IlaminiAyebatonyeDagogo Posted October 20, 2013 Share Posted October 20, 2013 (edited) My Boss Good day and Good day evry1 in here happy Sunday. i have a php script dat is suposse to register users into a database. bt 1st i want it to chk d user password with a pin code in the data base and the user password and if my db pin match den we add the user details to the database else we echo an error bt i dnt seem to b getting it. please help me dis d php script: $connect=mysql_connect("$host","$user","$password") or die("Bross why na, change the localhost to example site.com without www. "); $select=mysql_select_db("$db_name") or die("dagogo change the db"); //collection data from registration form and processing encrypting it $first_name=($_POST["First_Name"]);//user 1st name $last_name=($_POST["Last_Name"]);//user last name $username=($_POST["UserName"]);//user special User name $phone=($_POST["Phone"]);//user phone number $email=($_POST["email"]);//user email address $password=($_POST["password"]);//user password //checking the pin with pin in the database $query=mysql_query("SELECT * FROM pin_code WHERE pin='$password'"); $numrows=mysql_num_rows($query); if($numrows!=0) { while($row =mysql_fetch_assoc($query)) { $dbpassword=$row['pin']; } if($password==$dbpassword) { //inserting the form details into the database. mysql_query("INSERT INTO users(first_name,last_name,username,phone,email,password)VALUES('$first_name','$last_name','$username','$phone','$email','$password')")or die ("Registration failed"); } } else { echo"dagogo"; } its echos d error dagogo even wen i put in the right pin please help PARAMETERS $row['pin'] is d field in d database table ie pin Edited October 20, 2013 by IlaminiAyebatonyeDagogo Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 20, 2013 Share Posted October 20, 2013 Is the pin code the same as the users password? $query=mysql_query("SELECT * FROM pin_code WHERE pin='$password'"); The above query will select records where the pin matches $password Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 (edited) yes it is dey are suppose 2 pay 4 pin code and use as dere password wen registring Edited October 20, 2013 by IlaminiAyebatonyeDagogo Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 20, 2013 Share Posted October 20, 2013 (edited) Sorry, please post in full English not text speak. yes it is dey are suppose 2 pay 4 pin code and use as dere password wen registring I don't understand that. please give examples. Edited October 20, 2013 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 ohh am sorry you ask if: Is the pin code the same as the users password? I answered Yes. Reason been that they will buy the pin code from web master and use then use it as their password when registering on the site and the pin code will be inserted into the database. so when the user buy a database inserted pincode he use it as it password and then register with it. so he will be allowed bcos d pin code is in the database Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted October 20, 2013 Share Posted October 20, 2013 You're getting the dagogo message because the following query is not returning any results where the pin matches the entered pass code ($password). $query=mysql_query("SELECT * FROM pin_code WHERE pin='$password'"); How are you storing the pin codes in the pin_code table? Can you provide an example of what your pin codes look like. Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 You're getting the dagogo message because the following query is not returning any results where the pin matches the entered pass code ($password). $query=mysql_query("SELECT * FROM pin_code WHERE pin='$password'"); How are you storing the pin codes in the pin_code table? Can you provide an example of what your pin codes look like. pin is name of field in the pin_code and then add a dumie data say 1234dagogo now wen am registring i would use 1234dagogo as d password and on my database pin_code is the table which u know and pin is the name of the field Quote Link to comment Share on other sites More sharing options...
Barand Posted October 20, 2013 Share Posted October 20, 2013 Your code searches for rows where pin = password then goes on to check if the pin in found rows is equal to the password. Waste if time - if it finds them they must be equal. Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 what is wrong it i knw dat is wot it dos Quote Link to comment Share on other sites More sharing options...
alpine Posted October 20, 2013 Share Posted October 20, 2013 You are overcomplicating things, something like this <?php $query = mysql_query("SELECT * FROM pin_code WHERE pin = '".htmlspecialchars($password, ENT_QUOTES)."'"); if(mysql_num_rows($query) == '1'){ // Pin found - create user with kung-fu query } else{ echo 'Pin not found'; } ?> Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 THANKS 1st man to paste a Script Thanks a lot am greatful Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 (edited) same tin nt working alpine thanks again bt it didnt wok Edited October 20, 2013 by IlaminiAyebatonyeDagogo Quote Link to comment Share on other sites More sharing options...
Solution alpine Posted October 20, 2013 Solution Share Posted October 20, 2013 (edited) You need to debug your submitted formdata as you encounter problems, and make sure the pin actually exists in database AND that it isnt encrypted in any way. If its stored encrypted, you need to encrypt the posted password in order to match them! Also, this example looks for ONE record of that exact pin code, if its stored several pins with the same value in db, this query will fail !! <?php $query = mysql_query("SELECT * FROM pin_code WHERE pin = '".htmlspecialchars($password, ENT_QUOTES)."'"); if(mysql_num_rows($query) == '1'){ // Pin found - create user with kung-fu query } else{ echo '<p>Pin not found</p>'; echo '<p>Posted Pin: '.$password.'</p>; // <--- is this displayed value the exact value stored in db ???? } ?> Edited October 20, 2013 by alpine Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 ooooookkkk u r tooo goood my master i encrypt my form pass and the database pin is not i think dat z d cos i av applied ur method and it work Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 now i av hash only my insert into database and unhash my compare with pin alpine u r a pure genius Quote Link to comment Share on other sites More sharing options...
IlaminiAyebatonyeDagogo Posted October 20, 2013 Author Share Posted October 20, 2013 Alpine i love you am very greatful you dnt knw what you have done for me am very happy. thank we have you in this forum Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.