syedasimmeesaq
asked on
Code help
I am using the code below.
It checks for the initial log in and if the passdef matches the one in the data base then it checks for the username and password in the database and if that matches then it gives the access. For some reason it checks the passdef( the initial check) just fine however when it checks the other part, it doesn't allow the access? why
Thanks
It checks for the initial log in and if the passdef matches the one in the data base then it checks for the username and password in the database and if that matches then it gives the access. For some reason it checks the passdef( the initial check) just fine however when it checks the other part, it doesn't allow the access? why
Thanks
<?PHP
require_once('info.php');
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
$num = mysql_result($result,0);
if (!$num) {
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='passdef'><br>
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
}
else
{
$_POST['pass'] = $_POST['pass'];
$_POST['user'] = $_POST['user'];
$_POST['conpass']= $_POST['conpass'];
$result2 = mysql_query("SELECT count(id) FROM users WHERE user='" . $_POST['user']. "' AND pass='".$_POST['pass']."'") or die("Couldn't query the user-database.");
$num2 = mysql_result($result2,0);
if (!$num2) {
echo"Please change your password";
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm PasswordPassword : <input type='password' name='conpass'><br>
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
}
echo"you got in";
}
?>
define "Doesn't allow access"
ASKER
it just would let the user login
Such statements do not make any sense, you are assigning the value to the same variable again...
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
Do you want to users to provide passdef or username and password? Use mysql_num_rows() (www.php.net/mysql_num_rows) to know if your sql query returned any records
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
$num = mysql_num_rows($result);
if ($num==0)
...
...
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
Do you want to users to provide passdef or username and password? Use mysql_num_rows() (www.php.net/mysql_num_rows) to know if your sql query returned any records
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
$num = mysql_num_rows($result);
if ($num==0)
...
...
ASKER
how about this
This is working fine but doesn't insert the values
This is working fine but doesn't insert the values
<?PHP
require_once('info.php');
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "' OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
$num = mysql_num_rows($result);
if (!$num) {
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
}else {
list($dbuser,$dbpass) = mysql_fetch_row($result);
if($dbuser==$user && $dbpass==$pass) {
echo "You entered a username & password";
}else{
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
if($_POST['newpass'] == $_POST['confirmpass'])
{
$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']}','{$_POST['newpass']}')";
$resultinsert = mysql_query($insertquery);
}
else {
echo " your password didn't match";
}
}
}
?>
ASKER
Above code works but it put values in different rows
Thanks
Thanks
>>but doesn't insert the values
Because you do not have the value for user. Print the insert query and you will see there is no value for user.
Because you do not have the value for user. Print the insert query and you will see there is no value for user.
User provide $_POST['user'] in different form and $_POST['newpass'] in different.
ASKER
you are right . how can I fix that
I just noticed that you hare asking the same question in 2 different threads...
If you want to allow user to update the password, then provide new password fields in the same form in which you are asking username and password.
And if you are trying to create a member area type thing, then sessions will be of your inetrest http://www.php.net/session.
If you want to allow user to update the password, then provide new password fields in the same form in which you are asking username and password.
And if you are trying to create a member area type thing, then sessions will be of your inetrest http://www.php.net/session.
Continued...
And on successful match, update the password.
And on successful match, update the password.
ASKER
Thank you for your response. I asked initially a different question but then as I was working with them, it turned it same question. My sincere apologies.
Now I looked into session before but I couldn't use it due to certain things
Is there anyway around so it will insert the username in the same as it is inserting the password in.
Thanks
Now I looked into session before but I couldn't use it due to certain things
Is there anyway around so it will insert the username in the same as it is inserting the password in.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Its too late here, will see your reply tomorrow..ohhh.. later in the day ;-)
ASKER
wasifg thanks for the code ..a small proble,. It should only ask the user to update a new password if and only if the user provides a default password
thanks
thanks
ASKER
ok thats fine. you have a good night. See you tomorrow
thanks
thanks
What do you mean by default password?
ASKER
There is a default password 777, the user has to enter that in order for being able to enter the change the password.
Thanks
Thanks