0

what will be the code of comparing the login data with the already stored data of user on the data base .kindly reply me soon.ihv to compare the two variables(user name and password).plzzz

4
Contributors
14
Replies
18
Views
7 Years
Discussion Span
Last Post by bsse007
0

there is a form of registration having username,password & email.this data is stored in data base's table when accepted.there is another form of already registered whom data have been saved.i just want that they can be logd in when there username & pasword is matched with the already existing data.

0

What code do you have so far? You'll be using $_POST variables. Are you using a password hash like md5? More info please.

You compare with a SELECT query, placing the cleaned variables in the WHERE clause.

0

registr.html ,register page

<form action="login.php" method="post" >
  <h3>Registered here</h3>
<table>
<tr><td><b>User Name</b></td><td><input type="text" name="myname"/></td></tr>
<tr>
      <td><b>Password</b></td>
<td><input type="password" name="pass"/></td></tr><tr><td><b>e-mail</b></td><td><input type="text" name="email"/></td></tr>
<tr><td></td><td><input type="submit" value="register"/></td></tr></table></form>

login.php page

<?php
$con = mysql_connect("localhost","root");
if (!$con)
  {
  die('Could not connect:');
  }

mysql_select_db("project", $con);

$sql="INSERT INTO user ( user_name, password, email )
VALUES
('$_POST[myname]','$_POST[pass]','$_POST[email]')";

if (!mysql_query($sql,$con))
  {
  die('Error:' );
  }
  else 
  {echo header('Location:http://localhost/click.html');
  }
mysql_close($con)
?>

check.html, comparing page

<form action="open.php" method="post">
  Already have an account
  <br>User name
    <input type="text" name="user"/>
    <br>
    Password
    <input type="password" name="password"/><br>
    
	<input type="submit" value="login"/>
</form>

now i need the coding of open.php
regards

Edited by Ezzaral: Added code tags. Please use them to format any code that you post.

0

open.php

<?php
$uname=$_POST['user'];
$upass=$_POST['password'];
$con = mysql_connect("localhost","root");
if (!$con)
  {
  die('Could not connect:');
  }

mysql_select_db("project", $con);
$result=mysql_query("select user_name from user");
$result1=mysql_query("select password from user");

while($row=mysql_fetch_array($result) && $row1=mysql_fetch_array($result1))
{
if($uname==$row && $upass==$row1)
{echo.........
}
else
{
echo ...........
}
}
?>

i hv made this code.kindly chek it.

Edited by Ezzaral: Added code tags. Please use them to format any code that you post.

0

OK. I see.

$name = mysql_real_escape_string($_POST['user']);
$pw = mysql_real_escape_string($_POST['password']);

$r = mysql_query("SELECT user_name FROM user WHERE user_name='$name' AND  password = '$pw'");
if(mysql_num_rows($r)>0){
//user exists - keep data in session/cookie or whatever
}else{
//failed login
}

There could be a lot more involved - but this is bare bones stuff. I noticed that you don't clean your variables on the registration form. This is very unwise. Use something like mysql_real_escape_string if it is supported on your server.

Edited by diafol: n/a

0

thanks a lot.you have solved my problem.
will u plz tell me about "mysql_real_escape_string",infact i have no idea.

0

thanks a lot.you have solved my problem.
will u plz tell me about "mysql_real_escape_string",infact i have no idea.

Sure, when you get raw data from a form (or a url querystring) - the data you pick up from $_POST or $_GET variables in other words, you can't trust the data to be safe or to not mess up your queries or to be stored correctly.

Quotes within data can often mess up the query.
Some naughty people may even try to inject their own SQL into your query through a form or url. This can usually be prevented by changing all 'tags' to escape characters or html encodes .e.g. <script> becomes &lt;script&gt;

A while ago I used to use

$var = addslashes(htmlentities($_POST['var']));

but I tend to use mysql_real_escape_string() now.

This is called cleaning or sanitizing your data. Sometimes, you'll need to take off added backslashes that escape your quotes when output back to html. You can do this by stripslashes($var).

Edited by diafol: n/a

0

okk.i undrstud.
i m again in trouble.
there is a user who is typing an article in the textarea and have the title in the text box.
i want to save his title to his info row.
i mean the title should be saved in the feild name title aginst the logged in user.
will u kindly help me?

0
$name = mysql_real_escape_string($_POST['user']);
$title = "Harry Potter" ; //you should fetch title from textbox
$r = mysql_query("SELECT user_name, title FROM user WHERE user_name='$name');
if(mysql_num_rows($r)>0){
   $r =mysql_query("UPDATE user set title='$title' WHERE user_name='$name'");
}
else
{
//no user found
}

Edited by rajarajan07: n/a

0

can session be used throuh diffrent pages.
means session_started in a page but retrive in the other.
is it possible & how?
regards

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.