?
Solved

Query help, if the user and password is entered, saysomething different

Posted on 2007-11-30
22
Medium Priority
?
174 Views
Last Modified: 2013-12-12
I have this code where I ask for a default password or a user name and password. Now I want to change it in a way that if the visitor enters the user name and password then echo a message saying "You entered your user name" and if they just entered the default password, echo"You entered only password"
Also the password has to match my database password as you can see in the query

<?PHP
 
require_once('info.php');
 
$_POST['user'] = $_POST['user'];
 
$_POST['pass']= $_POST['pass'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE pass='" . $_POST['pass']. "'  OR (user='". $_POST['user']."' AND pass='".$_POST['pass']."')") or die("Couldn't query the user-database.");
 
$num = mysql_result($result,0);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} 
 
else {echo"thank you user";}
?>

Open in new window

0
Comment
Question by:syedasimmeesaq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 10
22 Comments
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384135
I think i understand what you are asking.
Try the code below and let me know.
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
	list($dbuser,$dbpass) = mysql_fetch_row($result);
	
	if($dbuser==$user && $dbpass==$pass) {
	
		echo "You entered a username & password";
	
	}else{
	
		echo "You entered only pass";
	
	}
 
 
}
?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384256
could you please explain me this part. It worked! thanks but I just wanted to know what this part didi

list($dbuser,$dbpass) = mysql_fetch_row($result);
       
      Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384294
This line list($dbuser,$dbpass) = mysql_fetch_row($result); will fetch the username and password from the database , and assign them to $dbuser,$dbpass.

If both match the user input then it echoes "You entered a username & password" other wise it means that only the password matches and it echoes echo "You entered only pass";


0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384344
Thank you and if I want to force the users to enter a new password who didn't enter the username and password can I do it like this
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass']
{
		$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
		$resultinsert = mysql_query($insertquery);
        
        }
 
 
}
?>

Open in new window

0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384493
try this
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit") {
 
	if($_POST['newpass']) {
		
		$newpass = mysql_real_escape_string($_POST['newpass']);
		$confirmpass = mysql_real_escape_string($_POST['confirmpass']);
		
		if($newpass == $confirmpass) {
			
			$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
			
			$resultinsert = mysql_query($insertquery);
			
			$message = "Password inserted into database";
		
		}else{
		
			$message = "Password Dont Match";
		
		}
	
	}
	
	
	$user = mysql_real_escape_string($_POST['user']);
 
	$pass = mysql_real_escape_string($_POST['pass']);
 
	$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
	$num = mysql_num_rows($result);
	
	if (!$num) {
	
		$message = "Username & Password Dont match <br><br>";
		$message .= $form;
	
	}else{
	
		 list($dbuser,$dbpass) = mysql_fetch_row($result);
		 
		  if($dbuser==$user && $dbpass==$pass) {
		  
		  	$message =  "You entered a username & password";
		  
		  }else {
		  
		  	$message =  "<h4> <center><br><br>
				<form action='$_SERVER[PHP_SELF]' method='post'>
				New PassWord: <input type='text' name='newpass'><br><br>
				Confirm Password : <input type='password' name='confirmpass'><br>
 
				<br><br>
				<input type='submit' name='submit' size='10' value='Login'>
				</form></center></h4>"
		  
		  }
		 
		 
	
	}
	
	echo $message;
	
}else {
 
	echo $form;
	
 
}
 
 
 
 
 
?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384559
Thank you for the code. I tried it and the page comes up blank
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384584
There was a ] missing. i fixed it and still it doesn't show the page
if($_POST["submit") {
to
if($_POST["submit"]) {

Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384619
Lots of nested if statements ... missed a few {}

try this
<?PHP
 
//require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO user(user, pass) VALUES ('".$user."','".$newpass ."')";
                        
                        $resultinsert = mysql_query($insertquery);
                        
                        $message = "Password inserted into database";
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        $message =  "You entered a username & password";
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
        echo $message;
		
		
		}
        
}else {
 
        echo $form;
        
 
}
 
 
 
 
 
?>

Open in new window

0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384625
ohh and uncomment //require_once('info.php');
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384653
ok it goes till confirm password screen, but when I insert the new password and confirm password, it goes blank and doesn't add to the database the records.
Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384698
Now ?? :)
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO users(user, pass) VALUES ('".$user."','".$newpass ."')";
                        
                        $resultinsert = mysql_query($insertquery) or die(mysql_error());
                        
                        $message = "Password inserted into database";
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        $message =  "You entered a username & password";
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
       	
		}
       
	     echo $message;
 
}else {
 
        echo $form;
        
 
}
 
 
 
 
 
?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384748
Bravo!!!!!!!!!!!!!!!!!!!!!!!!!
thanks a lot..you are great.
So what was happening in there could you please let me know for future references.
I wish I could give you more than 500 points. It was really important for me to figure this one out
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384805
ooooooooooops
Just a security problem.

When I entered a non default password that I have in database, it still lets me go to the confirm password screen and then let user add their names to my database
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384827
actually whats happening is when the user enter the password it goes into the pass field in the database, so next time another user can use that password instead of the default password which is 7777 to go to the confirm password screen

how could we prevent that
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384836
should I ask this in a new question and post a link here to that question

Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384845
give me a sec ... :)
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384911
create an new field in your users table int(1) and call it flag

for the default passwords set the flag to 1
for the other passwords set the flag to 2
0
 
LVL 20

Accepted Solution

by:
steelseth12 earned 2000 total points
ID: 20384926
so your select statement would look like this

 $result = mysql_query("SELECT user,pass FROM users WHERE (pass='" . $pass. "' AND flag=1)  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());

and your insert statement like this

$insertquery = "INSERT INTO users(user, pass,flag) VALUES ('".$user."','".$newpass ."',2)";
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385017
Great...excellent

Yup that will do it.

Thanks a lot again
cheers
0
 
LVL 9

Author Closing Comment

by:syedasimmeesaq
ID: 31411984
Excellent troubleshooting. Excellent way to do it. This guy is great
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20385036
glad i could help
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385122
Could you please look at this question as it is related to what we did above.
Thanks

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_22994219.html
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question