0

Hey guys I am trying to create a login that checks for a password in a mysql database. I have just started picking away at this and have no clue if I am even close. If I am not even close I don't need someone to wast there time holding my hand through this just tell me and I will read up more just wondering if its something small or if I am going the totally wrong direction.

<?php

include = '/var/www/sql_connect.php';

$user = '$_POST['password'];
//if (mysql_query ("SELECT * FROM users WHERE pass = '$user'"){
//header ("location: administration.php");
//} else {
//header ("location: index.php");
//}
$result = mysql_query ("SELECT * FROM users WHERE pass = '$user'") or die(mysql_error());
if ($_POST['password'] == '$result'{
header ("location: administration.php");
} else {
header ("location: index.php");
}

?>

Thanks!
-Justin

4
Contributors
4
Replies
5
Views
6 Years
Discussion Span
Last Post by codewall
0

Hi There
Have a look phpsense.com they have some good tutorials on how to go about this they also have some source code for a full but simple login system its really good for getting the basics you can download the source files at http://phpsense.com/file_download/3.

Also you must read up on how to sanitize all your $_GET / $_POST variables to prevent SQL injection attacks. I picked up some good resource here http://www.learnphponline.com/security/sql-injection-prevention-mysql-php

Hope this helps

Good Luck

N

0

Thank you for your help I was planning on the sanitizing of my code this was just to get the functionality going before hand. I will take a look at these links thank you for you quick response.

-Justin

0

You could use just the simple mysql_num_rows, so if you get a record that equals your form input, then it redirects you to your desired page, else, it will display a message.

<?php

if(isset($_REQUEST['login']))
{
	$query = "SELECT user, pass FROM yourTable WHERE user='".mysql_real_escape_string($_REQUEST['user'])."'";
			$result = mysql_query($query);
			   if (mysql_num_rows($result)>0)
			   {		   
					$client = mysql_result($result,0,"user");
					$password = mysql_result($result,0,"pass");
					
																						  
						if (isset($_REQUEST['user']) && $_REQUEST['user'] == $client && isset($_REQUEST['pass']) && $_REQUEST['pass'] == $password)
						{
							header('Location: index.php');
						}
						
			   }
			   else
			   {
				   echo 'Wrong passwod';
			   }
}


?>

Edited by Szabi Zsoldos: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.