Authenticating Users

killswytch

Hi,

The problem that I am having, is that no matter what I put the in the user textbox and password textbox, it always uses the same user? Here is a sample of what I am doing:
<?
If ($login)
{
If(!(mysql_pconnect("localhost", "user", "password")))
{
ErrorString("The Connection To The Database Failed!\n");
}

	If(!(mysql_select_db("dbname")))
	{
		ErrorString("Could Not Select Database");
	}

	$sql = "select * from users where user='$username' and password='$password'";
	If (!$result = mysql_query($sql))
	{
		ErrorString("could not execute query");
	}
	# Check the user against the database
	If (!$row = mysql_fetch_array($result))
	{
		ErrorString("Could not fetch array");
	}

	If (($username = $row["user"]) && ($password = $row["password"]) && $password != "")
	{
		echo "user $username exists<br>";
		echo $sql;
		exit();
	}
	Else
	{
		echo "user $username doesn't exist<br>";
		echo $sql;
		exit();
	}


}

Here is the code for the form which is method of post and action of $PHP_SELF

<tr>
<td colspan="2" height="3"><font color="#000000" face="<?php echo $font_face; ?>" size="2">User Name</font><br><input type="text" name="username" size="15" maxlength="32"></td>
</tr>
<tr>
<td colspan="2" height="2"><font color="#000000" face="<?php echo $font_face; ?>" size="2">Password</font><br><input type="password" name="password" size=15 maxlength="32"></td>
</tr>

Anon

Ok, a lot of people seem to be having this problem today 😉 In this code:

If (($username = $row["user"]) && ($password = $row["password"]) && $password != "")

You need to use the comparison operator (==) not the assignment operator (=). Basically what you are doing is saying "make $username equal to the value of $row["user"]" which will always be the first user returned. Change it to:

If (($username == $row["user"]) && ($password == $row["password"]) && $password != "")

Hope that helps!

Chris King

killswytch

Ok...I have gotten the problem halfway figured out, but it's kinda driving me crazy. All I am doing is checking the array for the username and password...if not existent it echo's one thing, if existent, it echo's another.

Here is the code:

If ($login)
{

$sql = "select * from users where user='$username' and password='$password'";
If (!$result = mysql_query($sql))
{
ErrorString("could not execute query");
}

Check the user against the database

	while ($row = mysql_fetch_array($result))
	{

		If (($username == $row["user"]) && ($password == $row["password"]) && $password != "")
		{
			echo "user ".$row["user"]." does exist";

		}
		Else
		{
				echo "user" .$row["user"]." doesn't exist<br>";
				echo $sql;
				exit();
		}

	}

}

Any help would be a blessing

killswytch

Ooops, forgot to mention...It works fine when the user is present, the first if statement works...but if the user isn't present, it just redisplays the page, without echoing out the proper echo statement in the else call...

killswytch

Never mind, I figured it out... Thanks though