Jump to content

Login In


franknu

Recommended Posts

Ok I have this code that the user use to login

 

the problem that i am having is that is showing the html page when the user name and password dont match

it is sayig

 

username and/or password not found. Try again?

 

but right under is show all the whole page i want to stop right after i says:

username and/or password not found. Try again?

 

here is my code

 


if ( isset($_POST['User_Name']) && isset($_POST['Password']) ) {


$query = "SELECT * FROM business_info where User_Name='$User_Name' AND `Password`='$Password'";


}

  if ($result = mysql_query($query)) 
{
    if (mysql_num_rows($result))
{
      $row = mysql_fetch_assoc($result);

      $BusinessName= $row['BusinessName'];
      $Keyword = $row['Keyword'];
      $Picture1 =  $row['Picture1'];
      $Headline = $row['Headline'];
      $Slogan =$row['Slogan'];
      $Slogan2 = $row['Slogan2'];
      $Description1 =$row['Description1'];
      $Description2 = $row['Description2'];
      $Description3= $row['Description3'];
      $Contact2 =  $row['Contact2'];
      $Picture2 = $row['Picture2'];
      $Picture3 = $row['Picture3'];
      $Categories=$row['Categories'];
      $Business_Address= $row['Business_Address'];
      $make=$row['make'];
      $type=$row['type'];
      $Tel= $row['Tel'];
      $Website=$row['Website'];
    } 
else 
{
      echo "<p><b>username and/or password not found. Try
again?

</b></p>";
    }
  } 
else 
{
    echo "Query failed<br />$query<br />". mysql_error();
exit;
  }

?>

<?


echo'

<table width="504" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
  <tr>
    <td width="494"><table width="497" border="0">
      <tr>
        <td width="487">Banner</td>
      </tr>
      <tr>
        <td background="fondo2.jpg">Welcome Business Name </td>
      </tr>

 

Link to comment
https://forums.phpfreaks.com/topic/52987-login-in/
Share on other sites

Use this code-

 

if ( isset($_POST['User_Name']) && isset($_POST['Password']) ) {


$query = "SELECT * FROM business_info where User_Name='$User_Name' AND `Password`='$Password'";


}

  if ($result = mysql_query($query)) 
{
    if (mysql_num_rows($result))
{
      $row = mysql_fetch_assoc($result);

      $BusinessName= $row['BusinessName'];
      $Keyword = $row['Keyword'];
      $Picture1 =  $row['Picture1'];
      $Headline = $row['Headline'];
      $Slogan =$row['Slogan'];
      $Slogan2 = $row['Slogan2'];
      $Description1 =$row['Description1'];
      $Description2 = $row['Description2'];
      $Description3= $row['Description3'];
      $Contact2 =  $row['Contact2'];
      $Picture2 = $row['Picture2'];
      $Picture3 = $row['Picture3'];
      $Categories=$row['Categories'];
      $Business_Address= $row['Business_Address'];
      $make=$row['make'];
      $type=$row['type'];
      $Tel= $row['Tel'];
      $Website=$row['Website'];
    } 
else 
{
      echo "<p><b>username and/or password not found. Try
again?

</b></p>";
exit;
    }
  } 
else 
{
    echo "Query failed<br />$query<br />". mysql_error();
exit;
  }

?>

<?


echo'

<table width="504" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
  <tr>
    <td width="494"><table width="497" border="0">
      <tr>
        <td width="487">Banner</td>
      </tr>
      <tr>
        <td background="fondo2.jpg">Welcome Business Name </td>
      </tr>

Link to comment
https://forums.phpfreaks.com/topic/52987-login-in/#findComment-261747
Share on other sites

Just a side note, your code assumes "Register Globals" is on, if you do not already know that is bad. I would change the sql statement to be this:

 

<?php
if ( isset($_POST['User_Name']) && isset($_POST['Password']) ) {


$query = "SELECT * FROM business_info where User_Name='".$_POST['User_Name']."' AND `Password`='".$_POST['Password']."'";


}

  if ($result = mysql_query($query)) 
{
    if (mysql_num_rows($result))
{
      $row = mysql_fetch_assoc($result);

      $BusinessName= $row['BusinessName'];
      $Keyword = $row['Keyword'];
      $Picture1 =  $row['Picture1'];
      $Headline = $row['Headline'];
      $Slogan =$row['Slogan'];
      $Slogan2 = $row['Slogan2'];
      $Description1 =$row['Description1'];
      $Description2 = $row['Description2'];
      $Description3= $row['Description3'];
      $Contact2 =  $row['Contact2'];
      $Picture2 = $row['Picture2'];
      $Picture3 = $row['Picture3'];
      $Categories=$row['Categories'];
      $Business_Address= $row['Business_Address'];
      $make=$row['make'];
      $type=$row['type'];
      $Tel= $row['Tel'];
      $Website=$row['Website'];
    } 
else 
{
      echo "<p><b>username and/or password not found. Try
again?

</b></p>";
exit;
    }
  } 
else 
{
    echo "Query failed<br />$query<br />". mysql_error();
exit;
  }

?>

<?


echo'

<table width="504" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
  <tr>
    <td width="494"><table width="497" border="0">
      <tr>
        <td width="487">Banner</td>
      </tr>
      <tr>
        <td background="fondo2.jpg">Welcome Business Name </td>
      </tr>

 

Since you were already checking if the post data was isset, why deviate away from using it, espcially when that can be a huge headache if someone decides to turn off (which it should be off) register_globals.

Link to comment
https://forums.phpfreaks.com/topic/52987-login-in/#findComment-261777
Share on other sites

Ok, I am having Some issues now, My main problem now is that it is not selecting from database. Meaning

 

it is not display the value from the database when i ask it to do so.

 

 

here is partial part of the codes

 


$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());



$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture2']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');
$User_Name=strtolower($_POST['User_Name']);
$Password=strtolower($_POST['Password']);

if ( isset($_POST['User_Name']) && isset($_POST['Password']) ) {


$query = "SELECT * FROM business_info where User_Name='".$_POST['User_Name']."' AND `Password`='".$_POST['Password']."'";


}

  if ($result = mysql_query($query)) 
{
    if (mysql_num_rows($result))
{
      $row = mysql_fetch_assoc($result);

      $BusinessName= $row['BusinessName'];
      $Keyword = $row['Keyword'];
      $Picture1 =  $row['Picture1'];
      $Headline = $row['Headline'];
      $Slogan =$row['Slogan'];
      $Slogan2 = $row['Slogan2'];
      $Description1 =$row['Description1'];
      $Description2 = $row['Description2'];
      $Description3= $row['Description3'];
      $Contact2 =  $row['Contact2'];
      $Picture2 = $row['Picture2'];
      $Picture3 = $row['Picture3'];
      $Categories=$row['Categories'];
      $Business_Address= $row['Business_Address'];
      $make=$row['make'];
      $type=$row['type'];
      $Tel= $row['Tel'];
      $Website=$row['Website'];
    } 
else 
{
      echo "<p><b>username and/or password not found. Try
again?

</b></p>";
exit;
    }
  } 
else 
{
    echo "Query failed<br />$query<br />". mysql_error();
exit;
  }

?>






<?
echo'
<table width="504" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
  <tr>
    <td width="494"><table width="497" border="0">
      <tr>
        <td width="487">Banner</td>
      </tr>
      <tr>
  

      
   
//  like this line down here should display name from database INSTEAD Is
displayin (Welcome $BusinessName )

<td background="fondo2.jpg">Welcome $BusinessName </td>

      </tr>
      <tr>
        <td><table width="480" border="0">
          <tr>

 

Link to comment
https://forums.phpfreaks.com/topic/52987-login-in/#findComment-261788
Share on other sites

That would of been very useful information for when you first showed us the code, the top section with the variable declarations.

 

This should work:

 

<?php
$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());



$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture2']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');
$User_Name=strtolower($_POST['User_Name']);
$Password=strtolower($_POST['Password']);

if ( isset($_POST['User_Name']) && isset($_POST['Password']) ) {


$query = "SELECT * FROM business_info where User_Name='$User_Name' AND `Password`='$Password'";


}

  if ($result = mysql_query($query)) 
{
    if (mysql_num_rows($result))
{
      $row = mysql_fetch_assoc($result);

      $BusinessName= $row['BusinessName'];
      $Keyword = $row['Keyword'];
      $Picture1 =  $row['Picture1'];
      $Headline = $row['Headline'];
      $Slogan =$row['Slogan'];
      $Slogan2 = $row['Slogan2'];
      $Description1 =$row['Description1'];
      $Description2 = $row['Description2'];
      $Description3= $row['Description3'];
      $Contact2 =  $row['Contact2'];
      $Picture2 = $row['Picture2'];
      $Picture3 = $row['Picture3'];
      $Categories=$row['Categories'];
      $Business_Address= $row['Business_Address'];
      $make=$row['make'];
      $type=$row['type'];
      $Tel= $row['Tel'];
      $Website=$row['Website'];
    } 
else 
{
      echo "<p><b>username and/or password not found. Try
again?

</b></p>";
exit;
    }
  } 
else 
{
    echo "Query failed<br />$query<br />". mysql_error();
exit;
  }

?>






<?
echo'
<table width="504" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
  <tr>
    <td width="494"><table width="497" border="0">
      <tr>
        <td width="487">Banner</td>
      </tr>
      <tr>
  

      
   
//  like this line down here should display name from database INSTEAD Is
displayin (Welcome $BusinessName )

<td background="fondo2.jpg">Welcome $BusinessName </td>

      </tr>
      <tr>
        <td><table width="480" border="0">
          <tr>

 

With the code I saw above you were not explicity defining the username and password. Now that you are it is ok to use that in the query.

Link to comment
https://forums.phpfreaks.com/topic/52987-login-in/#findComment-261836
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.