Username --- Should be simple!

robfog

Okay this should be simple but I've been working on it and it has only proved that I am the one that is simple.

Anyway the code below works fine when I tell a user that the username is being used but how do I change it so if someone tries to login I can tell them that the username does not exist?

<?
$link = @mysql_connect("$DBHost","$DBUser","$DBPass");
mysql_select_db("$DBName", $link);
$result = mysql_query("SELECT Username FROM User", $link);
for ($x= 0; $x < mysql_num_rows($resultID2); $x++) {
$row = mysql_fetch_assoc($result);
if ($Username == $row[Username]) {
print " <center>Sorry, that username $user does not exist. </center>\n";
die;
}
}

trexx

err... you REALLY should use the PHP tag when you post code. it's a bit more readable than your all-on-one-line-code-view :rolleyes:

Daveyz1983

when the user login with the username and password via a form

All you have to do is to do post it to a form that process it.

example.php

<?
$username = $POST['username'];
$password = $POST['password'];

//check whether username and password matches/exists
$query = mysql_query("select * from databasename where username='$username' and password = password('$password')");

if (!query) {
echo "Unable to perform query";
} elseif (mysql_num_rows($query) <= 0) {
echo "Your username and password do not match or exists.";
} else {
LOGIN();
}

Its recommended that you only report the error as "Username do not exist or your password do not match" instead of specifying "Your username do not exist." and "Password incorrect" due to security issues.

robfog

It's not actually being used as a login. What I am doing is having a database searched to see whether or not the user name exist.

I need to make sure people don't enter a user name which does not exist in order to keep files in order.

stevesweetland

instead of

DOFILERELATEDACTION()

robfog

I keep getting error messages using what everyone has kindly provided.

Could anyone possibly modify the original piece of script I provided. It doesn't conflict with the rest of the script on the page it's on.

Weedpacket

$Username = $_POST['username'];
$Username = str_replace("'", "", $Username); // Example security check

$link = @mysql_connect($DBHost, $DBUser, $DBPass);
mysql_select_db($DBName, $link);
$query = "SELECT count(Username) FROM User WHERE username='$Username'";
$result = mysql_query($query, $link);
$row = mysql_fetch_row($result);
if ($row[0] == 0) {
print "<br><br><center><font color=green><b>Sorry, that username </font><font color=red>$Username</font><font color=green> does not exist.</b></font><br><br></center>\n";
die;
}
}

robfog

Thank you that worked fine.