Link to home
Start Free TrialLog in
Avatar of syedasimmeesaq
syedasimmeesaqFlag for United States of America

asked on

Query help, if the user and password is entered, saysomething different

I have this code where I ask for a default password or a user name and password. Now I want to change it in a way that if the visitor enters the user name and password then echo a message saying "You entered your user name" and if they just entered the default password, echo"You entered only password"
Also the password has to match my database password as you can see in the query

<?PHP
 
require_once('info.php');
 
$_POST['user'] = $_POST['user'];
 
$_POST['pass']= $_POST['pass'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE pass='" . $_POST['pass']. "'  OR (user='". $_POST['user']."' AND pass='".$_POST['pass']."')") or die("Couldn't query the user-database.");
 
$num = mysql_result($result,0);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} 
 
else {echo"thank you user";}
?>

Open in new window

Avatar of steelseth12
steelseth12
Flag of Cyprus image

I think i understand what you are asking.
Try the code below and let me know.
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
	list($dbuser,$dbpass) = mysql_fetch_row($result);
	
	if($dbuser==$user && $dbpass==$pass) {
	
		echo "You entered a username & password";
	
	}else{
	
		echo "You entered only pass";
	
	}
 
 
}
?>

Open in new window

Avatar of syedasimmeesaq

ASKER

could you please explain me this part. It worked! thanks but I just wanted to know what this part didi

list($dbuser,$dbpass) = mysql_fetch_row($result);
       
      Thanks
This line list($dbuser,$dbpass) = mysql_fetch_row($result); will fetch the username and password from the database , and assign them to $dbuser,$dbpass.

If both match the user input then it echoes "You entered a username & password" other wise it means that only the password matches and it echoes echo "You entered only pass";


Thank you and if I want to force the users to enter a new password who didn't enter the username and password can I do it like this
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass']
{
		$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
		$resultinsert = mysql_query($insertquery);
        
        }
 
 
}
?>

Open in new window

try this
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit") {
 
	if($_POST['newpass']) {
		
		$newpass = mysql_real_escape_string($_POST['newpass']);
		$confirmpass = mysql_real_escape_string($_POST['confirmpass']);
		
		if($newpass == $confirmpass) {
			
			$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
			
			$resultinsert = mysql_query($insertquery);
			
			$message = "Password inserted into database";
		
		}else{
		
			$message = "Password Dont Match";
		
		}
	
	}
	
	
	$user = mysql_real_escape_string($_POST['user']);
 
	$pass = mysql_real_escape_string($_POST['pass']);
 
	$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
	$num = mysql_num_rows($result);
	
	if (!$num) {
	
		$message = "Username & Password Dont match <br><br>";
		$message .= $form;
	
	}else{
	
		 list($dbuser,$dbpass) = mysql_fetch_row($result);
		 
		  if($dbuser==$user && $dbpass==$pass) {
		  
		  	$message =  "You entered a username & password";
		  
		  }else {
		  
		  	$message =  "<h4> <center><br><br>
				<form action='$_SERVER[PHP_SELF]' method='post'>
				New PassWord: <input type='text' name='newpass'><br><br>
				Confirm Password : <input type='password' name='confirmpass'><br>
 
				<br><br>
				<input type='submit' name='submit' size='10' value='Login'>
				</form></center></h4>"
		  
		  }
		 
		 
	
	}
	
	echo $message;
	
}else {
 
	echo $form;
	
 
}
 
 
 
 
 
?>

Open in new window

Thank you for the code. I tried it and the page comes up blank
Thanks
There was a ] missing. i fixed it and still it doesn't show the page
if($_POST["submit") {
to
if($_POST["submit"]) {

Thanks
Lots of nested if statements ... missed a few {}

try this
<?PHP
 
//require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO user(user, pass) VALUES ('".$user."','".$newpass ."')";
                        
                        $resultinsert = mysql_query($insertquery);
                        
                        $message = "Password inserted into database";
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        $message =  "You entered a username & password";
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
        echo $message;
		
		
		}
        
}else {
 
        echo $form;
        
 
}
 
 
 
 
 
?>

Open in new window

ohh and uncomment //require_once('info.php');
ok it goes till confirm password screen, but when I insert the new password and confirm password, it goes blank and doesn't add to the database the records.
Thanks
Now ?? :)
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO users(user, pass) VALUES ('".$user."','".$newpass ."')";
                        
                        $resultinsert = mysql_query($insertquery) or die(mysql_error());
                        
                        $message = "Password inserted into database";
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        $message =  "You entered a username & password";
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
       	
		}
       
	     echo $message;
 
}else {
 
        echo $form;
        
 
}
 
 
 
 
 
?>

Open in new window

Bravo!!!!!!!!!!!!!!!!!!!!!!!!!
thanks a lot..you are great.
So what was happening in there could you please let me know for future references.
I wish I could give you more than 500 points. It was really important for me to figure this one out
Thanks
ooooooooooops
Just a security problem.

When I entered a non default password that I have in database, it still lets me go to the confirm password screen and then let user add their names to my database
Thanks
actually whats happening is when the user enter the password it goes into the pass field in the database, so next time another user can use that password instead of the default password which is 7777 to go to the confirm password screen

how could we prevent that
Thanks
should I ask this in a new question and post a link here to that question

Thanks
give me a sec ... :)
create an new field in your users table int(1) and call it flag

for the default passwords set the flag to 1
for the other passwords set the flag to 2
ASKER CERTIFIED SOLUTION
Avatar of steelseth12
steelseth12
Flag of Cyprus image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Great...excellent

Yup that will do it.

Thanks a lot again
cheers
Excellent troubleshooting. Excellent way to do it. This guy is great
glad i could help
Could you please look at this question as it is related to what we did above.
Thanks

https://www.experts-exchange.com/questions/22994219/Session-problem-Could-be-simple-for-you-guys.html