Member Avatar for bsse007

what will be the code of comparing the login data with the already stored data of user on the data base .kindly reply me soon.ihv to compare the two variables(user name and password).plzzz

  • 4 Contributors
  • 14 Replies
  • 2K Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by bsse007

Recommended Answers

All 14 Replies

Member Avatar for furqan219

Please SHARE your table structure, so we can tell you

Member Avatar for bsse007

there is a form of registration having username,password & email.this data is stored in data base's table when accepted.there is another form of already registered whom data have been saved.i just want that they can be logd in when there username & pasword is matched with the already existing data.

Member Avatar for furqan219

Table structure and sample data??? Please share

Member Avatar for diafol

What code do you have so far? You'll be using $_POST variables. Are you using a password hash like md5? More info please.

You compare with a SELECT query, placing the cleaned variables in the WHERE clause.

Member Avatar for bsse007

registr.html ,register page

<form action="login.php" method="post" >
  <h3>Registered here</h3>
<table>
<tr><td><b>User Name</b></td><td><input type="text" name="myname"/></td></tr>
<tr>
      <td><b>Password</b></td>
<td><input type="password" name="pass"/></td></tr><tr><td><b>e-mail</b></td><td><input type="text" name="email"/></td></tr>
<tr><td></td><td><input type="submit" value="register"/></td></tr></table></form>

login.php page

<?php
$con = mysql_connect("localhost","root");
if (!$con)
  {
  die('Could not connect:');
  }

mysql_select_db("project", $con);

$sql="INSERT INTO user ( user_name, password, email )
VALUES
('$_POST[myname]','$_POST[pass]','$_POST[email]')";

if (!mysql_query($sql,$con))
  {
  die('Error:' );
  }
  else 
  {echo header('Location:http://localhost/click.html');
  }
mysql_close($con)
?>

check.html, comparing page

<form action="open.php" method="post">
  Already have an account
  <br>User name
    <input type="text" name="user"/>
    <br>
    Password
    <input type="password" name="password"/><br>
    
	<input type="submit" value="login"/>
</form>

now i need the coding of open.php
regards

Edited by Ezzaral because: Added code tags. Please use them to format any code that you post.
Member Avatar for bsse007

open.php

<?php
$uname=$_POST['user'];
$upass=$_POST['password'];
$con = mysql_connect("localhost","root");
if (!$con)
  {
  die('Could not connect:');
  }

mysql_select_db("project", $con);
$result=mysql_query("select user_name from user");
$result1=mysql_query("select password from user");

while($row=mysql_fetch_array($result) && $row1=mysql_fetch_array($result1))
{
if($uname==$row && $upass==$row1)
{echo.........
}
else
{
echo ...........
}
}
?>

i hv made this code.kindly chek it.

Edited by Ezzaral because: Added code tags. Please use them to format any code that you post.
Member Avatar for diafol

OK. I see.

$name = mysql_real_escape_string($_POST['user']);
$pw = mysql_real_escape_string($_POST['password']);

$r = mysql_query("SELECT user_name FROM user WHERE user_name='$name' AND  password = '$pw'");
if(mysql_num_rows($r)>0){
//user exists - keep data in session/cookie or whatever
}else{
//failed login
}

There could be a lot more involved - but this is bare bones stuff. I noticed that you don't clean your variables on the registration form. This is very unwise. Use something like mysql_real_escape_string if it is supported on your server.

Edited by diafol because: n/a
Member Avatar for bsse007

thanks a lot.you have solved my problem.
will u plz tell me about "mysql_real_escape_string",infact i have no idea.

Member Avatar for diafol

thanks a lot.you have solved my problem.
will u plz tell me about "mysql_real_escape_string",infact i have no idea.

Sure, when you get raw data from a form (or a url querystring) - the data you pick up from $_POST or $_GET variables in other words, you can't trust the data to be safe or to not mess up your queries or to be stored correctly.

Quotes within data can often mess up the query.
Some naughty people may even try to inject their own SQL into your query through a form or url. This can usually be prevented by changing all 'tags' to escape characters or html encodes .e.g. <script> becomes &lt;script&gt;

A while ago I used to use

$var = addslashes(htmlentities($_POST['var']));

but I tend to use mysql_real_escape_string() now.

This is called cleaning or sanitizing your data. Sometimes, you'll need to take off added backslashes that escape your quotes when output back to html. You can do this by stripslashes($var).

Edited by diafol because: n/a
Member Avatar for bsse007

okk.i undrstud.
i m again in trouble.
there is a user who is typing an article in the textarea and have the title in the text box.
i want to save his title to his info row.
i mean the title should be saved in the feild name title aginst the logged in user.
will u kindly help me?

Member Avatar for diafol

You need to supply your table structures. SO that we know how they can be linked.

Member Avatar for rajarajan2017 
$name = mysql_real_escape_string($_POST['user']);
$title = "Harry Potter" ; //you should fetch title from textbox
$r = mysql_query("SELECT user_name, title FROM user WHERE user_name='$name');
if(mysql_num_rows($r)>0){
   $r =mysql_query("UPDATE user set title='$title' WHERE user_name='$name'");
}
else
{
//no user found
}
Edited by rajarajan2017 because: n/a
Member Avatar for bsse007

can session be used throuh diffrent pages.
means session_started in a page but retrive in the other.
is it possible & how?
regards

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.