Arnold_26 Posted February 4, 2007 Share Posted February 4, 2007 Hi guys.. I have a little problem on my codes. I've tested the connection of MySql and PHP that's fine. Now my problem is the authentication of it. When ever I've entered a not valid username and password it will connect to my other page. Did I miss something? What's seem the problem here? Here's the code: <?php $username = $_POST['username']; $password = $_POST['password']; $password = trim($password); if (!$username && !$password){ echo 'Enter you username followed by your password'; exit; } $mysqli = new mysqli("localhost", "my_user", "mypassword", "my_db"); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $query = "SELECT username, password FROM users ORDER by username = '$username' and password = '$password' "; $result = mysqli_query($mysqli, $query); if (!$result) { echo 'Cannot connect sorry'; exit; } else { /* fetch associative array */ while ($row = mysqli_fetch_row($result)) { printf ( $row[0], $row[1]); } /* free result set */ mysqli_free_result($result); printf ("connection success"); } $mysqli->close(); ?> Help!! Thanks guys. Quote Link to comment Share on other sites More sharing options...
marcus Posted February 4, 2007 Share Posted February 4, 2007 echo 'Cannot connect sorry'; exit; } else { if(mysqli_num_rows($result) == 0){ echo "Username or password is incorrect"; die(); }else { /* fetch associative array */ while ($row = mysqli_fetch_row($result)) { printf ( $row[0], $row[1]); } /* free result set */ mysqli_free_result($result); printf ("connection success"); } $mysqli->close(); ?> Basically what you were doing is just checking if the query would actually do what you're telling it to do. You need to see if the row actually exists in the database, using mysqli_num_rows will do the trick, if mysqli_num_rows($result) equaled 0 then the username or password was obviously incorrect. If it equaled 1 then the username and password were both correct. Quote Link to comment Share on other sites More sharing options...
Arnold_26 Posted February 4, 2007 Author Share Posted February 4, 2007 Thanks for the reply but there is another problem. Tried it already Show an error. Parse error: parse error, unexpected $end in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\user_conn.php on line 61 The line is 61 is the </html> tag. here's the code. <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Log In</title> <link href="user_main.css" rel="stylesheet" type="text/css" /> <?php $username = $_POST['username']; $password = $_POST['password']; $password = trim($password); if (!$username && !$password){ echo 'Enter you username followed by your password'; exit; } $mysqli = new mysqli("localhost", "user", "dbpassword", "db"); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $query = "SELECT username, password FROM users ORDER by username = '$username' and password = '$password' "; $result = mysqli_query($mysqli, $query); if (!$result) { echo 'Cannot connect sorry'; exit; } else { if(mysqli_num_rows($result) == 0){ echo "Username or password is incorrect"; die(); }else { /* fetch associative array */ while ($row = mysqli_fetch_row($result)) { printf ( $row[0], $row[1]); } /* free result set */ mysqli_free_result($result); printf ("connection success"); } $mysqli->close(); ?> </head> <body> <center> </center> </body> </html> Quote Link to comment Share on other sites More sharing options...
marcus Posted February 4, 2007 Share Posted February 4, 2007 Add another } before you close the ?> Quote Link to comment Share on other sites More sharing options...
Arnold_26 Posted February 4, 2007 Author Share Posted February 4, 2007 Thans it works but the problem still exist. even I type in my username and password eventhough they are not in the database still enters the site which a validation is needed. Thanks.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.