help

Anon

I'm trying to use an authencation method with php/mysql.

The user fills in 3 fields in the form:

$username
$password
$id

...then submits it

I want the mysql database to search for a matching username. Then check if the id and password match. Print out another 3 variables.

$db_username = "Username found in table";
$db_password = "Password found in table";
$db_id = "ID found in table";

then use an if statement to check if all of them match. If so, then the person is allowed in. This is the method I want to use.

The database is called Secure_Db and the table is called Secure_Tb

here is what I have but it doesn't work...

$auth = "SELECT db_username FROM Secure_Tb WHERE db_password = '$pw' AND db_id = '$id'";

if ($username == "$db_username" && $password == "$db_password" && $id == "$db_id") {
header("Location: http://www.securezone.com");
} else {
header("Location: http://www.notsecure.com");
}

lordstjohn

I've made somethink like this :

$verifentry = "OK";

if($login == "")
{
$verifentry = "Manque Login name ! \n";
}
elseif($password == "")
{
$verifentry = "Manque Password ! \n";
}

if($verifentry == "OK")
{
$errcont = 1; //Boolean de controle d'erreur

// Ouvrir la database avec un utilisateur "lecture seule"

$mysqllink = mysql_connect("SERVEUR", "USER", "PASS");

// Traitement d'erreur d'ouverture...

$errno = mysql_errno($mysqllink);
$error = mysql_error($mysqllink);

if($errno <> 0)
{
$errcont = 0;
print ("Lors de la connection a SQL : Error $errno : $error \n");
print ("Veuillez contacter le WEBMASTER par e-mail... \n");
}
else
{
$mysqlselect = mysql_select_db("DB", $mysqllink);

$errno = mysql_errno($mysqllink);
$error = mysql_error($mysqllink);

if ($errno <> 0)
{
$errcont = 0;
print ("Lors du select DB : Error $errno : $errot \n");
print ("Veuillez contacter le WEBMATER par e-mail... \n");
}
}

//Si pas d'erreur, continuer, sinon GOTO fin

if($errcont == 1)
{
// Compter le nombre d'element répondant au critere de selection
//
$query = "SELECT * FROM users where login_name like \"$login\"";

$mysqlresult = mysql_query($query, $mysqllink);

$nbrarg = mysql_affected_rows($mysqllink);

//Donnees de controle, a supprimer de la version definitive !

//print("QUERY : $query \n");
//print("Result : $mysqlresult \n");
//print("NBRARG : $nbrarg \n");
//print("MYSQLLINK : $mysqllink \n");
//print("MYSQLSELECT : $mysqlselect \n");

$trusteduser = "NO";

if($nbrarg == 0)
{
$trusteduser = "NO";
}
elseif($nbrarg == 1)
{
$row = mysql_fetch_array($mysqlresult);
$mysqlpswd = $row["password"];

if($mysqlpswd == $password)
{
$trusteduser = "YES";
}
else
{
$trusteduser = "NO";
}
}
else
{
print("ERROR !! \n");
print("Please Contact US !");
}

//
//*************** SI USER EST OK, CONTINUER, SINON FIN !
//

if($trusteduser == "YES")
{

//Do here what you wh-ant to do !!!!

}//$trusted user = "YES"
else
{
print("<a href=\"menu.htm\" target=\"_self\">USER UNKNOWN ! CLICK THIS LINK TO RETURN TO THE NAIM MENU !</a>\n");
}//$trusteduser= "NO"

}
mysql_close($mysqllink);
}
else
{
print("<a href=\"menu.htm\" target=\"_self\">$verifentry</a>\n");
}

print("</body>\n");
print("\n");
?>

Anon

I think what you want is to have the user enter all 3 fields that corresponds to one and only one row of the table. If there are 2 rows .. then there's problem w/ database design. (you probably allow 2 users to have the same username and/or id)

So what you need, correct me if i'm wrong, is to have this

$row = mysql_query ("SELECT * FROM user_list_tbl WHERE id=$db_id AND username=$db_username AND password=$db_password");

$number_of_matches = mysql_num_rows($row);

if ($number_of_matches == 1) // user has right info
proceed_to_secure_page();
} else { // user info is not right
proceed_to_black_list();
}

I think that's should solve your problem.