how to validate username and password in php

@bang_iti08Sep 01.2008

hi, i problem for my php codes. i already stored username and password in mysql db. now im using login page to enter username and password to check im entering correct or not. but i don`t know the coding. plz anybody send codes.byee..

to post a comment

PHP

18 Comments(s) _↴

@Sid3335Sep 01.2008 — #

1. Post your username and password somewhere

2. using the posted username, look in your db for the password (for that username)

3. if Db-Password is same as post_Password = login

@DaiWelshSep 01.2008 — #Google for something like "PHP login script", there are countless free scripts, tutorials and demos to choose from.

@bang_iti08authorSep 02.2008 — #thanks for all. i wrote code it will work. but another problem, in my db many user and passwords.(for ex: in my db have 10 records). so, i check fifth records password and username ,but my display page shows last records data only. i know using loop, but i don`t know how to use for loop. i need detail query and loop functions. i paste my codes below.

[B]PHP CODE:[/B]

<?php

$con = mysql_connect("localhost","root","");

mysql_select_db("mohamed",$con);

$username=$_POST['user'];

$password=$_POST['pass'];

//First lets get the username and password from the user

$result = mysql_query("SELECT * FROM newuser");

while($row=mysql_fetch_array($result))

{

$user=$row['USER_NAME'];

$pass=$row['PASS_WORD'];

}

$num=mysql_num_rows($result);echo $num;

for($i=1;$i<=$num; $i++){

if($username == $user && $password==$pass)

{

header("Location: display.php");

}

else if($password != $pass ||$username != $user )

{

echo("Please Enter Correct Username and Password ...");

header("Location: test.php");

}

}

?>

@themartySep 02.2008 — #you should change your query to something like this:

[code=php]"SELECT * FROM newuser WHERE USER_NAME='".mysql_real_escape_string($_POST['user'])."'";[/code]

Then, just check if the amount of rows returned is equal to 1 (make sure the username has a unique key). If it's not, the username doesn't exist. If it is you can access the database data almost directly without having to loop or anything. And then of course the next thing you do is to validate the password.

btw, i hope you removed the password from the code that you pasted and that you don't actually have a root user with a blank password.

Anyways, when you post these things on a forum, it's best to remove these lines of code...

@bang_iti08authorSep 02.2008 — #hai themarty, i changed my coding to run the pgm. i put "echo" to check how to run the query? but it will show the query and one warning msg. i paste below these:

SELECT * FROM abu WHERE USER_NAME='hjsvd'

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:wampwwwchecklogin.php on line 10

plz send detail query...

byee..

@themartySep 02.2008 — #that's impossible to say without knowing your code.

so please post the relevant code.

@bang_iti08authorSep 04.2008 — #hai. i post relevant code:

<?php

$con = mysql_connect("localhost","root","");

mysql_select_db("mohamed",$con);

//$username=$_POST['user'];

//$password=$_POST['pass'];

//First lets get the username and password from the user

//$result = mysql_query("SELECT * FROM abu");

$result= "SELECT * FROM abu WHERE USER_NAME='".mysql_real_escape_string($_POST['user'])."'";

echo $result;

$num=mysql_num_rows($result);

echo $num;

for($i=1;$i<=$num; $i++){

while($row=mysql_fetch_array($result))

{

$user=$row['USER_NAME'];

$pass=$row['PASS_WORD'];

}

}

if($username == $user && $password ==$pass)

{

header("Location: display.php");

}

else if($password!= $pass ||$username != $user )

{

echo("Please Enter Correct Username and Password ...");

header("Location: test.php");

}

?>

@themartySep 04.2008 — #you are assigning a string - the query - to the variable $result, but you never actually execute the query. mysql_num_rows() needs a pointer to the result of a query, not the query(string) itself.

http://www.php.net/mysql_num_rows

@bang_iti08authorSep 05.2008 — #thank themarty, now its work fine. ones again im tell for u thank u very much.

byee..

@MegamipNov 30.2009 — #Hi, I'm a newbie so this will sound stupid but I was wondering if you could PLEASE post your final code bang_iti08 as I am a bit desperate with my PHP database login that is not working. Please save me from going round the twist because of this annoying code. Alternately you can help me fix my code, which is below.

[code=php]$con = mysql_connect("mysql4.000webhost.com", "**I have hidden this**", "**I have hidden this**");
 if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }
 // Define username and password variables for returned post method
 $username = $_POST["username"];
 $password = $_POST["password"];
 
 
 if($username != "" || $password != "")
 {
 
 $query = mysql_query("SELECT username FROM members WHERE username = '" . $username . "' AND password = PASSWORD('" . $password . "')", $con);
 
 // Select database and log on
 mysql_select_db("a4413978_db", $con);
 
 $num = mysql_num_rows($query);
 echo $num;
 
 if($num != 0)
 {
 $result = mysql_result($query, 0);
 echo $result; 
 }
 
 $row=mysql_fetch_array($result)
 //{
 //$user=$row['username']; 
 //$pass=$row['password'];
 //}
 
 
 //if($username == $user && $password ==$pass)
 //{
 //header("Location: index.php");
 //}
 //else if($password!= $pass ||$username != $user )
 //{
 //echo("Please Enter Correct Username and Password ...");
 //header("Location: test.php");
 //}
 [/code]

@MegamipNov 30.2009 — #BTW sorry my code is so messy. I usually clean up my code after I know it works.:rolleyes:

@DaiWelshNov 30.2009 — #May not be the only thing but:

[code=php]
 $query = mysql_query("SELECT username FROM members WHERE username = '" . $username . "' AND password = PASSWORD('" . $password . "')", $con);
 
 // Select database and log on
 mysql_select_db("a4413978_db", $con);
 [/code]

you should select your database before you run your query so these lines need to be the other way around. If you check your errors after queries with mysql_errno() then your code will at least tell you about things like this e.g. (untested and post-vino)

[code=php]
 // Select database and log on
 mysql_select_db("a4413978_db", $con);
 $query = mysql_query("SELECT username FROM members WHERE username = '" . $username . "' AND password = PASSWORD('" . $password . "')", $con);
 if(mysql_errno()) {
 die('query error: '.mysql_error());
 }
 [/code]

HTH

Dai

@MegamipDec 01.2009 — #Thanks DaiWelsh!

@alifareediDec 01.2009 — #simply post ur user name and password to checklogin.php page

then

on checklogin.php page write this

$c=mysql_connect("server","username","password");

mysql_select_db("databasename",$c);

extract($_REQUEST);

$result=mysql_query("select * from table where userfeild='$user' and passwordfeild='$password'");

if(mysql_num_rows($result))

{

header("location: userpage.php");
}

else

{

header("location: invalidpage.php");

}

@svidgenDec 01.2009 — #[B]FYI:[/B] The MySQL documentation explicitly says NOT to use the PASSWORD function for storing application passwords!!! It is not necessarily compatible with any other password hash algorithms and is subject to change at any time! Crypt your passwords with a standard like [B]SHA[/B]!

@MegamipDec 01.2009 — #simply post ur user name and password to checklogin.php page

then

on checklogin.php page write this

$c=mysql_connect("server","username","password");

mysql_select_db("databasename",$c);

extract($_REQUEST);

$result=mysql_query("select * from table where userfeild='$user' and passwordfeild='$password'");

if(mysql_num_rows($result))

{

header("location: userpage.php");

}

else

{

header("location: invalidpage.php");

}[/QUOTE]
I will try it Alifareedi.

FYI: The MySQL documentation explicitly says NOT to use the PASSWORD function for storing application passwords!!! It is not necessarily compatible with any other password hash algorithms and is subject to change at any time! Crypt your passwords with a standard like SHA![/QUOTE]
Ok svigden.

@MegamipDec 02.2009 — #By the way I now have the code working so thank you sincerely to everyone that helped me. :p:p:p:p

@KPKRFeb 17.2012 — #hi, i problem for my php codes. i already stored username and password in mysql db. now im using login page to enter username and password to check im entering correct or not. but i don`t know the coding. plz anybody send codes.byee..[/QUOTE]

U write the foll php content in the page that transefers u to when u click on the submit button after entering the uname&&Pwrd...

<?php

$uname=$_POST['user_name']; //the name u entered in the usename textbox

$pwd=$_POST['pwrd']; //the pwrd u entered in the usename textbox

if($uname && $pwd)

{

$con=mysql_connect("localhost","root","password");

if(!$con)

echo "Connection Error:".mysql_error();

else

{mysql_select_db("db1",$con);

$query="SELECT * FROM login WHERE username='$uname' AND password='$pwd'";

$result=mysql_query($query,$con);

if(mysql_num_rows($result))

echo "Wecome....<h3>".$uname."</h3>";

else

echo "Wrong username or password";

}

}

else

echo "Enter Username & Password";

?>

login-table name

db1-databasename

Also in #PHP _↴

stripping out @ from a string ?contact form not showing email-addresses database connection question

Success!

Help @bang_iti08 spread the word by sharing this article on Twitter...

Tweet This

how to validate username and password in php

18 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

how to validate username and password in php

18 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

18 Comments(s) _↴

Also in #PHP _↴