Member Avatar for MDGM

Hi all,

I have just put together a simple log in script from various tutorials on the web and at the moment it is only checking the username entered by the user against what is in my database.
I cant find any infromation about any kind of AND function or any other check the password as well as the username so thats what i need help with

here is what i have already:

<?php
// Connects to your Database
mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());;

$uname = $_POST['uname'];
$pword = $_POST['pword'];
//gets username and password from uname and pword fields on previous page

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname'");

if($row = mysql_fetch_array($result))
  {
  setcookie("loggedin", "$uname", time()+3600);
  echo "logged in as: ";
  echo $row['uname'];
  echo "<br />and cookie written.";
  echo "<br />";
  echo 'click <a href="cookie.php">here</a> to view cookie information.<br/><a href="login.php">Back to login page.</a>';
  }
else
{
echo "wrong login information";
}
?>

Thanks guyyys :D

Max

  • 5 Contributors
  • 10 Replies
  • 118 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by nav33n
Member Avatar for somedude3488

make sure sanatize your inputs to protect against sql injection.

as for the login, just change your query to:

SELECT * FROM logins WHERE uname='$uname' AND password='$pword'

also, a better way to do a login script is to see the number of results returned from the query.

ex.

//run query here
if (mysql_num_rows($result) == 1) {
  //then log the person in
}
else {
  //they have invalid credentials
}
Member Avatar for ryan_vietnow

you can change your query like this to validate a username with its password.

(let us say pword is your password table in db...)

replace this:

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname'");

with something like this:

$result = mysql_query("SELECT * FROM logins WHERE uname='$uname' and pword='$pword'");
Member Avatar for ryan_vietnow

Ahh! keith is faster than me;) :D

Member Avatar for MDGM

ha xD Thanks guys :) i swear i tried that :P

oh wells thanks for the help guys. and ill def. include the protection against mysql injection

now just to find out what it actually is..... :P

Thanks again.

Member Avatar for Spaiz

May I ask related question in here?
I was just reading around, found this thread and remembered that I always wanted to know if it's possible to query database only once, at first visit, to confirm login/pwd is correct.

Basicaly, is there a way to let user browse protected area without checking the database on every page view? (saving id in cookies is not a way :) )

Member Avatar for somedude3488

yes, use sessions.

Member Avatar for Spaiz

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

Member Avatar for nav33n

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

I don't think so..

Member Avatar for ryan_vietnow

Well, yes, sessions, but is there way to save user identification for long time? (except session in database/files/cookies)

Maybe some new clever way? I know the ordinary one's.

Try to store the ipaddress of the user and date into a new table then have a timeline for how many days/months etc. on how the id will be saved in that ipadd by subtracting current date from the stored date login...Just my idea...

Member Avatar for nav33n

Yes I do have one. Please pm to get the bulk coupon.
Anybody interested in buying itechbids v7.0 @ 10% discount? Please use
my reseller coupon: RES3215.

I wonder why the mods haven't banned you yet.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.