Hi
I am using the code below to validate user when they login to my website, the first part check if user have typed their username and the second part search the table to check user exist. These two parts work fine but the last part the while condition don’t work it keep give me the error massage “You provided an incorrect password. Please try again.”
Any help?
Regards
HB 25

<?php

// Have they entered a ClientID?
if(empty($_POST['username']))
{
	die("Please enter your correct username.");
}

$con = mysql_connect("xxxxxx","xxxxxx","xxxxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("xxxxxx", $con);

// Get variables from the previous page. Remove possible hack attempts.
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
// Build the query used to see if that account exists.
$query = "SELECT `username`,`password` FROM tbluser WHERE `username`='".$username."'";
$result = mysql_query($query);
// If the records returned isn't exactly 1, then that username doesn't exist. Or, there may be a strange glitch where two users have the same name, but the registration script will get rid of any chance of that anyway.
if(mysql_num_rows($result)!=1)
{
	die('We don\'t have a user called '.$username.'. If this is your first visit to our website, you may need to <a href="../register.htm">create an account</a>. Otherwise, check your spelling.');
}
// Now, validate the password.
while($record = mysql_fetch_assoc($result))
{
	if(md5($password)!=$record['password'])
	{
		die("You provided an incorrect password. Please try again.");
	}
}



mysql_close($con);
?>

The simplest way to validate username and password is to query the table with both username and password and see how many rows it returns. For example,

$query = "select * from table where username='$username' and password='$password'";
$result = mysql_query($query);
if(mysql_num_rows($result) == 1) {
 //echo valid user
} else {
 //echo invalid user
}

In your script, I don't see a need why you need a while loop. Since the usernames are unique and 1 username returns only 1 record, there is no need for a while loop. The rest of the script looks okay..

Hi
Thank you, I have managed to sort this problem but I do have another page where user could delete their booking with us, my questions is what will be the if statement before the MySQL delete statement to check the bookingID which user provided is exist in the table bookings if not exist then an error message should be displayed to user.
Any suggestion will be highly appreciated.
HB25

<?php
// Have they entered a BookingID?
if(empty($_POST['bookingID']))
{
	die("Please enter your BookingID number.");
}

$con = mysql_connect("xxxxx","xxxx","xxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("xxxx", $con);


mysql_query("DELETE FROM bookings WHERE bookingID=$_POST[bookingID]");


print "your booking number  ".$bookingID ;

echo "has been cancelled";
echo " we hope you come back and stay with us another time.";
 
mysql_close($con)

?>
$result = mysql_query("select * from table where bookingid='blahblah'");
if(mysql_num_rows($result) > 0) {
//delete booking id
} else {
 //booking id doesn't exist
}

Hi nav33n
Thank you very much for your advice, you have solved my thread once again.

Kind Regards
HB25

This question has already been answered. Start a new discussion instead.