• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 176
  • Last Modified:

Query help, if the user and password is entered, saysomething different

I have this code where I ask for a default password or a user name and password. Now I want to change it in a way that if the visitor enters the user name and password then echo a message saying "You entered your user name" and if they just entered the default password, echo"You entered only password"
Also the password has to match my database password as you can see in the query

<?PHP
 
require_once('info.php');
 
$_POST['user'] = $_POST['user'];
 
$_POST['pass']= $_POST['pass'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE pass='" . $_POST['pass']. "'  OR (user='". $_POST['user']."' AND pass='".$_POST['pass']."')") or die("Couldn't query the user-database.");
 
$num = mysql_result($result,0);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} 
 
else {echo"thank you user";}
?>

Open in new window

0
syedasimmeesaq
Asked:
syedasimmeesaq
  • 12
  • 10
1 Solution
 
steelseth12Commented:
I think i understand what you are asking.
Try the code below and let me know.
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
	list($dbuser,$dbpass) = mysql_fetch_row($result);
	
	if($dbuser==$user && $dbpass==$pass) {
	
		echo "You entered a username & password";
	
	}else{
	
		echo "You entered only pass";
	
	}
 
 
}
?>

Open in new window

0
 
syedasimmeesaqAuthor Commented:
could you please explain me this part. It worked! thanks but I just wanted to know what this part didi

list($dbuser,$dbpass) = mysql_fetch_row($result);
       
      Thanks
0
 
steelseth12Commented:
This line list($dbuser,$dbpass) = mysql_fetch_row($result); will fetch the username and password from the database , and assign them to $dbuser,$dbpass.

If both match the user input then it echoes "You entered a username & password" other wise it means that only the password matches and it echoes echo "You entered only pass";


0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
syedasimmeesaqAuthor Commented:
Thank you and if I want to force the users to enter a new password who didn't enter the username and password can I do it like this
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass']
{
		$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
		$resultinsert = mysql_query($insertquery);
        
        }
 
 
}
?>

Open in new window

0
 
steelseth12Commented:
try this
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit") {
 
	if($_POST['newpass']) {
		
		$newpass = mysql_real_escape_string($_POST['newpass']);
		$confirmpass = mysql_real_escape_string($_POST['confirmpass']);
		
		if($newpass == $confirmpass) {
			
			$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
			
			$resultinsert = mysql_query($insertquery);
			
			$message = "Password inserted into database";
		
		}else{
		
			$message = "Password Dont Match";
		
		}
	
	}
	
	
	$user = mysql_real_escape_string($_POST['user']);
 
	$pass = mysql_real_escape_string($_POST['pass']);
 
	$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
	$num = mysql_num_rows($result);
	
	if (!$num) {
	
		$message = "Username & Password Dont match <br><br>";
		$message .= $form;
	
	}else{
	
		 list($dbuser,$dbpass) = mysql_fetch_row($result);
		 
		  if($dbuser==$user && $dbpass==$pass) {
		  
		  	$message =  "You entered a username & password";
		  
		  }else {
		  
		  	$message =  "<h4> <center><br><br>
				<form action='$_SERVER[PHP_SELF]' method='post'>
				New PassWord: <input type='text' name='newpass'><br><br>
				Confirm Password : <input type='password' name='confirmpass'><br>
 
				<br><br>
				<input type='submit' name='submit' size='10' value='Login'>
				</form></center></h4>"
		  
		  }
		 
		 
	
	}
	
	echo $message;
	
}else {
 
	echo $form;
	
 
}
 
 
 
 
 
?>

Open in new window

0
 
syedasimmeesaqAuthor Commented:
Thank you for the code. I tried it and the page comes up blank
Thanks
0
 
syedasimmeesaqAuthor Commented:
There was a ] missing. i fixed it and still it doesn't show the page
if($_POST["submit") {
to
if($_POST["submit"]) {

Thanks
0
 
steelseth12Commented:
Lots of nested if statements ... missed a few {}

try this
<?PHP
 
//require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO user(user, pass) VALUES ('".$user."','".$newpass ."')";
                        
                        $resultinsert = mysql_query($insertquery);
                        
                        $message = "Password inserted into database";
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        $message =  "You entered a username & password";
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
        echo $message;
		
		
		}
        
}else {
 
        echo $form;
        
 
}
 
 
 
 
 
?>

Open in new window

0
 
steelseth12Commented:
ohh and uncomment //require_once('info.php');
0
 
syedasimmeesaqAuthor Commented:
ok it goes till confirm password screen, but when I insert the new password and confirm password, it goes blank and doesn't add to the database the records.
Thanks
0
 
steelseth12Commented:
Now ?? :)
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO users(user, pass) VALUES ('".$user."','".$newpass ."')";
                        
                        $resultinsert = mysql_query($insertquery) or die(mysql_error());
                        
                        $message = "Password inserted into database";
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        $message =  "You entered a username & password";
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
       	
		}
       
	     echo $message;
 
}else {
 
        echo $form;
        
 
}
 
 
 
 
 
?>

Open in new window

0
 
syedasimmeesaqAuthor Commented:
Bravo!!!!!!!!!!!!!!!!!!!!!!!!!
thanks a lot..you are great.
So what was happening in there could you please let me know for future references.
I wish I could give you more than 500 points. It was really important for me to figure this one out
Thanks
0
 
syedasimmeesaqAuthor Commented:
ooooooooooops
Just a security problem.

When I entered a non default password that I have in database, it still lets me go to the confirm password screen and then let user add their names to my database
Thanks
0
 
syedasimmeesaqAuthor Commented:
actually whats happening is when the user enter the password it goes into the pass field in the database, so next time another user can use that password instead of the default password which is 7777 to go to the confirm password screen

how could we prevent that
Thanks
0
 
syedasimmeesaqAuthor Commented:
should I ask this in a new question and post a link here to that question

Thanks
0
 
steelseth12Commented:
give me a sec ... :)
0
 
steelseth12Commented:
create an new field in your users table int(1) and call it flag

for the default passwords set the flag to 1
for the other passwords set the flag to 2
0
 
steelseth12Commented:
so your select statement would look like this

 $result = mysql_query("SELECT user,pass FROM users WHERE (pass='" . $pass. "' AND flag=1)  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());

and your insert statement like this

$insertquery = "INSERT INTO users(user, pass,flag) VALUES ('".$user."','".$newpass ."',2)";
0
 
syedasimmeesaqAuthor Commented:
Great...excellent

Yup that will do it.

Thanks a lot again
cheers
0
 
syedasimmeesaqAuthor Commented:
Excellent troubleshooting. Excellent way to do it. This guy is great
0
 
steelseth12Commented:
glad i could help
0
 
syedasimmeesaqAuthor Commented:
Could you please look at this question as it is related to what we did above.
Thanks

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_22994219.html
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 12
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now