Coding help (php)

Discussion in 'Web Design and Development' started by JLEW700, Jul 16, 2009.

  1. JLEW700 macrumors 6502

    Joined:
    Aug 12, 2008
    #1
    Can anybody tell me whats wrong with my code? I have it set up so that is should say "You're in" when the correct username and password and it should say "incorrect password" when the incorrect password is incorrect is entered. Instead it says "incorrect password" weather I enter the correct password or not.

    Heres my code:
    Code:
    <?php
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    if ($username&&password)
    {
    
    $connect = mysql_connect("localhost","root","") or die("Couldn't connect");
    mysql_select_db("phplogin") or die("Couldn't find db");
    
    
        $query = "SELECT * FROM users WHERE username='$username'";
    
        $query_result = mysql_query($query) or die(mysql_error());
    
        $numrows = mysql_num_rows($query_result); 
    
        if ($numrows!=0)
    {
    
    	while ($row = mysql_fetch_assoc($query_result))
    {
    	$dbusername = $row['username'];
    	$dbpassword = $row['password'];
    }
    
    	if ($username==$dbusername&&password==$dbpassword)
    {
    	echo "You're in";
    }
    
    
    else
    	echo "Incorrect password";
    
    
    }
    else
    	die("That user doesn't exist");
    	
    
    
     
    }
    else
    	die ("Please enter a username and a password");
    
    
    ?>
    
     
  2. Darth.Titan macrumors 68030

    Darth.Titan

    Joined:
    Oct 31, 2007
    Location:
    Austin, TX
    #2
    Code:
    if ($username&&password)
    {
    should be:
    Code:
    if ($username && $password)
    {
    (Spaces added for readability, but the real mistake was the missing '$' on your $password variable.)
     
  3. JLEW700 thread starter macrumors 6502

    Joined:
    Aug 12, 2008
  4. BertyBoy macrumors 6502

    Joined:
    Feb 1, 2009
    #4
    wakey, wakey,

    how about checking the password in the SELECT statement, it'll not make it work any better but less code:

    SELECT * FROM users WHERE username=$username AND password=$password
     
  5. whatsgooddan macrumors member

    Joined:
    Apr 6, 2009
    Location:
    NY, USA
    #5
    for security, you may want to encrypt your passwords.

    if you usually store them in there as $password, instead store as md5($password); or something.

    when the user types in their password, check if md5($_POST['password]) == $row['password'].

    this keeps passwords safe if your database falls into the wrong hands. this can sometimes happen pretty easily, especially if you are accepting user input through text fields.
     

Share This Page