gnetuk Posted March 23, 2014 Share Posted March 23, 2014 Hi all Its me again, I been trying to get this to work for ages now on my own with no joy so I gona need a lttle help Ok I have a login page and I want the page to login and redirect to another page if the password matches a certern field. IF $_POST[pwd] = empid then goto setpass.php Just need the code as my coding is not working Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/ Share on other sites More sharing options...
ginerjm Posted March 23, 2014 Share Posted March 23, 2014 Perhaps if you did some research on the proper syntax you would see what's wrong with that line. 1 - indices of an array should have quotes around them. 2 - php variables begin with a dollar sign. Constants do not. If you are in fact using a var here, then you need to fix it. 3 - while php does offer a goto statement but you should know that the use of a 'go' or 'goto' in any language for the last 20+ years has been frowned upon. My suggestion is that you avoid using one like the plague. Structure your code properly and you will find you have no need for this anachronism and in turn you will write better, more understandable code. Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473595 Share on other sites More sharing options...
gnetuk Posted March 23, 2014 Author Share Posted March 23, 2014 $md5pass = md5($_POST['pwd']); $selectuser="SELECT empid FROM users WHERE empid='$_POST[pwd]'"; $selectuser2=mysql_query($selectuser); $selectuser3=mysql_fetch_array($selectuser2); if ($selectuser3[empid]=$_POST['pwd']) { //die ("ERROR: password is empid."); header("Location: setpass.php?msg=ERROR: you dont have the password...."); } That's was not code that was just what I wanted to do I cannot write code as im self teached php here is my code Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473603 Share on other sites More sharing options...
maxxd Posted March 23, 2014 Share Posted March 23, 2014 Couple things I see here. First off, you're encrypting the password from $_POST, but then not using it in the SQL statement. If the password data in the database table is encoded (which it should be), you'll never get a match like that. And because you're using the encrypted password as a condition in the SQL statement, it's only going to return results that match; a simple count should suffice. Check that the count in the result set is 1 and you're good to go. Finally, as ginerjm pointed out, non-numerical array indicies should be surrounded by quotes. Last but certainly not least, move to mysqli or PDO from the deprecated and soon-to-be-removed mysql library. Something like this: $md5pass = md5($_POST['pwd']); $qry = "SELECT COUNT(*) AS numUsers FROM users WHERE empid='{$md5pass}'"; $sql = mysql_query($qry); $res = mysql_fetch_array($sql); if($res['numUsers'] != 1){ header("Location: setpass.php?msg=ERROR: you dont have the password...."); } Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473611 Share on other sites More sharing options...
gnetuk Posted March 23, 2014 Author Share Posted March 23, 2014 hi im going to try it out but its if the empid maches the password they use to login with basicly the user registerd there password is there empid then when they login with there $_post pwd wich is not in md5 format if it is the same as empd then togo to the setpass page. see what I mean the md5 will always be encrypted that's a seprrate field in my db Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473632 Share on other sites More sharing options...
maxxd Posted March 23, 2014 Share Posted March 23, 2014 So basically you're (not eactly, but kind of) creating a temporary password that matches the user name when a user registers, right? In that case, don't bother encrypting the _POST['pwd'] value before you do the comparison. The rest of it should work for you, though - you've got the empid already, so there's not really a need to pull that from the database before you redirect the user; this means a simple count should still work as described above with only a couple tweaks. You may want to extend this to select only records where empid == $_POST['pwd'] and your password field is empty - this could help disambiguate the record and also make certain it's a new user that has a user name but not a password. However, that's internal business logic and not my place (I just thought I'd throw it out there). $qry = "SELECT COUNT(*) AS numUsers FROM users WHERE empid='{$_POST['pwd']}'"; $sql = mysql_query($qry); $res = mysql_fetch_array($sql); if($res['numUsers'] == 1){ header("Location: setpass.php?msg=ERROR: you dont have the password...."); } Please note the above does not even begin to deal with any database safety and I wouldn't ever recommend putting a user-submitted value directly into a query string without some sort of sanitization. Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473633 Share on other sites More sharing options...
gnetuk Posted March 23, 2014 Author Share Posted March 23, 2014 you got it bro the password is there empid but they should be promped to change it at first login, no flaws in anyones code here but I sill not getting my desired result. Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473637 Share on other sites More sharing options...
maxxd Posted March 23, 2014 Share Posted March 23, 2014 Weird - what's happening now? Is it not redirecting at all or is it throwing an error? Try var_dump()'ing $res as well as printing the $qry string just to make sure you've got everything you need. I'm assuming you've got error_reporting() turned on and set to report all errors, right? Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473638 Share on other sites More sharing options...
gnetuk Posted March 24, 2014 Author Share Posted March 24, 2014 } $pwd = ($_POST['pwd']); $qry = "SELECT empid FROM users WHERE empid='{$pwd}'"; $sql = mysql_query($qry); $res = mysql_fetch_array($sql); if($res['pwd'] != 1){ header("Location: setpass.php?msg=ERROR: you dont have the password...."); }else // all this dose it make evey user whos empid dose not match goto the setpass.php (I only want users that match to go to promt them to change threre password) { header("Location: myaccount.php"); } //echo "Logged in..."; Hi when the user enters there password in the pwd field I need the sql to check the empid in the database (this is not md5 encrypted) then if the empid = the post password they enterd then it will goto the promt to change the password. Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473689 Share on other sites More sharing options...
Psycho Posted March 24, 2014 Share Posted March 24, 2014 (edited) You need to take your time and really understand what you are doing. Programming is an exacting science. $qry = "SELECT empid FROM users WHERE empid='{$pwd}'"; $sql = mysql_query($qry); $res = mysql_fetch_array($sql); if($res['pwd'] != 1){ Look at what the query is SELECTing. Then, look at what you are comparing in the if() condition. You are checking the value of $res['pwd'] which was not included in the SELECT statement. So, that index does not exist - thus $res['pwd'] will always be NULL. Further, the condition check makes no sense. Even if you did select 'pwd' wouldn't it always be something other than 1? You should be checking the count of the records returned - not the value of the record that was returned. $query = "SELECT empid FROM users WHERE empid='{$pwd}'"; $result = mysql_query($query); if(!mysql_num_rows($result)) { header("Location: setpass.php?msg=ERROR: you dont have the password...."); } else { //Password matches an employee ID Edited March 24, 2014 by Psycho Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473691 Share on other sites More sharing options...
maxxd Posted March 24, 2014 Share Posted March 24, 2014 Psycho's correct - don't select the actual empid, select the count of returned records. Check the SQL in post #6 to see the difference in the SELECT line, or use mysql_num_rows() as in the post above. Either way, make sure you're comparing integer to integer, and you should optimally only get one returned row in the recordset. Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473704 Share on other sites More sharing options...
gnetuk Posted March 24, 2014 Author Share Posted March 24, 2014 ////////////////////////////////////phyco copy right }else $pwd = ($_POST['pwd']); $query = "SELECT empid FROM users WHERE empid=$pwd"; $result = mysql_query($query); if(!mysql_num_rows($result)) { header("Location: setpass.php?msg=ERROR: you dont have the password...."); }else //Password matches an employee ID thanks to phyco//////////////////////////////////////////// //this forum is the best, ill be honest I know very little about //php apart from asking you guys for code I do understand but its //hard for me as I can only read it atm im still gona plod along //best I can.......... //Phyco you did it here's my bit I added that worked (and I wont //be lazy education like u gave is far better than someone just //handing it me on a plate) Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473706 Share on other sites More sharing options...
gnetuk Posted March 24, 2014 Author Share Posted March 24, 2014 couldn't paste all that that I wrote gona get me a beer. this forum is ace love it!!!!!!!!!!!!! Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473708 Share on other sites More sharing options...
gnetuk Posted March 25, 2014 Author Share Posted March 25, 2014 Oh this is only working for letter atm, and not numbers. Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473809 Share on other sites More sharing options...
Psycho Posted March 25, 2014 Share Posted March 25, 2014 What type of field is the empid in the database? Are the letter values there? Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473817 Share on other sites More sharing options...
gnetuk Posted March 25, 2014 Author Share Posted March 25, 2014 varchar(200) latin1_general_ci No is this it? Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473818 Share on other sites More sharing options...
gnetuk Posted March 25, 2014 Author Share Posted March 25, 2014 also i have noticed that it will only work if there employee id = 1 the number any tother number or letter makes the setpass.php load and that sould only load if there password matches the empid. Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473834 Share on other sites More sharing options...
Psycho Posted March 25, 2014 Share Posted March 25, 2014 varchar(200) latin1_general_ci No is this it? So, does the "No" above mean you don't see the employee IDs in the database as you would expect? If so, then that would definitely be why using the other employee IDs is not generating the result you want. And, why the hell would you need a 300 character field for employee IDs? Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473836 Share on other sites More sharing options...
gnetuk Posted March 25, 2014 Author Share Posted March 25, 2014 (edited) im not sure whats happening but if my password is 1 thats the only time it will not ask to change the pass. Edited March 25, 2014 by gnetuk Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473837 Share on other sites More sharing options...
gnetuk Posted March 25, 2014 Author Share Posted March 25, 2014 ////////////////////////////////////phyco copy right } else $pwd = ($_POST['pwd']); $query = "SELECT empid FROM users WHERE $pwd='empid'"; $result = mysql_query($query); if ($pwd=$result) { header("Location: setpass.php?msg=ERROR: you dont have the password...."); }else sorry to spam this is working now as long as the first charickor in the empid field has one letter it will work is it my sql table that's causing the problem? Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473863 Share on other sites More sharing options...
Ch0cu3r Posted March 25, 2014 Share Posted March 25, 2014 That code makes not sense at all. Why have you changed from phyco's original code posted here? Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473877 Share on other sites More sharing options...
maxxd Posted March 26, 2014 Share Posted March 26, 2014 You've got a couple things wrong here, I think. Try this: $pwd = ($_POST['pwd']); $query = "SELECT empid FROM users WHERE empid='{$pwd}'"; $sql = mysql_query($query); $result = mysql_fetch_assoc($sql); if ($pwd == $result['empid']) { header("Location: setpass.php?msg=ERROR: you dont have the password...."); } First off, the SQL was a bit malformed - on line 5 it looks like you're using the value in $pwd as the column header, and the value has to by 'empid'. You're also not actually getting the result set from the query process. By calling mysql_fetch_assoc(), you're putting the result set into an associative array (line 7). You were also using the assignment operator (=) in your comparator on line 9. Use the comparison operator (==). Quote Link to comment https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473983 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.