username and password verification

@ravi951Aug 17.2011

hi all,
my database name is “test”.in the “test” database
i have created a table name called “log” which has two fields
namely username and password.
i have given username as “admin” and password as “admin123”.
now i have written one code using php so that when i click the submit button both the username as “admin” and password as “admin123” gets matched then it should direct to the next page…
tell me how to check whether username and passwords are matching and if it matches it must point to the action part what we give in <form method=”POST” action=”www.php”>
kindly tell me what i must add to the below program…..
below is the code in php……

[code] <?php $host=”localhost”; $username=”root”; $password=””; $db_name=”test”; $tbl_name=”log”;

mysql_connect(“$host”, “$username”, “$password”)or die(“cannot connect”); mysql_select_db(“$db_name”)or die(“cannot select DB”);

$myusername=$_POST[‘myusername’]; $mypassword=$_POST[‘mypassword’];

$myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword);

$sql=”SELECT * FROM $tbl_name WHERE username=’$myusername’ and password=’$mypassword'”; $result=mysql_query($sql);

// Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Register $myusername, $mypassword and redirect to file “login_success.php” session_register(“myusername”); session_register(“mypassword”); header(“location:www.php”); } else { echo “Wrong Username or Password”; } ?> [/code]

to post a comment

PHP

6 Comments(s) _↴

@dangerousprinceAug 17.2011 — #I made this a while ago for an eLearning website, take a look through, might help.

If you want anything explaining, let me know.

Also, this script uses a salt password, if you don't know what that is, Google it.

[code=html]<?php
 session_start();
 require("include/connect.php");
 if($_SESSION['li']===true):
 $id = $_SESSION['id'];
 $get_level = mysql_query("SELECT level FROM prescrip_default.users WHERE id='$id'") or die("Error: " . mysql_error());
 while($fetch_level = mysql_fetch_array($get_level)):
 list($le) = $fetch_level;
 endwhile;
 if($le==3):
 header("location:admin.php");
 exit;
 elseif($le==2):
 header("location:company.php");
 exit;
 elseif($le==1):
 header("location:home.php");
 exit;
 endif;
 endif;
 if(isset($_POST['email'])):
 $email = $_POST['email'];
 $pass = $_POST['pass'];
 $check = mysql_query("SELECT DISTINCT id,pass,level FROM prescrip_default.users WHERE email='$email' OR user='$email'") or die("Error: " . mysql_error());
 while($find = mysql_fetch_array($check)) {
 list($id,$output,$le) = $find;
 }
 list($password,$salt) = explode(":", $output);
 $hashed = md5($pass . $salt);
 $input = $hashed . ':' . $salt;
 if($input==$output):
 $_SESSION['id'] = $id;
 $_SESSION['li'] = true;
 $get_vi = mysql_query("SELECT last_visit FROM prescrip_default.users WHERE id='$id'") or die("Error: " . mysql_error());
 while($fetch_vi = mysql_fetch_array($get_vi)):
 list($lv) = $fetch_vi;
 if($lv=="0000-00-00 00:00:00"):
 $_SESSION['vi'] = true;
 else: 
 $_SESSION['vi'] = false;
 endif;
 endwhile;
 $ip = $_SERVER['REMOTE_ADDR'];
 mysql_query("UPDATE prescrip_default.users SET last_ip='$ip',last_visit=NOW() WHERE id='$id';") or die("Error: " . mysql_error());
 if(empty($_POST['l'])):
 if($le==3):
 header("location:admin.php");
 exit;
 elseif($le==2):
 header("location:company.php");
 exit;
 elseif($le==1):
 header("location:home.php");
 exit;
 endif;
 header("location:login.php?e=3");
 exit;
 else:
 header("location:".$_POST['l']);
 exit;
 endif;
 endif;
 header("location:login.php?e=1");
 exit;
 endif;
 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <? include("include/meta.php"); ?>
 <title>Untitled Document</title>
 <link type="text/css" rel="stylesheet" href="css/style.css" />
 <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
 <script type="text/javascript" src="js/focus.js"></script>
 <? if(isset($_GET['e'])): ?><script type="text/javascript" src="js/msg.js"></script><? endif; ?>
 </head>
 
 <body>
 <div id="wrapper">
 <? include("include/header.php"); ?>
 <div id="nav">
 <? include("include/menu.php"); ?>
 </div>
 <div id="frame">
 <h2>Login to your account</h2>
 <p>Login to access free downloads and the assessments section of this website.&nbsp; If you do not have a login, you will need a workbook code and an account which you can create <a href="register.php">here</a>.</p>
 <? if(isset($_GET['e'])): ?>
 <div class="error"<? if($_GET['e']==7): echo " style="background-color:#0c0; border-top:1px #090 solid; border-bottom:1px #090 solid;""; endif; ?>><?
 switch($_GET['e']):
 case 0:
 echo "An unexpected error occoured.&nbsp; Please contact the administrator quoting the URL and this message: " . $_GET['n'];
 break;
 case 1:
 echo "Your credentials were incorrect.&nbsp; Please try again.";
 break;
 case 2:
 echo "Your passwords did not match.";
 break;
 case 3:
 echo "You have been banned from logging into this website.&nbsp; Please contact your administrator.";
 break;
 case 7:
 echo "You have successfully logged out.&nbsp; We hope to see you again soon.";
 break;
 endswitch;
 ?></div>
 <? endif; ?>
 <div class="inputs">
 <ul>
 <li>Email or username</li>
 <li>Password</li>
 </ul>
 <ul>
 <form action="" method="post">
 <input type="hidden" name="l" value="<?=$_GET['l'];?>" />
 <li><input type="text" name="email" /></li>
 <li><input type="password" name="pass" /> <input type="submit" class="button" value="Login &raquo;" /></li>
 </form>
 </ul>
 <div class="clear"></div>
 </div>
 <p>Forgotten your password?&nbsp; <a href="reset.php">Click here &raquo;</a></p>
 </div>
 <div class="clear"></div>
 <div id="footer">
 <? include("include/footer.php"); ?>
 </div>
 </div>
 </body>
 </html>
 [/code]

@ravi951authorAug 17.2011 — #i have written the simple code in php.

i have given username as 'admin' and password as 'admin123'.

it is displaying publicly.

instead of that i want to take username and password from the database..

thats it...

kindly tell me how to modify this......

[CODE]
 <?php
 session_start();
 mysql_connect("localhost","root","");
 mysql_select_db("test");
 if(isset($_POST['sub']))
 {
 $uname=$_POST['txtuname'];
 $pwd=$_POST['txtpwd'];
 if($uname=='admin' and $pwd=='admin123')
 {
 $_session['si']=session_id();
 echo
 "<script> location='welcome.php'</script>";
 }
 else
 echo "invalid";
 }
 ?>
 <form method="post" action="">
 Username:<input type='text' name='txtuname'>
 <br>
 Password:<input type='password' name='txtpwd'>
 <br>
 <input type='submit' value='login' name='sub'>
 </form>
 [/CODE]

@dangerousprinceAug 17.2011 — #

[code=html]
 $check = mysql_query("SELECT DISTINCT id,pass FROM users WHERE user='$user'") or die("Error: " . mysql_error());
 while($find = mysql_fetch_array($check)) {
 list($id,$output) = $find;
 }
 if($txt_pwd==$output) { //do stuff
 }[/code]

@ravi951authorAug 17.2011 — #is it correct the modified code...

i have given username as "admin" and password as "admin123". as in my

database.

but it is displaying the message "invalid".

tell me what went wrong....

below is the code......

[CODE]
 <?php
 session_start();
 mysql_connect("localhost","root","");
 mysql_select_db("test");
 if(isset($_POST['sub']))
 {
 $username=$_POST['txtuname'];
 $passwowd=$_POST['txtpwd'];
 $check=mysql_query("SELECT DISTINCT username,password FROM log WHERE username='$username'") or die("Error: " . mysql_error());
 while($find = mysql_fetch_array($check)) 
 {
 list($id,$output) = $find;
 }
 if($txt_pwd==$output) 
 { 
 //do stuff
 $_session['si']=session_id();
 echo
 "<script> location='welcome.php'</script>";
 }
 else
 echo "invalid";
 }
 ?>
 <form method="post" action="">
 Username:<input type='text' name='txtuname'>
 <br>
 Password:<input type='password' name='txtpwd'>
 <br>
 <input type='submit' value='login' name='sub'
 </form>
 [/CODE]

@dangerousprinceAug 17.2011 — #If it says invalid then it's saying that it's not picking up the $_POST['sub'] variable - try changing your input code as it looks terrible:

[code=html]
 <form method="post" action="">
 Username:<input type="text" name="txtuname" />
 <br />
 Password:<input type="password" name="txtpwd" />
 <br />
 <input type="submit" value="login" name="sub" />
 </form>
 [/code]

@ravi951authorAug 17.2011 — #i have changed as u told.but also displaying the message :invalid".

kindly tell me what is $output you used and for what purpose.....

[CODE]
 <?php
 session_start();
 mysql_connect("localhost","root","");
 mysql_select_db("test");
 if(isset($_POST['sub']))
 {
 $username=$_POST['username'];
 $password=$_POST['password'];
 $check=mysql_query("SELECT DISTINCT username,password FROM log WHERE username='$username'") or die("Error: " . mysql_error());
 while($find = mysql_fetch_array($check)) 
 {
 list($username,$output) = $find;
 }
 if($txt_pwd==$output) 
 { 
 //do stuff
 $_session['si']=session_id();
 echo
 "<script> location='welcome.php'</script>";
 }
 else
 echo "invalid";
 }
 ?>
 <form method="post" action="">
 Username:<input type="text" name="username" />
 <br/>
 Password:<input type="password" name="password" />
 <br/>
 <input type="submit" value="login" name="sub" />
 </form>
 [/CODE]

Also in #PHP _↴

[RESOLVED] Passing Variables . . .practical oo php How to make online kundali using php?

Success!

Help @ravi951 spread the word by sharing this article on Twitter...

Tweet This

username and password verification

6 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

username and password verification

6 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

6 Comments(s) _↴

Also in #PHP _↴