Member Avatar for MDGM

Hi all,

I have just put together a simple log in script from various tutorials on the web and at the moment it is only checking the username entered by the user against what is in my database.
I cant find any infromation about any kind of AND function or any other check the password as well as the username so thats what i need help with

here is what i have already:

<?php
// Connects to your Database
mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());;

$uname = $_POST['uname'];
$pword = $_POST['pword'];
//gets username and password from uname and pword fields on previous page

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname'");

if($row = mysql_fetch_array($result))
  {
  setcookie("loggedin", "$uname", time()+3600);
  echo "logged in as: ";
  echo $row['uname'];
  echo "<br />and cookie written.";
  echo "<br />";
  echo 'click <a href="cookie.php">here</a> to view cookie information.<br/><a href="login.php">Back to login page.</a>';
  }
else
{
echo "wrong login information";
}
?>

Thanks guyyys :D

Max

  • 5 Contributors
  • 10 Replies
  • 117 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by nav33n

Recommended Answers

All 10 Replies

Member Avatar for somedude3488

make sure sanatize your inputs to protect against sql injection.

as for the login, just change your query to:

SELECT * FROM logins WHERE uname='$uname' AND password='$pword'

also, a better way to do a login script is to see the number of results returned from the query.

ex.

//run query here
if (mysql_num_rows($result) == 1) {
  //then log the person in
}
else {
  //they have invalid credentials
}
Member Avatar for ryan_vietnow

you can change your query like this to validate a username with its password.

(let us say pword is your password table in db...)

replace this:

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname'");

with something like this:

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname' and pword='$pword'");
Member Avatar for ryan_vietnow

Ahh! keith is faster than me;) :D

Member Avatar for MDGM

ha xD Thanks guys :) i swear i tried that :P

oh wells thanks for the help guys. and ill def. include the protection against mysql injection

now just to find out what it actually is..... :P

Thanks again.

Member Avatar for Spaiz

May I ask related question in here?
I was just reading around, found this thread and remembered that I always wanted to know if it's possible to query database only once, at first visit, to confirm login/pwd is correct.

Basicaly, is there a way to let user browse protected area without checking the database on every page view? (saving id in cookies is not a way :) )

Member Avatar for somedude3488

yes, use sessions.

Member Avatar for Spaiz

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

Member Avatar for nav33n

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

I don't think so..

Member Avatar for ryan_vietnow

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

Try to store the ipaddress of the user and date into a new table then have a timeline for how many days/months etc. on how the id will be saved in that ipadd by subtracting current date from the stored date login...Just my idea...

Member Avatar for nav33n

Yes I do have one. Please pm to get the bulk coupon.
Anybody interested in buying itechbids v7.0 @ 10% discount? Please use
my reseller coupon: RES3215.

I wonder why the mods haven't banned you yet.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.