How to check two data tables for a username and password?

Experts,

I have two tables: 'Users' and 'Controllers'

Both tables have columns labeled 'NUID' (aka Username) and 'Password'.  I have one log-in form that currently checks the table 'Users' for  the given username and password combo, and if it exists it creates a cookie and logs the user in.

I would like to check both tables for the username and password supplied.  Although a password may be the same, the 'NUID' (aka Username) is unique so that a user ID can not be in both tables.

Is there a way to check both tables for the existance of the unique 'NUID' and 'Password' combo?  I have pasted my log-in processing script below.

Cheers!  EVM
<?php			
					// LOG IN PROCESS & COOKIE CREATION
					$dbname = "xxx";
					$dbhost = "localhost";
					$dbusername = "xxxx";
					$dbpassword = "xxxxx";
					
					mysql_connect("$dbhost", "$dbusername", "$dbpassword")or die("cannot connect");
					mysql_select_db("$dbname")or die("cannot select DB");
					
					$domain = "http://diablo/";
					
					//session handling
					//session_start() must come after runtime configuration
					//of session directives.
					@ini_set('session.use_only_cookies',TRUE);
					@ini_set('session.cookie_domain','.'.$domain);
					@ini_set('session.cookie_path','/');
					 
					//session_start
					if(!isset($_SESSION)) session_start();
					
					//Form Processing
					if(isset($_POST['myusername'])) {
					// username and password sent from form
					$myusername = (!empty($_POST['myusername'])) ? $_POST['myusername'] : NULL;
					$mypassword = (!empty($_POST['mypassword'])) ? $_POST['mypassword'] : NULL;
		 
					// To protect MySQL injection (more detail about MySQL injection)
					$myusername = stripslashes($myusername);
					$mypassword = stripslashes($mypassword);
					$myusername = mysql_real_escape_string($myusername);
					$mypassword = mysql_real_escape_string($mypassword);
					
					$sql="SELECT * FROM controller_members WHERE NUID='$myusername' AND Password='$mypassword' LIMIT 1";
					
					// ALWAYS TEST FOR QUERY SUCCESS!                        
					if (!$result=mysql_query($sql)) die( mysql_error() );
		 
					// Mysql_num_row is counting table row
					$count=mysql_num_rows($result);
					// If result matched $myusername and $mypassword, table row must be 1 row
		 
						// IF WE GET THIS FAR WE CAN COMPLETE THE LOGIN
					 
						if($count == 1)
						{
						// PUT USERNAME IN SESSION
						$_SESSION["myusername"] = $myusername;
						
						// SET A COOKIE TO REMEMBER THE LOGIN 
					   $cookie_value	= "$myusername";
					   $cookie_name 	= "myusername";
					   $cookie_life	= time() + 24*60*60; // 24 HOURS - CHECK THIS VALUE CAREFULLY
						// IF FIRST COOKIE IS NOT CREATED - GENERATE ERROR
						if (!setcookie($cookie_name, $cookie_value, $cookie_life,'/'))  { /* echo "Cookie Failed"; */ }
					   
						// SET A COOKIE TO REMEMBER THE PAGE WHERE THE LOG-IN ATTEMPT TO PLACE 
					   $cookie_value2	= $_SERVER['HTTP_REFERER'];
					   $cookie_name2 	= "login_location";
					   $cookie_life2	= time() + 1*60*60; // 24 HOURS - CHECK THIS VALUE CAREFULLY
						// IF SECOND COOKIE IS NOT CREATED - GENERATE ERROR
						if (!setcookie($cookie_name2, $cookie_value2, $cookie_life2,'/'))  { /* echo "Cookie Failed"; */ }
						   
						   if(setcookie){
						   header('location: '.$cookie_value2); 
						   }
						}
		 
						// IF NO RECORD FOUND, NOT LOGGED IN			
						if($count != 1)
						{
						   echo "
						   <div class='form_container'>
						   Sorry, but your NUID &amp; Password combination was incorrect.<br /><br />Please try again.
						   </div>";
						}
			 
					} //end form processing
						 
						//END PROCESSING SCRIPT
			
					?>

Open in new window

evibesmusicAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

racekCommented:

SELECT 
(SELECT password FROM controller_members 
    WHERE NUID='$myusername') as cntr_password , 
(SELECT password FROM Users 
    WHERE NUID='$myusername' ) as 'user_password;
 
 
 
 
 
 
AND Password='$mypassword' LIMIT 1

Open in new window

0
racekCommented:

SELECT 
(SELECT password FROM controller_members 
    WHERE NUID='$myusername') as cntr_password , 
(SELECT password FROM Users 
    WHERE NUID='$myusername' ) as user_password;

Open in new window

0
evibesmusicAuthor Commented:
@ racek:

So would the final line of code look like this?

$sql="SELECT (SELECT password FROM controller_members WHERE NUID='$myusername'),
(SELECT password FROM controller_controllers WHERE NUID='$myusername' )";
0
racekCommented:
but if you want to rename output fields ... try

$sql="SELECT (SELECT password AS MemPsw FROM controller_members WHERE NUID='$myusername')  CNT,
(SELECT password AS CntPsw FROM controller_controllers WHERE NUID='$myusername' ) ";
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
evibesmusicAuthor Commented:
Thank you very much.  I appreciate your assistance.

EVM
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.