TABLES/ROWS - Passwords - PHPBuilder Forums

TABLES/ROWS - Passwords

kinjokids

I have a table called users. id, name, password

I want to make a form that has two TEXT boxes.
1.Name: (TEXT BOX)
2.Password: (TEXT BOX)
3. ENTER SITE (SUBMIT BUTTON)

and i want for it to be able to go into the database
and look for the name and password. and if its in there(so far have 3 names and passwords) GOTO a different page if not make it $PHP_SELF and say wrong user name and/or password.
I already know how to connect to a database, i just cant get the form to work the way i want it.

, there must be an easyer way
HERE IS WHAT I GOT ::

<?php

$db = mysql_connect("localhost", "mydb", "pass123");

mysql_select_db("mydb",$db);

if ($submit) {

if ($id) {

// query the DB

$sql = "SELECT * FROM users WHERE id=$id";

$result = mysql_query($sql);

$myrow = mysql_fetch_array($result);

print("<meta http-equiv=\"REFRESH\" content=\"5;

URL=http://www.website.com/logincorrect.php\">");
print("Thank You $name");

} else {

print("wrong username and/or password");

}

Name:<input type="Text" value="<?php echo $myrow["name"] ?>"><br>

Password:<input type="Text" value="<?php echo $myrow["password"] ?>"><br>

</form>

<?php

}

james2871

How about something like this:

<?PHP
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header( "Location: http://www.yourdomain/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($loginName) || empty($loginPass)) {
header( "Location: http://www.yourdomain.com/login.htm" );
}
else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($POST['username']);
$pass = md5($POST['password']);

//set the database connection variables

$dbHost = "localhost";
$dbUser = "yourUsername";
$dbPass = "YourPassword";
$dbDatabase = "yourDB";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

//start the session and register a variable

session_start();
session_register('username');

//successful login code will go here...
echo 'Success!';

//we will redirect the user to another page where we will make sure they're logged in
header( "Location: checkLogin.php" );

}

}
else {

//if nothing is returned by the query, unsuccessful login code goes here...

echo 'Incorrect login name or password. Please try again.';
}
}
?>

How to use the session:

checkLogin.php:

<?php

//start the session
session_start();

//check to make sure the session variable is registered
if(session_is_registered('username')){

//the session variable is registered, the user is allowed to see anything that follows

echo 'Welcome, you are still logged in.';

}
else{

//the session variable isn't registered, send them back to the login page
header( "Location: http://www.yourdomain.com/login.htm" );
}

Just replace all the generic variables with your own.

Hope this helps

cmccomas

James I tried this, but I for some reason couldn't add the password on the INSERT command in the database. At least not with md5.

Can you post how to do it here?

laserlight

There's no need for the while loop after using mysql_num_rows() since you should only have 1 username/password combination that matches.

As for the password, using an md5 hash you will need a VARCHAR(32) column.

cmccomas

So, I should delete this:

while($row = mysql_fetch_array($result)){

From the code above?

cmccomas

Setup the database, like was mentioned in the .doc file I downloaded. Then went to insert, but got this:

SQL-query :

INSERT INTO users (user_id,username,password) VALUES (1,'cmccomas',md5(‘xxxxxx’))

MySQL said:

Unknown column 'cmccomas' in 'field list'