_array($res)) { mail("notification@receiver.com".$_POST['username']."Successfully Logged In"."From:notification@sender.com"); if($r['cat']=="admin") header("Location:admin/admin.php"); elseif($r['cat']=="faculty") header("Location:faculty/faculty.php"); else $msg="Incorrect Username/Password"; } } }?><body><section class="login_container"> <div class="login_box"> <h1>Login</h1> <form method="post"> <center><?php echo $msg; ?></center> <p><input type="text" name="username" value="" placeholder="Username"></p> <p><input type="password" name="password" value="" placeholder="Password"></p> <center><select class="select" name="cat">Category <option selected="selected">Select A Category</option> <option value="admin">Administrator</option> <option value="faculty">Faculty</option> </select></center> <p class="submit"><input type="submit" name="btnlog" value="Login"> <input type="reset" value="Clear" /></p> </form> </div> </section> Quote Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/ Share on other sites More sharing options...
davidannis Posted August 13, 2013 Share Posted August 13, 2013 (edited) Not sure what this is doing wrong but... A few suggestions: You need a space after Location: in the header() Use mysqli instead of mysql sanitize your data to prevent SQL injection attacks $password=mysqli_real_escpe_string($con, $_POST['password']) salt and hash your passwords so they are not stored in the clear. when posting here put code in code tags (the <> symbol in the editor) Edited August 13, 2013 by davidannis Quote Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/#findComment-1444881 Share on other sites More sharing options...
davidannis Posted August 13, 2013 Share Posted August 13, 2013 also your mail() function is wrong. You need to separate the to, subject, and body with commas. To change the from, you need to use headers as a fourth parameter Quote Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/#findComment-1444884 Share on other sites More sharing options...
Matt_C Posted August 13, 2013 Share Posted August 13, 2013 Hey, you have a lot of problems in your code, spend a little time and go check out some resources on what you are trying to do. http://w3schools.com/php/ has all the basics and more. Doing this will help you quicker than we can and you will become a better developer over all. Try setting out your connections and queries better, get into some good habits. <?php define("DB_SERVER", "server"); define("DB_USER", "username"); define("DB_PASS", "password"); define("DB_NAME", "database_name"); $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME); if(mysqli_connect_errno()) { die("Database connection failed: " . mysqli_connect_error() . " (" . mysqli_connect_errno() . ")" ); } // set queries up like this $query = "SELECT * "; $query .= "FROM table_name "; $query .= "ORDER BY value ASC"; // query the database $data_set = mysqli_query($connection, $query); confirm_query($data_set); // use the results while($upload = mysqli_fetch_assoc($data_set)) { // do something here } function confirm_query($result_set) { if (!$result_set) { die("Database query failed."); } } ?> I could also achieve the same with oop and set up a class and some class methods for crud. class DatabaseObject { public static function find_all() { return static::find_by_sql("SELECT * FROM ".static::$table_name); } public static function find_by_id($id=0) { global $database; $result_array = static::find_by_sql("SELECT * FROM ".static::$table_name." WHERE id=".$database->escape_value($id)." LIMIT 1"); return !empty($result_array) ? array_shift($result_array) : false; } public static function find_by_sql($sql="") { global $database; $result_set = $database->query($sql); $object_array = array(); while ($row = $database->fetch_array($result_set)) { $object_array[] = static::instantiate($row); } return $object_array; } public static function count_all() { global $database; $sql = "SELECT COUNT(*) FROM ".static::$table_name; $result_set = $database->query($sql); $row = $database->fetch_array($result_set); return array_shift($row); } private static function instantiate($record) { // Could check that $record exists and is an array $class_name = get_called_class(); $object = new $class_name; foreach($record as $attribute=>$value){ if($object->has_attribute($attribute)) { $object->$attribute = $value; } } return $object; } private function has_attribute($attribute) { // We don't care about the value, we just want to know if the key exists // Will return true or false return array_key_exists($attribute, $this->attributes()); } protected function attributes() { // return an array of attribute names and their values $attributes = array(); foreach(static::$db_fields as $field) { if(property_exists($this, $field)) { $attributes[$field] = $this->$field; } } return $attributes; } public function save() { // A new record won't have an id yet. return isset($this->id) ? $this->update() : $this->create(); } protected function sanitized_attributes() { global $database; $clean_attributes = array(); // sanitize the values before submitting // Note: does not alter the actual value of each attribute foreach($this->attributes() as $key => $value){ $clean_attributes[$key] = $database->escape_value($value); } return $clean_attributes; } public function create() { global $database; $attributes = $this->sanitized_attributes(); $sql = "INSERT INTO ".static::$table_name." ("; $sql .= join(", ", array_keys($attributes)); $sql .= ") VALUES ('"; $sql .= join("', '", array_values($attributes)); $sql .= "')"; if($database->query($sql)) { $this->id = $database->insert_id(); return true; } else { return false; } } public function update() { global $database; $attributes = $this->sanitized_attributes(); $attribute_pairs = array(); foreach($attributes as $key => $value) { $attribute_pairs[] = "{$key}='{$value}'"; } $sql = "UPDATE ".static::$table_name." SET "; $sql .= join(", ", $attribute_pairs); $sql .= " WHERE id=". $database->escape_value($this->id); $database->query($sql); return ($database->affected_rows() == 1) ? true : false; } public function delete() { global $database; $sql = "DELETE FROM ".static::$table_name; $sql .= " WHERE id=". $database->escape_value($this->id); $sql .= " LIMIT 1"; $database->query($sql); return ($database->affected_rows() == 1) ? true : false; } } Quote Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/#findComment-1444886 Share on other sites More sharing options...
Matt_C Posted August 13, 2013 Share Posted August 13, 2013 P.s don't try and just copy and paste my code, you are missing includes like the const file and database class and it will not work. Just trying to push you in the right direction, working it out on your own will be far more rewarding. Good luck Quote Link to comment https://forums.phpfreaks.com/topic/281140-need-little-help-php-while-loop-condition/#findComment-1444889 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.