syedasimmeesaq
asked on
Query help, if the user and password is entered, saysomething different
I have this code where I ask for a default password or a user name and password. Now I want to change it in a way that if the visitor enters the user name and password then echo a message saying "You entered your user name" and if they just entered the default password, echo"You entered only password"
Also the password has to match my database password as you can see in the query
Also the password has to match my database password as you can see in the query
<?PHP
require_once('info.php');
$_POST['user'] = $_POST['user'];
$_POST['pass']= $_POST['pass'];
$result = mysql_query("SELECT count(id) FROM users WHERE pass='" . $_POST['pass']. "' OR (user='". $_POST['user']."' AND pass='".$_POST['pass']."')") or die("Couldn't query the user-database.");
$num = mysql_result($result,0);
if (!$num) {
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
}
else {echo"thank you user";}
?>
ASKER
could you please explain me this part. It worked! thanks but I just wanted to know what this part didi
list($dbuser,$dbpass) = mysql_fetch_row($result);
Thanks
list($dbuser,$dbpass) = mysql_fetch_row($result);
Thanks
This line list($dbuser,$dbpass) = mysql_fetch_row($result); will fetch the username and password from the database , and assign them to $dbuser,$dbpass.
If both match the user input then it echoes "You entered a username & password" other wise it means that only the password matches and it echoes echo "You entered only pass";
If both match the user input then it echoes "You entered a username & password" other wise it means that only the password matches and it echoes echo "You entered only pass";
ASKER
Thank you and if I want to force the users to enter a new password who didn't enter the username and password can I do it like this
<?PHP
require_once('info.php');
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "' OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
$num = mysql_num_rows($result);
if (!$num) {
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
}else {
list($dbuser,$dbpass) = mysql_fetch_row($result);
if($dbuser==$user && $dbpass==$pass) {
echo "You entered a username & password";
}else{
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
if($_POST['newpass'] == $_POST['confirmpass']
{
$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
$resultinsert = mysql_query($insertquery);
}
}
?>
try this
<?PHP
require_once('info.php');
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
if($_POST["submit") {
if($_POST['newpass']) {
$newpass = mysql_real_escape_string($_POST['newpass']);
$confirmpass = mysql_real_escape_string($_POST['confirmpass']);
if($newpass == $confirmpass) {
$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
$resultinsert = mysql_query($insertquery);
$message = "Password inserted into database";
}else{
$message = "Password Dont Match";
}
}
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "' OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
$num = mysql_num_rows($result);
if (!$num) {
$message = "Username & Password Dont match <br><br>";
$message .= $form;
}else{
list($dbuser,$dbpass) = mysql_fetch_row($result);
if($dbuser==$user && $dbpass==$pass) {
$message = "You entered a username & password";
}else {
$message = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>"
}
}
echo $message;
}else {
echo $form;
}
?>
ASKER
Thank you for the code. I tried it and the page comes up blank
Thanks
Thanks
ASKER
There was a ] missing. i fixed it and still it doesn't show the page
if($_POST["submit") {
to
if($_POST["submit"]) {
Thanks
if($_POST["submit") {
to
if($_POST["submit"]) {
Thanks
Lots of nested if statements ... missed a few {}
try this
try this
<?PHP
//require_once('info.php');
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
if($_POST["submit"]) {
if($_POST['newpass']) {
$newpass = mysql_real_escape_string($_POST['newpass']);
$confirmpass = mysql_real_escape_string($_POST['confirmpass']);
$user = mysql_real_escape_string($_POST['user']);
if($newpass == $confirmpass) {
$insertquery = "INSERT INTO user(user, pass) VALUES ('".$user."','".$newpass ."')";
$resultinsert = mysql_query($insertquery);
$message = "Password inserted into database";
}else{
$message = "Password Dont Match";
}
}else{
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "' OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
$num = mysql_num_rows($result);
if (!$num) {
$message = "Username & Password Dont match <br><br>";
$message .= $form;
}else{
list($dbuser,$dbpass) = mysql_fetch_row($result);
if($dbuser==$user && $dbpass==$pass) {
$message = "You entered a username & password";
}else {
$message = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
<input type='hidden' name='user' value='".$user."'>
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
}
}
echo $message;
}
}else {
echo $form;
}
?>
ohh and uncomment //require_once('info.php') ;
ASKER
ok it goes till confirm password screen, but when I insert the new password and confirm password, it goes blank and doesn't add to the database the records.
Thanks
Thanks
Now ?? :)
<?PHP
require_once('info.php');
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
if($_POST["submit"]) {
if($_POST['newpass']) {
$newpass = mysql_real_escape_string($_POST['newpass']);
$confirmpass = mysql_real_escape_string($_POST['confirmpass']);
$user = mysql_real_escape_string($_POST['user']);
if($newpass == $confirmpass) {
$insertquery = "INSERT INTO users(user, pass) VALUES ('".$user."','".$newpass ."')";
$resultinsert = mysql_query($insertquery) or die(mysql_error());
$message = "Password inserted into database";
}else{
$message = "Password Dont Match";
}
}else{
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "' OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());
$num = mysql_num_rows($result);
if (!$num) {
$message = "Username & Password Dont match <br><br>";
$message .= $form;
}else{
list($dbuser,$dbpass) = mysql_fetch_row($result);
if($dbuser==$user && $dbpass==$pass) {
$message = "You entered a username & password";
}else {
$message = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
<input type='hidden' name='user' value='".$user."'>
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
}
}
}
echo $message;
}else {
echo $form;
}
?>
ASKER
Bravo!!!!!!!!!!!!!!!!!!!!! !!!!
thanks a lot..you are great.
So what was happening in there could you please let me know for future references.
I wish I could give you more than 500 points. It was really important for me to figure this one out
Thanks
thanks a lot..you are great.
So what was happening in there could you please let me know for future references.
I wish I could give you more than 500 points. It was really important for me to figure this one out
Thanks
ASKER
ooooooooooops
Just a security problem.
When I entered a non default password that I have in database, it still lets me go to the confirm password screen and then let user add their names to my database
Thanks
Just a security problem.
When I entered a non default password that I have in database, it still lets me go to the confirm password screen and then let user add their names to my database
Thanks
ASKER
actually whats happening is when the user enter the password it goes into the pass field in the database, so next time another user can use that password instead of the default password which is 7777 to go to the confirm password screen
how could we prevent that
Thanks
how could we prevent that
Thanks
ASKER
should I ask this in a new question and post a link here to that question
Thanks
Thanks
give me a sec ... :)
create an new field in your users table int(1) and call it flag
for the default passwords set the flag to 1
for the other passwords set the flag to 2
for the default passwords set the flag to 1
for the other passwords set the flag to 2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great...excellent
Yup that will do it.
Thanks a lot again
cheers
Yup that will do it.
Thanks a lot again
cheers
ASKER
Excellent troubleshooting. Excellent way to do it. This guy is great
glad i could help
ASKER
Could you please look at this question as it is related to what we did above.
Thanks
https://www.experts-exchange.com/questions/22994219/Session-problem-Could-be-simple-for-you-guys.html
Thanks
https://www.experts-exchange.com/questions/22994219/Session-problem-Could-be-simple-for-you-guys.html
Try the code below and let me know.
Open in new window