simple login issue

jmatthew2k

By Error, My website only requires the username to be entered in able to pull up user information instead of both username and password. This should be a simple fix, please help. Here is the code:

<!--Login Form-->

<table width="300" border="0" align="left" cellpadding="0" cellspacing="1" bgcolor="#000000"">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#000000">
<tr>
<td colspan="3"><FONT Face="Arial Black"> <FONT Size="2"><FONT Color="#808080"> Check Status</td>
</tr>
<tr>
<td width="78"><FONT Face="Arial Black"> <FONT Size="2"> Email</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td><FONT Face="Arial Black"> <FONT Size="2">Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

  </form>
</div>

<!--Check Login Page-->

<?php

$host = "******blocked for forum*******";
$username = "*****blocked for forum*****";
$password = "****blocked for forum******";
$db_name = "****blocked for forum****";
$tbl_name = "****blocked for forum***";

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword 
@session_register("myusername");
@session_register("mypassword"); 

}
else 
{
echo "Wrong Username or Password";
}
?>


<?php
$query =  mysql_query("SELECT * FROM Users WHERE username ='$myusername'") or die("Error:" . mysql_error());
$rlt = mysql_fetch_array($query);
$count = mysql_num_rows($query);
if($count == 1){
         session_register("myusername");
         $_SESSION['USERID'] = $rlt['id'];

}else
{
   echo "Invalid USer.....";
}

$qry = mysql_query("SELECT * FROM Users WHERE id = '".$_SESSION['USERID']."'")or die("ERROR:" . mysql_error());
$rst = mysql_fetch_array($qry);


mysql_close();
?>







<?php




$f1=mysql_result($query,0,"Production Status");
$f2=mysql_result($query,0,"Additional Info");
$f3=mysql_result($query,0,"Script");
$f4=mysql_result($query,0,"business");
$f5=mysql_result($query,0,"username");
$f6=mysql_result($query,0,"phone");
$f7=mysql_result($query,0,"agency");
$f8=mysql_result($query,0,"history");
?>

MOD EDIT: [noparse]

..

[/noparse] bbcode tags added; please use these in the future when posting PHP code.

bradgrafelman

What's with the three separate queries to look up the user info? Get rid of the second and third queries and you should be fine.

jmatthew2k

bradgrafelman;10984377 wrote:
What's with the three separate queries to look up the user info? Get rid of the second and third queries and you should be fine.

Problem solved, thanx Brad...Also I would like to display my echo "invalid user name and password" in white letters instead of black...here's what I have

}else
{
echo "Invalid Username or Password";
}