npsari Posted March 18, 2007 Share Posted March 18, 2007 I did this code, which should check if the Username and Passwords match that which is in the database. <? if ($username) { $username== mysql_connect($dbhost,$dbuser,$dbpasswd); mysql_select_db($dbname); $q = "SELECT * FROM phpbb_users $res = @mysql_query($q); while($r = @mysql_fetch_array($res)) { echo "{$r['user_name']}<br>"; } print "The name and password matched, heloo<BR>\n"; } else { print "The Name & password does not match<BR>\n"; ?> Are there mistakes in this code Can you point them out please guys Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/ Share on other sites More sharing options...
trq Posted March 18, 2007 Share Posted March 18, 2007 You should do the match within your query. eg; <?php // Connect to db. if (isset($_POST['uname'] && isset($_POST['pword'])) { $sql = " SELECT uname, pword FROM users WHERE uname = '{$_POST['uname']}' && pword = '{_$POST['pword']}' "; if ($result(mysql_query($sql)) { if (!mysql_num_rows($result)) { // Username or pass does not exist. } else { // Username and pass are valid. } } } ?> Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209861 Share on other sites More sharing options...
ignace Posted March 18, 2007 Share Posted March 18, 2007 sure, no problem, we are here to help <? /** * $username, so i assume you also have a variable called $password? */ if (isset($username) && !empty($username)) { // just a few extra checks added, so that we know the variable exists and is not empty /** * mysql_connect returns a database resource, which we will store and use later on * to execute queries etc... */ $db = @mysql_connect($dbhost,$dbuser,$dbpasswd); mysql_select_db($dbname); /** * assuming your table is using the fields (user_name, user_password) * + added WHERE clause so you do not get all records, just those who you are going to need! */ $q = sprintf("SELECT * FROM phpbb_users WHERE user_name = '%s'", $username); /** * $db is a resource to your database * its optional as second argument for mysql_query, * but it would be good practice to write it anyway */ $res = @mysql_query($q, $db); while($r = @mysql_fetch_array($res)) { //echo $r['user_name'] . "<br>"; // check http://be.php.net/manual/nl/function.strcmp.php for more information on strcmp function if (strcmp($r['user_password'], $password) == 0) { print "The name and password matched, heloo<BR>\n"; } } } else { // No username print "The Name & password does not match<BR>\n"; } ?> Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209865 Share on other sites More sharing options...
npsari Posted March 18, 2007 Author Share Posted March 18, 2007 Hi Ignance I tried your code When I open the page straight away, I get the message "Name and password did not match" so i guess that is fine However, when i submit username and password from the html form The page is blank even if names is wrong or right Do you know what is the mistake Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209875 Share on other sites More sharing options...
trq Posted March 18, 2007 Share Posted March 18, 2007 Have you defined the variables $username and $password. Both our posts are examples, not working code. Post your code and a description of your problem. Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209879 Share on other sites More sharing options...
npsari Posted March 18, 2007 Author Share Posted March 18, 2007 ohh, i see what you mean thorpe Well, i am using this code like that <? /** * $username, so i assume you also have a variable called $password? */ if (isset($name) && !empty($name)) { // just a few extra checks added, so that we know the variable exists and is not empty /** * mysql_connect returns a database resource, which we will store and use later on * to execute queries etc... */ $db = @mysql_connect(localhost,my_name,my_password); mysql_select_db(shyness_phpb1); /** * assuming your table is using the fields (user_name, user_password) * + added WHERE clause so you do not get all records, just those who you are going to need! */ $q = sprintf("SELECT * FROM phpbb_users WHERE user_name = '%s'", $name); /** * $db is a resource to your database * its optional as second argument for mysql_query, * but it would be good practice to write it anyway */ $res = @mysql_query($q, $db); while($r = @mysql_fetch_array($res)) { //echo $r['user_name'] . "<br>"; // check http://be.php.net/manual/nl/function.strcmp.php for more information on strcmp function if (strcmp($r['user_password'], $password) == 0) { print "The name and password matched, heloo<BR>\n"; } } } else { // No username print "The Name & password does not match<BR>\n"; } ?> Is that wrong what i did to the code? Because the fields in the HTML form are called "name" & "password" Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209881 Share on other sites More sharing options...
shaunrigby Posted March 18, 2007 Share Posted March 18, 2007 A Safer option would be to use the mySQL function COUNT, tutorial found here; http://www.tizag.com/mysqlTutorial/mysqlcount.php Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209884 Share on other sites More sharing options...
trq Posted March 18, 2007 Share Posted March 18, 2007 A Safer option would be to use the mySQL function COUNT, tutorial found here; http://www.tizag.com/mysqlTutorial/mysqlcount.php That is one one but not at all needed. Take a look at my example. You do not need a while loop. Also note that if the form posts the fields name and password they will be found in $_POST['name'] and $_POST['password']. Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209888 Share on other sites More sharing options...
ignace Posted March 18, 2007 Share Posted March 18, 2007 /** * This script will receive the values defined in the form fields "name" & "password", * i am assuming your REQUEST_METHOD is set to POST, if not change method="post" * strcasecmp() compares strings case insensitive */ if (strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0) { if (isset($_POST) && (count($_POST) != 0)) { // 0 elements would be useless execution of code if (strcasecmp(strip_tags($_POST['name']), $_POST['name']) != 0) exit('not allowed to use html in your username!'; if (strcasecmp(strip_tags($_POST['password']), $_POST['password']) != 0) exit('not allowed to use html in your password!'; // will not be executed if one of the above two validates as true $username = $_POST['name']; $password = $_POST['password']; $db = @mysql_connect('localhost', 'my_name', 'my_password'); if (!is_resource($db)) exit('could not connect to database server.'); if (!@mysql_select_db('shyness_phpb1')) exit('could not select the database.'); // + added LIMIT 1, making sure we only will validate one row from the database $q = sprintf("SELECT * FROM phpbb_users WHERE user_name = '%s' LIMIT 1", $username); $res = @mysql_query($q, $db); if (!is_resource($res)) exit(mysql_errno() . " : " . mysql_error()); // experiment with the provided built-in mysql functions /** * using mysql_fetch_assoc() instead of the mysql_fetch_array() * mysql_fetch_assoc() only returns an associative array instead of an numeric * mysql_fetch_array() returns both, can be manipulated when you pass MYSQL_ASSOC as second argument * * What we are doing here, is not the best practice when it comes to validating users, * another method should be required! */ while ($r = @mysql_fetch_assoc($res)) { if (strcasecmp($r['user_password'], $password) == 0) { // this time i used strcasecmp() which is case insensitive, might solve your problem! printf("the password match the name provided, helloooo<br />\n"); } else { printf("no match!<br />\n"); } } } } Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209890 Share on other sites More sharing options...
trq Posted March 18, 2007 Share Posted March 18, 2007 Sorry ignace, but your making the code alot more complicated than need be. Also, please use the full <?php tags so as to turn on syntax highlighting. You should always code with it anyways. Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209892 Share on other sites More sharing options...
npsari Posted March 18, 2007 Author Share Posted March 18, 2007 yeah ignace I like the explenations that u fit in But the code is huge Is there any simpler form Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209900 Share on other sites More sharing options...
trq Posted March 18, 2007 Share Posted March 18, 2007 Is there any simpler form Yeah... I posted it 10 replies ago. Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209922 Share on other sites More sharing options...
npsari Posted March 18, 2007 Author Share Posted March 18, 2007 Hey throrpe Sorry for my ignorance The confusing bit is that you gave an example But anyway, i will take your code and work on it now I hope i will manage Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209926 Share on other sites More sharing options...
trq Posted March 18, 2007 Share Posted March 18, 2007 The confusing bit is that you gave an example Thats why were here, not to supply out of the box working code. Link to comment https://forums.phpfreaks.com/topic/43224-a-username-and-password-match-technique/#findComment-209932 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.