login script with mysql

alisam

hi,

i would like to write a login script which is based on php and mysql. I've tried to code it by myself, but all i did it did not want to work the way i want it to. so i am trying to find help here again.

I want a form where i can type in a username and a password. (no prob). But then i need a script which looks in my db if there is a username which is the same as the entered username. if not it says "wrong username". If the password is not correct for the user it says "password wrong".

If both things are right it says "login successful".

It should not be very hard, but i have just startet coding in php, so it is very hard for me as a newbie.

Would be glad if someone could help me

thanls in advance

ali

kid_c

First, a suggestion: do not specify if the password is wrong, or login is wrong. This allows hackers and such to know that that user exists on your system. I pefer saying "Invalid username/password combination".

here is a very simple script, although it could be expanded on and optimized to the point that if they've entered too short a username or password, it will give them the error without needing to perform the query (thus saving DB load)...

<?php

$sock = mysql_connect("host",user,pass);

$message = "Enter your username & password";
$error_message = "Invalid username/password combination";

if ($login) {
if ($username=="" || $password=="")
$message = $error_message;
else {
$query = "SELECT password FROM users WHERE username='$username'";
$res = mysql_db_query("database",$query,$sock);
$num = mysql_numrows($res);
if ($num==0)
$message = $error_message;
else {
$row = mysql_fetch_row($res);
if ($row[0]=='$password') {
$message = "Login successful.";
$success=1;
}
else
$message = $error_message;
}
}
mysql_close($sock);
}

if ($success)
echo $message;
else {
echo $message;
//echo your form here....
}

and that should be it...

you'll notice instead of selecting where username='' AND password='' in my query, which would have saved some of the coding, i chose to select out the password and compare it in php instead. this is because comparing in the db versus comparing in php, php is a lot faster. for this case the difference might not be noticeable, but in future applications it might be =)

--
Keith Bussey
kbussey@wisol.com
Programmer - WISOL.com
(514) 398-9994 ext. 225

alisam

thanks for your help, but i tried after your help to code "myown" script and i ended up like this:

if ($login == "ok")
{

$verbindung = mysql_connect("mysql.xxxx.xx", "xxxx", "xxxx);
$sql = "SELECT Name, Passwort FROM Members";
$dbResult = mysql_db_query('edesignz', $sql);
while ($row = mysql_fetch_row($dbResult))
{

if ($row[0] == $user && $row[1] == $pass)
{

$a = $a + 10 ;
}else{

$a = 0 ;

}

If ($a == 0 || $a < 10) {

echo "wrong";
}else {

echo "right";

}
}
?>

But it says always wrong, no matter if the username and password is correct or not..

Please tell me my mistake(s)

regards ali

PS: the first filed on my table is Name (username) and the second one is the password field.

alisam

thanks a lot ... but i already fixed it ...

regards ali