Jump to content

[SOLVED] Multiple field login and a related question

cruzbullit

By cruzbullit
in PHP Coding Help

 Share

Recommended Posts

cruzbullit Newbie

cruzbullit

Posted
Posted

I'm looking for an example of a login system that has multiple fields (2 to be exact) + password. e.g username, company name and password, the user, company and password are checked against a mysql database. I have it working with just the username field but I'm confused on how to go about adding another field. I'm pretty new to PHP so don't beat me up too much for this example code, I borrowed and hacked it together in a very short period of time.

 

<?php
include 'db.php';
//Checks if there is a login cookie

if(isset($_COOKIE['ID_user']))


//if there is, it logs you in and directs you to the members page
//shopname is used to select the correct database
{ 	
$shopname = $_COOKIE['ID_fitsheetshop']; 
$username = $_COOKIE['ID_fitsheetuser']; 
$pass = $_COOKIE['Key_fitsheet'];

$checkuser = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname = '$shopname'")or die(mysql_error());
while($info = mysql_fetch_array($checkuser)) 	
	{

	if ($pass != $info['password']) 
		{
		die('something is wrong');
		}

	else
		{
		header("Location: members.php");
		}

	}

while($info = mysql_fetch_array($checkshop)) 	
	{

	if ($pass != $info['password']) 
		{
		die('something is wrong');
		}

	else
		{
		header("Location: members.php");

		}

	}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['shopname'] | !$_POST['username'] | !$_POST['pass']) {
	die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['username'] = addslashes($_POST['username']);
	$_POST['shopname'] = addslashes($_POST['shopname']);
}

$checkuser = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
$checkshop = mysql_query("SELECT * FROM users WHERE shopname = '".$_POST['shopname']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($checkuser);
if ($check2 == 0) {
	die('Something is wrong');
			}

$check3 = mysql_num_rows($checkshop);
if ($check3 == 0) {
	die('Something is wrong');
			}

while($info = mysql_fetch_array($checkuser))
while($info = mysql_fetch_array($checkshop))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
	die('Something is wrong');
}

else
{
// if login is ok then we add a cookie 
$_POST['shopname'] = stripslashes($_POST['shopname']);
$_POST['username'] = stripslashes($_POST['username']);

$hour = time() + 3600; 
setcookie(ID_shop, $_POST['shopname'], $hour);
setcookie(ID_user, $_POST['username'], $hour);
setcookie(Key_shop, $_POST['pass'], $hour);	

//then redirect them to the members area
header("Location: members.php");

}

}

} 

else {	

// if they are not logged in
//code removed for privacy
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Shop Name:</td><td>
<input type="text" name="shopname" size="60" maxlength="60">
<tr><td>Username:</td><td>
<input type="text" name="username" size="2" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
//code removed
<?php
}


?>

 

 

 

Each company will have its own database, once the user logs in I was going to check their cookie for the company name and use that to select the correct database. Does anyone have any better ideas?

 

 

Thanks for your time.

trq Prolific Member

trq

Posted
Posted

An example.

 

<?php

  if (isset($_POST['submit'])) {
    $uname = isset($_POST['uname']) ? mysql_real_escape_string($_POST['uname'] : '';
    $upass = isset($_POST['upass']) ? mysql_real_escape_string($_POST['upass'] : '';
    $compname = isset($_POST['compname']) ? mysql_real_escape_string($_POST['compname'] : '';
    $sql = "
      SELECT uname,upass,compname
      FROM users
      WHERE uname = '$uname' && upass = '$upass' && compname = '$compname';
    ";
    if ($result = mysql-query($sql)) {
      if (mysql_num-rows($result)) {
        // user is valid.
      } else {
        // user is NOT valid.
      }
    }
  }

?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.