christianw Posted June 1, 2007 Share Posted June 1, 2007 Hello everyone, I am currently try to reuse my login code but facing problem with the operators. I have trace it down and I narrow it to this line of code -> if (($username == $User) && ($password == $Pass)). The result of this line will always direct the program to else option. If I by pass this if statement, I was able to echo out $username, $User, $password and $Pass. Currently I am using PHP 5.2 and previously was using PHP5. This code was working fine before in PHP5. Could it be because of some configuration in PHP.ini. Any suggestion and help would be greatly appreciated. Thanks session_start(); $username = $_POST['username']; $password = $_POST['password']; include 'db2.php'; $sql = "SELECT * FROM NICF_Login WHERE UserName = '$username'"; $rs=odbc_exec($conn,$sql); if (!$rs) {exit("Error in SQL");} while (odbc_fetch_row($rs)) { $User = odbc_result($rs,"UserName"); $Pass = odbc_result($rs,"Password"); } if (($username == $User) && ($password == $Pass)) { echo "$username $password"; } else { echo "Wrong"; } odbc_close($conn); Quote Link to comment https://forums.phpfreaks.com/topic/53829-help-with-login-code/ Share on other sites More sharing options...
dustinnoe Posted June 1, 2007 Share Posted June 1, 2007 my suggestion would be to echo out the strings you are comparing in the if statement just so you can see for yourself if there are any differences. Could be something as simple as case which can be solved with strtolower() Quote Link to comment https://forums.phpfreaks.com/topic/53829-help-with-login-code/#findComment-266100 Share on other sites More sharing options...
christianw Posted June 1, 2007 Author Share Posted June 1, 2007 Hi Dustin, I have try to echo out all the variables and were successfull. tried to lowercase everything as well. However, the program still throwing me to echo "wrong"; Quote Link to comment https://forums.phpfreaks.com/topic/53829-help-with-login-code/#findComment-266106 Share on other sites More sharing options...
dustinnoe Posted June 1, 2007 Share Posted June 1, 2007 <?php if (($username === $User) && ($password === $Pass)) ?> using === ensures that the variables are of the same type. This may or may not help. Quote Link to comment https://forums.phpfreaks.com/topic/53829-help-with-login-code/#findComment-266328 Share on other sites More sharing options...
dustinnoe Posted June 1, 2007 Share Posted June 1, 2007 This may serve you better. Note that this script escapes the username and password. Anytime you update or insert usernames and passwords you will need to escape them using mysql_real_escape_string(). <?php session_start(); $username = mysql_real_escape_string($_POST['username']); // Stop SQL injection attacks $password = mysql_real_escape_string($_POST['password']); // Do the same thing on user sign up // Use require, include will not stop the // sript if an error occurs, require will // cause the script to die require 'db2.php'; $sql = "SELECT * FROM NICF_Login WHERE UserName = '{$username}' AND Password = '{$password}' LIMIT 1"; $rs=odbc_exec($conn,$sql); if (!$rs) {exit("Error in SQL");} if (odbc_num_rows($rs)){ // UserName and Password match echo "{$username} {$password}"; }else{ echo "Wrong"; } odbc_close($conn); ?> Quote Link to comment https://forums.phpfreaks.com/topic/53829-help-with-login-code/#findComment-266334 Share on other sites More sharing options...
TreeNode Posted June 1, 2007 Share Posted June 1, 2007 also just in case... $username = trim($username); $password = trim($password); Quote Link to comment https://forums.phpfreaks.com/topic/53829-help-with-login-code/#findComment-266355 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.