Login Function That compares The Username And Password From The Database

Arsenal_Rule

Hey I created this code for a login function

<?
	$uname = isset($_POST['uname'])?($_POST['uname']): "";
	$pass = isset($_POST['pass'])?($_POST['pass']): "";
	if (isset($_POST['checklog']) == true):
		$validate = 0;
		if ($uname == 'test')  {$validate++; }
		if ($pass == 'test') {$validate++; }
		if ($validate == 2) 
		{
			session_start();
			$_SESSION['_suname'] = $uname;
			$_SESSION['_spass'] = $pass;
			 header("Location: mainmenu.php?" .SID); }
		else { print "<I> Password or username error </I>"; }
	endif;
?>
<HTML><HEAD><TITLE> Temp Logon page </TITLE></HEAD>
<BODY>
<H2> Logon Here: </H2><BR>
<FORM name='templogon' method='POST'  action='templogon.php'>
Username: <INPUT type='text' name='uname'><BR>
Password:  <INPUT type='password' name='pass'><BR>
<INPUT TYPE='submit' name='checklog' value='submit'>
</FORM></BODY></HTML>

This code uses the login features and compares the username and passwords that is set with in the code.
What I would like to know is how I can convert this code into a login code that will be able to compare the fields "passwords" and "username" from a password table "azizpassword".

And when it doesn't match what is typed in it will bring out an error message but if it does match it will go to and open the file mainmenu.php.

Basically I just want to know how I can convert the code given above to what I need and explain.

I really hope someone can help me coz I hae been trying different ways but none of them have worked and because of me being a beginner at PHP I find it very difficult to solve this problem I hope someone can help me with this

Thank You For Your Time

Take Care

bpat1434

It depends on the database type you're using. You use different connection measures, but basically the same idea:

-- Connect to database
-- Grab info from row that user is on
-- Compare db info and input info
-- Redirect accordingly

Now, here's how it's done with mySQL:

<?php
$uname = isset($_POST['uname'])?($_POST['uname']): "";
$pass = isset($_POST['pass'])?($_POST['pass']): "";
if (isset($_POST['checklog']) == true)
{
	$conn = mysql_connect('localhost', 'DBusername', 'DBpassword');
	mysql_select_db('database_name', $conn);

$query = "SELECT * FROM `table_name` WHERE username = $uname LIMIT 1";
$result = @mysql_query($query);
if(!$result)
{
	print "<I> Username Error!! </I>";
}
else {
	$row = mysql_fetch_array($result);
	if($pass != $row['password']) {
		print "<I> Username Error!! </I>";
	}
	else { 
		session_start();
		$_SESSION['_suname'] = $uname;
		$_SESSION['_spass'] = $pass;
		header("Location: mainmenu.php?" .SID);
	}
}
}
?>
<HTML><HEAD><TITLE> Temp Logon page </TITLE></HEAD>
<BODY>
<H2> Logon Here: </H2><BR>
<FORM name='templogon' method='POST'  action='templogon.php'>
Username: <INPUT type='text' name='uname'><BR>
Password:  <INPUT type='password' name='pass'><BR>
<INPUT TYPE='submit' name='checklog' value='submit'>
</FORM></BODY></HTML>

You will have to fill in your own values in certain places, like the connection settings, and the query, but that's a starting point.

~Brett

Arsenal_Rule

Thank you for your reply mate really appreciate it I'm using a mysql database so I will try your code that you have shown me to try to create alogin file thankyou very much again mate for your help mate I really appreciate it mate Thanx Again

Take Care Mate

Ravenous

All you need to do is check to see if there is a row in your table that matches your username/password pair.

$q = "SELECT * FROM users WHERE username='$username' AND password='$password'";
if(mysql_num_rows(mysql_query($q)) > 0)
{
     //log this user in
}

One benefit of doing it in this manner versus the suggestion above is that you don't necessarily want to tell users what was wrong with their username/password. Just tell them that their username/password was incorrect.. not which was the problem. That helps narrow the problem down for anyone trying to gain access when they shouldn't. Even better would be to simply not tell them anything at all and just return them to the login prompt. Only return the necessary information when trying to implement security. In this case, it is not vital that they be told explicitly that their username/password was incorrect. They'll be able to sort that out on their own. Either that or they'll think the scripts are broken. This second possibility is just another thing to confuse hackers with.