Jump to content

password retrieval with php+mysql


cerin

Recommended Posts

I'm trying to get a password from a mysql database and compare it to the user's input, but I can't figure out what to use to put the returned password in a variable or something so that it is actually comparable to the user's input. This is what I have so far:
[code]<?php
include 'config.php';
mysql_select_db($usersdb);
$pquery="SELECT password WHERE userid={$_POST['username']} FROM userinfo";
$result=mysql_query($pquery);
$pass=mysql_fetch_array($result,MYSQL_ASSOC);
echo $pass['password'];
?>
<form method="Post">
<p> Username: <input type='text' name='username' />
<input type='submit' />
</p>
</form>

<form method='Post'>
<p>Password: <input type='text' name='password' />
<input type='submit' />
</p>
</form>[/code]
I tried a couple things, but I don't know how any of them really work.
With this code I get the error:
[code]Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\AppServ\www\forum\login.php on line 6[/code]
Link to comment
Share on other sites

[code]<?php
if (isset($_POST)) {
    //connect to your db
    include 'config.php';
    mysql_select_db($usersdb);
    
    //get and escape your two user inputs
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    
    //rather than trying to retrieve the password, then check to see if they match in php,
    //use the following query and let SQL do that work for you.
    $pquery = "SELECT username FROM userinfo WHERE userid = '$username' AND password = '$password'";
    $result = mysql_query($pquery) or die("Could not query: " . mysql_error());
    
    //if one row was returned, then the username/password combo was found
    if (mysql_num_rows($result) == 1) {
        echo "User Authenticated";
    } else if (mysql_num_rows($result) == 0) { //if no rows are returned, then the user was not in the db
        echo "User not found";
    } else {  //you may have more than one entry for the same person...which is bad.
        echo "Error occurred during verification";
    }
    
    //header("nextpage.php");
    exit;
}
?>
<form method="Post" action="<?php $_SERVER['PHP_SELF']; ?>">
<p> Username: <input type='text' name='username' />
</p>
<p>Password: <input type='text' name='password' /><br />
<input type='submit' name="submit" value="Submit"/>
</p>
</form>[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.