Solved

Code help

Posted on 2007-11-30
17
180 Views
Last Modified: 2013-12-12
I am using the code below.
It checks for the initial log in and if the passdef matches the one in the data base then it checks for the username and password in the database and if that matches then it gives the access. For some reason it checks the passdef( the initial check) just fine however when it checks the other part, it doesn't allow the access? why
Thanks
<?PHP
 
require_once('info.php');
 
$_POST['user'] = $_POST['user'];
 
$_POST['passdef']= $_POST['passdef'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 
$num = mysql_result($result,0);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='passdef'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} 
else
{
$_POST['pass'] = $_POST['pass'];
$_POST['user'] = $_POST['user'];
$_POST['conpass']= $_POST['conpass'];
$result2 = mysql_query("SELECT count(id) FROM users WHERE user='" . $_POST['user']. "' AND pass='".$_POST['pass']."'") or die("Couldn't query the user-database.");
$num2 = mysql_result($result2,0);
 
if (!$num2) {
 
echo"Please change your password";
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm PasswordPassword : <input type='password' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
}
echo"you got in";
}
?>

Open in new window

0
Comment
Question by:syedasimmeesaq
  • 8
  • 8
17 Comments
 
LVL 17

Expert Comment

by:nplib
ID: 20383937
define "Doesn't allow access"
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20383992
it just would let the user login
0
 
LVL 20

Expert Comment

by:Muhammad Wasif
ID: 20384060
Such statements do not make any sense, you are assigning the value to the same variable again...
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];

Do you want to users to provide passdef or username and password? Use mysql_num_rows() (www.php.net/mysql_num_rows) to know if your sql query returned any records

$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
if ($num==0)
...
...
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384393
how about this

This is working fine but doesn't insert the values
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass'])
{
		$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']}','{$_POST['newpass']}')";
		$resultinsert = mysql_query($insertquery);
        
        }
		else {
		echo " your password didn't match";
		
}
 
 }
}
?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384486
Above code works but it put values in different rows
Thanks
0
 
LVL 20

Expert Comment

by:Muhammad Wasif
ID: 20384495
>>but doesn't insert the values
Because you do not have the value for user. Print the insert query and you will see there is no value for user.
0
 
LVL 20

Expert Comment

by:Muhammad Wasif
ID: 20384507
User provide $_POST['user'] in different form and $_POST['newpass'] in different.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384599
you are right . how can I fix that
0
 
LVL 20

Expert Comment

by:Muhammad Wasif
ID: 20384630
I just noticed that you hare asking the same question in 2 different threads...

If you want to allow user to update the password, then provide new password fields in the same form in which you are asking username and password.

And if you are trying to create a member area type thing, then sessions will be of your inetrest http://www.php.net/session.
0
 
LVL 20

Expert Comment

by:Muhammad Wasif
ID: 20384637
Continued...
And on successful match, update the password.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384702
Thank you for your response. I asked initially a different question but then as I was working with them, it turned it same question. My sincere apologies.

Now I looked into session before but I couldn't use it due to certain things

Is there anyway around so it will insert the username in the same as it is inserting the password in.

Thanks
0
 
LVL 20

Accepted Solution

by:
Muhammad Wasif earned 500 total points
ID: 20384880
You need an UPDATE statement not INSERT to change the password. http://dev.mysql.com/doc/mysql/en/UPDATE.html
Formatted code solves a lot of problems so always well format your code :-)
<?PHP
require_once('info.php');
 
if(isset($_POST['submit']))
{
	$user = mysql_real_escape_string($_POST['user']);
	$pass = mysql_real_escape_string($_POST['pass']);
	
	$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
	
	$rs = mysql_fetch_array($result);
	if($rs["user"]==$user && $rs["pass"]==$pass) 
	{
		echo "You entered a correct username & password<br>";
		if($_POST['newpass'] == $_POST['confirmpass'])
		{
			$newpass = mysql_real_escape_string($_POST['newpass']);
			
			$insertquery = "UPDATE user SET 
							pass = '$newpass'
							WHERE user='$user'";
			$resultinsert = mysql_query($insertquery);
			echo "Your password updated succesfully";
		}
		else
		{
			echo " your new password and confirm password didn't match.<br> Please provide the details again!";
		}
	}
}
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
<br><br>
<input type='submit' size='10' name='submit' value='Login'>
</form></center></h4>"; 
?>

Open in new window

0
 
LVL 20

Expert Comment

by:Muhammad Wasif
ID: 20384945
Its too late here, will see your reply tomorrow..ohhh.. later in the day ;-)
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384952
wasifg thanks for the code ..a small proble,. It should only ask the user to update a new password if and only if the user provides a default password
thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384956
ok thats fine. you have a good night. See you tomorrow
thanks
0
 
LVL 20

Expert Comment

by:Muhammad Wasif
ID: 20384973
What do you mean by default password?
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385090
There is a default password 777, the user has to enter that in order for being able to enter the change the password.

Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
paypal ipn to mysql 3 36
google map tracking website 5 24
Dynamic varibles 5 32
website maintenance mode 1 17
This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question