Solved

Query help, if the user and password is entered, saysomething different

Posted on 2007-11-30
22
172 Views
Last Modified: 2013-12-12
I have this code where I ask for a default password or a user name and password. Now I want to change it in a way that if the visitor enters the user name and password then echo a message saying "You entered your user name" and if they just entered the default password, echo"You entered only password"
Also the password has to match my database password as you can see in the query

<?PHP
 
require_once('info.php');
 
$_POST['user'] = $_POST['user'];
 
$_POST['pass']= $_POST['pass'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE pass='" . $_POST['pass']. "'  OR (user='". $_POST['user']."' AND pass='".$_POST['pass']."')") or die("Couldn't query the user-database.");
 
$num = mysql_result($result,0);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} 
 
else {echo"thank you user";}
?>

Open in new window

0
Comment
Question by:syedasimmeesaq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 10
22 Comments
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384135
I think i understand what you are asking.
Try the code below and let me know.
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
	list($dbuser,$dbpass) = mysql_fetch_row($result);
	
	if($dbuser==$user && $dbpass==$pass) {
	
		echo "You entered a username & password";
	
	}else{
	
		echo "You entered only pass";
	
	}
 
 
}
?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384256
could you please explain me this part. It worked! thanks but I just wanted to know what this part didi

list($dbuser,$dbpass) = mysql_fetch_row($result);
       
      Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384294
This line list($dbuser,$dbpass) = mysql_fetch_row($result); will fetch the username and password from the database , and assign them to $dbuser,$dbpass.

If both match the user input then it echoes "You entered a username & password" other wise it means that only the password matches and it echoes echo "You entered only pass";


0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384344
Thank you and if I want to force the users to enter a new password who didn't enter the username and password can I do it like this
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass']
{
		$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
		$resultinsert = mysql_query($insertquery);
        
        }
 
 
}
?>

Open in new window

0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384493
try this
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit") {
 
	if($_POST['newpass']) {
		
		$newpass = mysql_real_escape_string($_POST['newpass']);
		$confirmpass = mysql_real_escape_string($_POST['confirmpass']);
		
		if($newpass == $confirmpass) {
			
			$insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']','{$_POST['newpass']}')";
			
			$resultinsert = mysql_query($insertquery);
			
			$message = "Password inserted into database";
		
		}else{
		
			$message = "Password Dont Match";
		
		}
	
	}
	
	
	$user = mysql_real_escape_string($_POST['user']);
 
	$pass = mysql_real_escape_string($_POST['pass']);
 
	$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
	$num = mysql_num_rows($result);
	
	if (!$num) {
	
		$message = "Username & Password Dont match <br><br>";
		$message .= $form;
	
	}else{
	
		 list($dbuser,$dbpass) = mysql_fetch_row($result);
		 
		  if($dbuser==$user && $dbpass==$pass) {
		  
		  	$message =  "You entered a username & password";
		  
		  }else {
		  
		  	$message =  "<h4> <center><br><br>
				<form action='$_SERVER[PHP_SELF]' method='post'>
				New PassWord: <input type='text' name='newpass'><br><br>
				Confirm Password : <input type='password' name='confirmpass'><br>
 
				<br><br>
				<input type='submit' name='submit' size='10' value='Login'>
				</form></center></h4>"
		  
		  }
		 
		 
	
	}
	
	echo $message;
	
}else {
 
	echo $form;
	
 
}
 
 
 
 
 
?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384559
Thank you for the code. I tried it and the page comes up blank
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384584
There was a ] missing. i fixed it and still it doesn't show the page
if($_POST["submit") {
to
if($_POST["submit"]) {

Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384619
Lots of nested if statements ... missed a few {}

try this
<?PHP
 
//require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO user(user, pass) VALUES ('".$user."','".$newpass ."')";
                        
                        $resultinsert = mysql_query($insertquery);
                        
                        $message = "Password inserted into database";
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        $message =  "You entered a username & password";
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
        echo $message;
		
		
		}
        
}else {
 
        echo $form;
        
 
}
 
 
 
 
 
?>

Open in new window

0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384625
ohh and uncomment //require_once('info.php');
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384653
ok it goes till confirm password screen, but when I insert the new password and confirm password, it goes blank and doesn't add to the database the records.
Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384698
Now ?? :)
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO users(user, pass) VALUES ('".$user."','".$newpass ."')";
                        
                        $resultinsert = mysql_query($insertquery) or die(mysql_error());
                        
                        $message = "Password inserted into database";
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        $message =  "You entered a username & password";
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
       	
		}
       
	     echo $message;
 
}else {
 
        echo $form;
        
 
}
 
 
 
 
 
?>

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384748
Bravo!!!!!!!!!!!!!!!!!!!!!!!!!
thanks a lot..you are great.
So what was happening in there could you please let me know for future references.
I wish I could give you more than 500 points. It was really important for me to figure this one out
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384805
ooooooooooops
Just a security problem.

When I entered a non default password that I have in database, it still lets me go to the confirm password screen and then let user add their names to my database
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384827
actually whats happening is when the user enter the password it goes into the pass field in the database, so next time another user can use that password instead of the default password which is 7777 to go to the confirm password screen

how could we prevent that
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384836
should I ask this in a new question and post a link here to that question

Thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384845
give me a sec ... :)
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20384911
create an new field in your users table int(1) and call it flag

for the default passwords set the flag to 1
for the other passwords set the flag to 2
0
 
LVL 20

Accepted Solution

by:
steelseth12 earned 500 total points
ID: 20384926
so your select statement would look like this

 $result = mysql_query("SELECT user,pass FROM users WHERE (pass='" . $pass. "' AND flag=1)  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());

and your insert statement like this

$insertquery = "INSERT INTO users(user, pass,flag) VALUES ('".$user."','".$newpass ."',2)";
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385017
Great...excellent

Yup that will do it.

Thanks a lot again
cheers
0
 
LVL 9

Author Closing Comment

by:syedasimmeesaq
ID: 31411984
Excellent troubleshooting. Excellent way to do it. This guy is great
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20385036
glad i could help
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385122
Could you please look at this question as it is related to what we did above.
Thanks

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_22994219.html
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question