[SOLVED] I dont understand for the life of me! (log in script)

[compsci]

Hello all,

 

I am trying to validate a username and password provided by a user in my database and something weird keeps happening!  Firstly here is my script (i am new with php and i welcome corrections):

 

<?php
echo "php active ";
require_once("connect2database.php");
//retrieving data from a database
$query = sprintf("SELECT * FROM user");
$result = @mysql_query($query);
$row = mysql_fetch_array($result);

$email = $_POST['email'];
$password = $_POST['password'];
$login = $_POST['login'];

if($login && $email && $password){
echo " logging you in....";
for($i=0; $i < sizeof($row); $i++){
if($row[$i]!=null){
echo "row not null ".$i;
if($row['username']==$email and $row['password']==$password){
echo " ****Your Logged in****";
}
}
}
}
?>

 

Out put it this when i insert the username and password ina  simple form that has a login buttton:

 

php active logging you in....row not null 0row not null 1row not null 2

 

If i put in the username and password in the first row of the database, i am logged in succesfully, otherwise i get the above output. Will really appreciate any help and tips and corrections!

[soycharliente]

Here's what I use. Try some of this with your code and see if you can get it to work.

<?php
if(isset($_POST["submit_login"])) {
$u = $_POST["username"];
$p = md5($_POST["password"] . $salt);
dbconnect();
$query = "SELECT * FROM users WHERE username='$u' AND password='$p'";
$result = mysql_query($query) OR DIE ("ERROR: login - " . mysql_error());
dbclose();
if(mysql_num_rows($result) > 0) {
	while($r = mysql_fetch_array($result)){
		$user = $r["username"];
		$pass = $r["password"];
		if ($u == $user && $p == $pass) {
			$_SESSION["User"] = $u;
			$_SESSION["Role"] = $r["role"];
			$loggedIn = TRUE;
			$loginError = FALSE;
		}
	}
} else {
	$loginError = TRUE;
}
}
?>

[compsci]

Thanks charlieholder! Will definitly check that out! I solved one of the problems of my script not going through the whole table! Which is now this new script not much different though:

 

<?php
echo "php active ";
require_once("connect2database.php");
//retrieving data from a database
$query = sprintf("SELECT * FROM user");
$result = @mysql_query($query);
$row = mysql_fetch_array($result);

$email = $_POST['email'];
$password = $_POST['password'];
$login = $_POST['login'];

if($login && $email && $password){
echo " logging you in....";
for($i=0; $i<9; $i++){
echo "row not null ".$i;//different here
if($row[$i]!=null){
if($row['username']==$email and $row['password']==$password){
echo " ****Your Logged in****";
}
}
}
}
?>

[corillo181]

so i'm assuming your longing is when they click submit try this.

<?php
echo "php active ";
require_once("connect2database.php");
//retrieving data from a database
$email = $_POST['email'];
$password = $_POST['password'];
$login = $_POST['login'];
if(isset($login)){
if($email!='' || $password!=''){
$query = sprintf("SELECT * FROM user WHERE email='$email' AND $password='$password'");
$row = mysql_fetch_array($query);
if($row>0){
echo " logging you in....";
}else{
echo "your record was not found";
}
}else{
echo "your email or password field is empty";
}}else{ echo "you got no right to be on this page";}
?>

[compsci]

Thanks corillo181!!! It works!!! (with a few changes from me...ahem) 

[corillo181]

go to show you how to fish not get th efish for you..

 

mark as solved.

[compsci]

go to show you how to fish not get th efish for you..

 

mark as solved.

 

Your right. Thanks!