Solved

Query help, if the user and password is entered, saysomething different

Posted on 2007-11-30
22
167 Views
Last Modified: 2013-12-12
I have this code where I ask for a default password or a user name and password. Now I want to change it in a way that if the visitor enters the user name and password then echo a message saying "You entered your user name" and if they just entered the default password, echo"You entered only password"
Also the password has to match my database password as you can see in the query

<?PHP
 

require_once('info.php');
 

$_POST['user'] = $_POST['user'];
 

$_POST['pass']= $_POST['pass'];
 

$result = mysql_query("SELECT count(id) FROM users WHERE pass='" . $_POST['pass']. "'  OR (user='". $_POST['user']."' AND pass='".$_POST['pass']."')") or die("Couldn't query the user-database.");
 

$num = mysql_result($result,0);
 

if (!$num) {
 
 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>
 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";
 

} 
 

else {echo"thank you user";}

?>

Open in new window

0
Comment
Question by:syedasimmeesaq
  • 12
  • 10
22 Comments
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384135
I think i understand what you are asking.
Try the code below and let me know.
<?PHP

 

require_once('info.php');

 

$user = mysql_real_escape_string($_POST['user']);

 

$pass = mysql_real_escape_string($_POST['pass']);

 

$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");

 

$num = mysql_num_rows($result);

 

if (!$num) {

 

 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

 

}else {
 

	list($dbuser,$dbpass) = mysql_fetch_row($result);

	

	if($dbuser==$user && $dbpass==$pass) {

	

		echo "You entered a username & password";

	

	}else{

	

		echo "You entered only pass";

	

	}
 
 

}

?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384256
could you please explain me this part. It worked! thanks but I just wanted to know what this part didi

list($dbuser,$dbpass) = mysql_fetch_row($result);
       
      Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384294
This line list($dbuser,$dbpass) = mysql_fetch_row($result); will fetch the username and password from the database , and assign them to $dbuser,$dbpass.

If both match the user input then it echoes "You entered a username & password" other wise it means that only the password matches and it echoes echo "You entered only pass";


0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384344
Thank you and if I want to force the users to enter a new password who didn't enter the username and password can I do it like this
<?PHP

 

require_once('info.php');

 

$user = mysql_real_escape_string($_POST['user']);

 

$pass = mysql_real_escape_string($_POST['pass']);

 

$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");

 

$num = mysql_num_rows($result);

 

if (!$num) {

 

 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

 

}else {

 

        list($dbuser,$dbpass) = mysql_fetch_row($result);

        

        if($dbuser==$user && $dbpass==$pass) {

        

                echo "You entered a username & password";

        

        }else{

        

                echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

New PassWord: <input type='text' name='newpass'><br><br>

Confirm Password : <input type='password' name='confirmpass'><br>
 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";
 

if($_POST['newpass'] == $_POST['confirmpass']

{

		$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";

		$resultinsert = mysql_query($insertquery);

        

        }

 

 

}

?>

Open in new window

0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384493
try this
<?PHP

 

require_once('info.php');
 

$form = "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>

 

<br><br>

<input type='submit' name='submit' size='10' value='Login'>

</form></center></h4>";
 

if($_POST["submit") {
 

	if($_POST['newpass']) {

		

		$newpass = mysql_real_escape_string($_POST['newpass']);

		$confirmpass = mysql_real_escape_string($_POST['confirmpass']);

		

		if($newpass == $confirmpass) {

			

			$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";

			

			$resultinsert = mysql_query($insertquery);

			

			$message = "Password inserted into database";

		

		}else{

		

			$message = "Password Dont Match";

		

		}

	

	}

	

	

	$user = mysql_real_escape_string($_POST['user']);

 

	$pass = mysql_real_escape_string($_POST['pass']);

 

	$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");

 

	$num = mysql_num_rows($result);

	

	if (!$num) {

	

		$message = "Username & Password Dont match <br><br>";

		$message .= $form;

	

	}else{

	

		 list($dbuser,$dbpass) = mysql_fetch_row($result);

		 

		  if($dbuser==$user && $dbpass==$pass) {

		  

		  	$message =  "You entered a username & password";

		  

		  }else {

		  

		  	$message =  "<h4> <center><br><br>

				<form action='$_SERVER[PHP_SELF]' method='post'>

				New PassWord: <input type='text' name='newpass'><br><br>

				Confirm Password : <input type='password' name='confirmpass'><br>

 

				<br><br>

				<input type='submit' name='submit' size='10' value='Login'>

				</form></center></h4>"

		  

		  }

		 

		 

	

	}

	

	echo $message;

	

}else {
 

	echo $form;

	
 

}

 

 

 
 
 

?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384559
Thank you for the code. I tried it and the page comes up blank
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384584
There was a ] missing. i fixed it and still it doesn't show the page
if($_POST["submit") {
to
if($_POST["submit"]) {

Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384619
Lots of nested if statements ... missed a few {}

try this
<?PHP

 

//require_once('info.php');

 

$form = "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>

 

<br><br>

<input type='submit' name='submit' size='10' value='Login'>

</form></center></h4>";

 

if($_POST["submit"]) {

 

        if($_POST['newpass']) {

                

                $newpass = mysql_real_escape_string($_POST['newpass']);

                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);

				$user = mysql_real_escape_string($_POST['user']);

                

                if($newpass == $confirmpass) {

                        

                        $insertquery = "INSERT INTO user(user, pass) VALUES ('".$user."','".$newpass ."')";

                        

                        $resultinsert = mysql_query($insertquery);

                        

                        $message = "Password inserted into database";

                

                }else{

                

                        $message = "Password Dont Match";

                

                }

        

        }else{

        

        

        $user = mysql_real_escape_string($_POST['user']);

 

        $pass = mysql_real_escape_string($_POST['pass']);

 

        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");

 

        $num = mysql_num_rows($result);

        

        if (!$num) {

        

                $message = "Username & Password Dont match <br><br>";

                $message .= $form;

        

        }else{

        

                 list($dbuser,$dbpass) = mysql_fetch_row($result);

                 

                  if($dbuser==$user && $dbpass==$pass) {

                  

                        $message =  "You entered a username & password";

                  

                  }else {

                  

                        $message =  "<h4> <center><br><br>

                                <form action='$_SERVER[PHP_SELF]' method='post'>

                                New PassWord: <input type='text' name='newpass'><br><br>

                                Confirm Password : <input type='password' name='confirmpass'><br>

								<input type='hidden' name='user' value='".$user."'>

 

                                <br><br>

                                <input type='submit' name='submit' size='10' value='Login'>

                                </form></center></h4>";

                  

                  }

                 

                 

        

        }

        

        echo $message;

		

		

		}

        

}else {

 

        echo $form;

        

 

}

 

 

 

 

 

?>

Open in new window

0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384625
ohh and uncomment //require_once('info.php');
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384653
ok it goes till confirm password screen, but when I insert the new password and confirm password, it goes blank and doesn't add to the database the records.
Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384698
Now ?? :)
<?PHP

 

require_once('info.php');

 

$form = "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>

 

<br><br>

<input type='submit' name='submit' size='10' value='Login'>

</form></center></h4>";

 

if($_POST["submit"]) {

 

        if($_POST['newpass']) {

                

                $newpass = mysql_real_escape_string($_POST['newpass']);

                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);

				$user = mysql_real_escape_string($_POST['user']);

                

                if($newpass == $confirmpass) {

                        

                        $insertquery = "INSERT INTO users(user, pass) VALUES ('".$user."','".$newpass ."')";

                        

                        $resultinsert = mysql_query($insertquery) or die(mysql_error());

                        

                        $message = "Password inserted into database";

                

                }else{

                

                        $message = "Password Dont Match";

                

                }

        

        }else{

        

        

        $user = mysql_real_escape_string($_POST['user']);

 

        $pass = mysql_real_escape_string($_POST['pass']);

 

        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());

 

        $num = mysql_num_rows($result);

        

        if (!$num) {

        

                $message = "Username & Password Dont match <br><br>";

                $message .= $form;

        

        }else{

        

                 list($dbuser,$dbpass) = mysql_fetch_row($result);

                 

                  if($dbuser==$user && $dbpass==$pass) {

                  

                        $message =  "You entered a username & password";

                  

                  }else {

                  

                        $message =  "<h4> <center><br><br>

                                <form action='$_SERVER[PHP_SELF]' method='post'>

                                New PassWord: <input type='text' name='newpass'><br><br>

                                Confirm Password : <input type='password' name='confirmpass'><br>

								<input type='hidden' name='user' value='".$user."'>

 

                                <br><br>

                                <input type='submit' name='submit' size='10' value='Login'>

                                </form></center></h4>";

                  

                  }

                 

                 

        

        }

        

       	

		}

       

	     echo $message;
 

}else {

 

        echo $form;

        

 

}

 

 

 

 

 

?>

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384748
Bravo!!!!!!!!!!!!!!!!!!!!!!!!!
thanks a lot..you are great.
So what was happening in there could you please let me know for future references.
I wish I could give you more than 500 points. It was really important for me to figure this one out
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384805
ooooooooooops
Just a security problem.

When I entered a non default password that I have in database, it still lets me go to the confirm password screen and then let user add their names to my database
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384827
actually whats happening is when the user enter the password it goes into the pass field in the database, so next time another user can use that password instead of the default password which is 7777 to go to the confirm password screen

how could we prevent that
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384836
should I ask this in a new question and post a link here to that question

Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384845
give me a sec ... :)
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384911
create an new field in your users table int(1) and call it flag

for the default passwords set the flag to 1
for the other passwords set the flag to 2
0
 
LVL 20

Accepted Solution

by:
steelseth12 earned 500 total points
ID: 20384926
so your select statement would look like this

 $result = mysql_query("SELECT user,pass FROM users WHERE (pass='" . $pass. "' AND flag=1)  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());

and your insert statement like this

$insertquery = "INSERT INTO users(user, pass,flag) VALUES ('".$user."','".$newpass ."',2)";
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385017
Great...excellent

Yup that will do it.

Thanks a lot again
cheers
0
 
LVL 9

Author Closing Comment

by:syedasimmeesaq
ID: 31411984
Excellent troubleshooting. Excellent way to do it. This guy is great
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20385036
glad i could help
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385122
Could you please look at this question as it is related to what we did above.
Thanks

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_22994219.html
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now