Member Avatar for HB25

Hi
I am using the code below to validate user when they login to my website, the first part check if user have typed their username and the second part search the table to check user exist. These two parts work fine but the last part the while condition don’t work it keep give me the error massage “You provided an incorrect password. Please try again.”
Any help?
Regards
HB 25

<?php

// Have they entered a ClientID?
if(empty($_POST['username']))
{
	die("Please enter your correct username.");
}

$con = mysql_connect("xxxxxx","xxxxxx","xxxxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("xxxxxx", $con);

// Get variables from the previous page. Remove possible hack attempts.
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
// Build the query used to see if that account exists.
$query = "SELECT `username`,`password` FROM tbluser WHERE `username`='".$username."'";
$result = mysql_query($query);
// If the records returned isn't exactly 1, then that username doesn't exist. Or, there may be a strange glitch where two users have the same name, but the registration script will get rid of any chance of that anyway.
if(mysql_num_rows($result)!=1)
{
	die('We don\'t have a user called '.$username.'. If this is your first visit to our website, you may need to <a href="../register.htm">create an account</a>. Otherwise, check your spelling.');
}
// Now, validate the password.
while($record = mysql_fetch_assoc($result))
{
	if(md5($password)!=$record['password'])
	{
		die("You provided an incorrect password. Please try again.");
	}
}



mysql_close($con);
?>
  • 2 Contributors
  • 4 Replies
  • 170 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by HB25
Member Avatar for nav33n

The simplest way to validate username and password is to query the table with both username and password and see how many rows it returns. For example,

$query = "select * from table where username='$username' and password='$password'";
$result = mysql_query($query);
if(mysql_num_rows($result) == 1) {
 //echo valid user
} else {
 //echo invalid user
}

In your script, I don't see a need why you need a while loop. Since the usernames are unique and 1 username returns only 1 record, there is no need for a while loop. The rest of the script looks okay..

Member Avatar for HB25

Hi
Thank you, I have managed to sort this problem but I do have another page where user could delete their booking with us, my questions is what will be the if statement before the MySQL delete statement to check the bookingID which user provided is exist in the table bookings if not exist then an error message should be displayed to user.
Any suggestion will be highly appreciated.
HB25

<?php
// Have they entered a BookingID?
if(empty($_POST['bookingID']))
{
	die("Please enter your BookingID number.");
}

$con = mysql_connect("xxxxx","xxxx","xxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("xxxx", $con);


mysql_query("DELETE FROM bookings WHERE bookingID=$_POST[bookingID]");


print "your booking number  ".$bookingID ;

echo "has been cancelled";
echo " we hope you come back and stay with us another time.";
 
mysql_close($con)

?>
Member Avatar for nav33n 
$result = mysql_query("select * from table where bookingid='blahblah'");
if(mysql_num_rows($result) > 0) {
//delete booking id
} else {
 //booking id doesn't exist
}
Member Avatar for HB25

Hi nav33n
Thank you very much for your advice, you have solved my thread once again.

Kind Regards
HB25

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.