Hey people, Im new to PHP and MySQL and have bumped into a little problem trying to get my username and password verified. Most of the script is functional for example not granting access if the both/one of the login fields are empty.
But, it actually seems to allow the user to login if they have entered text into both the username and password fields regardless of whether these (username/password) are stored in the corresponding login database.
Here is the main script:
[code=php]
<html>
<body>
<form action=”index3.php?login=yes” method=”POST”>
Username:<input type=”text” name=”user”><br />
Password:<input type=”password” name=”pass”><br/>
<input type=”submit” name=”login” value=”login” ><p>
</form>
<?php
$user=$_POST[‘user’];
$pass=$_POST[‘pass’];
$login=$_POST[‘login’];
function denied()
{
echo ‘<h3><span style= “color:red”> Access Denied!!! </span></h3><br><br>’;
}
function granted ($user) //function with username parameter retrieved
{
echo ‘<h3><span style= “color:green”> Access Granted!!! </span></h3>’;
echo ‘Welcome, ‘ . $user;
}
if($login==’login’)
{
$con= include_once “mysql_connect.php”;
$query = “SELECT id FROM login WHERE user=’$user’ AND pass=’$pass’ “;
echo $query;
$result = mysql_query($query) or die (“ERROR IN SQL STATEMENT: “.mysql_error());
$row = mysql_fetch_assoc($result);
if (empty($user) || empty($pass))
{
denied();
die(“<br>Please fill out user login fields carefully….<br>”);
}
if ($result!=1)
{
granted($user);
}
else
{
denied ();
}
}
?>
</body>
</html>
And the following is external scripting associated with the the above:
[code=php]
<?php
$db_host = “localhost”;
$db_username = “rossbryan”;
$db_pass = “security”;
$db_name = “login”;
@mysql_connect(“$db_host”, “$db_username”, “$db_pass”) or die (“Could not connect to MySQL”);
@mysql_select_db(“$db_name”) or die (“No $db_name Database “);
?>
Any ideas of what the problem is and how i could possibly resolve this issue?
For some reason i believe it could be something to do with the password not being verified correctly once retrieved from the database, maybe in the $return variable but im not entirely sure, just a guess. Even if it is that i wouldn’t know another way of going about fixing it.