Jump to content

Recommended Posts

Hi all

 

Its me again, I been trying to get this to work for ages now on my own with no joy so I gona need a lttle help

 

Ok I have a login page and I want the page to login and redirect to another page if the password matches a certern field.

 

IF $_POST[pwd] = empid

 

then goto setpass.php

 

 

Just need the code as my coding is not working

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/
Share on other sites

Perhaps if you did some research on the proper syntax you would see what's wrong with that line.

 

1 - indices of an array should have quotes around them.

 

2 - php variables begin with a dollar sign.  Constants do not.  If you are in fact using a var here, then you need to fix it.

 

3 -  while php does offer a goto statement but you should know that the use of a 'go' or 'goto' in any language for the last 20+ years has been frowned upon.  My suggestion is that you avoid using one like the plague.  Structure your code properly and you will find you have no need for this anachronism and in turn you will write better, more understandable code. 

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473595
Share on other sites

 $md5pass = md5($_POST['pwd']);

$selectuser="SELECT empid FROM users WHERE empid='$_POST[pwd]'";
$selectuser2=mysql_query($selectuser);
$selectuser3=mysql_fetch_array($selectuser2);

if ($selectuser3[empid]=$_POST['pwd'])
	{	
	//die ("ERROR: password is empid.");
	header("Location: setpass.php?msg=ERROR: you dont have the password....");
	
    
  
}

That's was not code that was just what I wanted to do I cannot write code as im self teached php

 

here is my code

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473603
Share on other sites

Couple things I see here. First off, you're encrypting the password from $_POST, but then not using it in the SQL statement. If the password data in the database table is encoded (which it should be), you'll never get a match like that. And because you're using the encrypted password as a condition in the SQL statement, it's only going to return results that match; a simple count should suffice. Check that the count in the result set is 1 and you're good to go. Finally, as ginerjm pointed out, non-numerical array indicies should be surrounded by quotes. Last but certainly not least, move to mysqli or PDO from the deprecated and soon-to-be-removed mysql library.

 

Something like this:

$md5pass = md5($_POST['pwd']);
$qry = "SELECT COUNT(*) AS numUsers
        FROM users
        WHERE empid='{$md5pass}'";
$sql = mysql_query($qry);
$res = mysql_fetch_array($sql);
if($res['numUsers'] != 1){
    header("Location: setpass.php?msg=ERROR: you dont have the password....");
}
Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473611
Share on other sites

hi im going to try it out but its if the empid maches the password they use to login with

 

basicly the user registerd there  password is there empid then when they login with there $_post pwd wich is not in md5 format if it is the same as empd then togo to the setpass page.

 

see what I mean the md5 will always be encrypted that's  a seprrate field in my db

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473632
Share on other sites

So basically you're (not eactly, but kind of) creating a temporary password that matches the user name when a user registers, right? In that case, don't bother encrypting the _POST['pwd'] value before you do the comparison. The rest of it should work for you, though - you've got the empid already, so there's not really a need to pull that from the database before you redirect the user; this means a simple count should still work as described above with only a couple tweaks. You may want to extend this to select only records where empid == $_POST['pwd'] and your password field is empty - this could help disambiguate the record and also make certain it's a new user that has a user name but not a password. However, that's internal business logic and not my place (I just thought I'd throw it out there).

$qry = "SELECT COUNT(*) AS numUsers
        FROM users
        WHERE empid='{$_POST['pwd']}'";
$sql = mysql_query($qry);
$res = mysql_fetch_array($sql);
if($res['numUsers'] == 1){
    header("Location: setpass.php?msg=ERROR: you dont have the password....");
}

Please note the above does not even begin to deal with any database safety and I wouldn't ever recommend putting a user-submitted value directly into a query string without some sort of sanitization.

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473633
Share on other sites

Weird - what's happening now? Is it not redirecting at all or is it throwing an error? Try var_dump()'ing $res as well as printing the $qry string just to make sure you've got everything you need. I'm assuming you've got error_reporting() turned on and set to report all errors, right?

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473638
Share on other sites

		}

$pwd = ($_POST['pwd']);
$qry = "SELECT empid
        FROM users
        WHERE empid='{$pwd}'";
$sql = mysql_query($qry);
$res = mysql_fetch_array($sql);
if($res['pwd'] != 1){
    header("Location: setpass.php?msg=ERROR: you dont have the password....");
}else
// all this dose it make evey user whos empid dose not match goto the setpass.php (I only want users that match to go to promt them to change threre password)

		{

		header("Location: myaccount.php");

		}

		//echo "Logged in...";

Hi when the user enters there password in the pwd field I need the sql to check the empid in the database (this is not md5 encrypted)

 

then if the empid = the post password they enterd then it will goto the promt to change the password.

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473689
Share on other sites

You need to take your time and really understand what you are doing. Programming is an exacting science.

$qry = "SELECT empid
        FROM users
        WHERE empid='{$pwd}'";
$sql = mysql_query($qry);
$res = mysql_fetch_array($sql);
if($res['pwd'] != 1){

Look at what the query is SELECTing. Then, look at what you are comparing in the if() condition. You are checking the value of $res['pwd'] which was not included in the SELECT statement. So, that index does not exist - thus $res['pwd'] will always be NULL.

 

Further, the condition check makes no sense. Even if you did select 'pwd' wouldn't it always be something other than 1? You should be checking the count of the records returned - not the value of the record that was returned.

$query = "SELECT empid
          FROM users
          WHERE empid='{$pwd}'";
$result = mysql_query($query);

if(!mysql_num_rows($result))
{
    header("Location: setpass.php?msg=ERROR: you dont have the password....");
}
else
{
    //Password matches an employee ID
Edited by Psycho
Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473691
Share on other sites

Psycho's correct - don't select the actual empid, select the count of returned records. Check the SQL in post #6 to see the difference in the SELECT line, or use mysql_num_rows() as in the post above. Either way, make sure you're comparing integer to integer, and you should optimally only get one returned row in the recordset.

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473704
Share on other sites


////////////////////////////////////phyco copy right

}else
$pwd = ($_POST['pwd']);

$query = "SELECT empid
FROM users
WHERE empid=$pwd";
$result = mysql_query($query);

if(!mysql_num_rows($result))
{
header("Location: setpass.php?msg=ERROR: you dont have the password....");
}else


//Password matches an employee ID thanks to phyco////////////////////////////////////////////



//this forum is the best, ill be honest I know very little about //php apart from asking you guys for code I do understand but its //hard for me as I can only read it atm im still gona plod along //best I can..........





//Phyco you did it here's my bit I added that worked (and I wont //be lazy education like u gave is far better than someone just //handing it me on a plate)





Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473706
Share on other sites

varchar(200) latin1_general_ci  

No

 

is this it?

 

 

So, does the "No" above mean you don't see the employee IDs in the database as you would expect? If so, then that would definitely be why using the other employee IDs is not generating the result you want. And, why the hell would you need a 300 character field for employee IDs?

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473836
Share on other sites

////////////////////////////////////phyco copy right

		} else 
$pwd = ($_POST['pwd']);

$query = "SELECT empid
          FROM users
          WHERE $pwd='empid'";
$result = mysql_query($query);

if ($pwd=$result)
{
    header("Location: setpass.php?msg=ERROR: you dont have the password....");
}else 

sorry to spam this is working now as long as the first charickor in the  empid field has one letter it will work is it my sql table that's causing the problem?

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473863
Share on other sites

You've got a couple things wrong here, I think. Try this:

$pwd = ($_POST['pwd']);

$query = "SELECT empid
          FROM users
          WHERE empid='{$pwd}'";
$sql = mysql_query($query);
$result = mysql_fetch_assoc($sql);

if ($pwd == $result['empid'])
{
    header("Location: setpass.php?msg=ERROR: you dont have the password....");
}

First off, the SQL was a bit malformed - on line 5 it looks like you're using the value in $pwd as the column header, and the value has to by 'empid'. You're also not actually getting the result set from the query process. By calling mysql_fetch_assoc(), you're putting the result set into an associative array (line 7). You were also using the assignment operator (=) in your comparator on line 9. Use the comparison operator (==).

Link to comment
https://forums.phpfreaks.com/topic/287198-if-statements/#findComment-1473983
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.