Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

User Login Script

I am trying to create a login script using three fields. I have tried the following code, but I keep getting "Login failure..".

I have two user record in my database and I am sure it keep grabbing the last one. Does anyone have any ideas where I am going wrong?

Also, if anyone could give me some ideas on making this script a little secure for commercial purposes.
<?php
@include("includes/connect.php");

if ($_POST['submit'])
{
	$account= $_POST[account];
	$username = $_POST[username];
	$password = $_POST[pass];
	
	if ($account && $username && $password)
	{
		$query = mysql_query("SELECT * FROM users WHERE account='$account'");
		while ($getrows = mysql_fetch_assoc($query))
		{
			$dbaccount = $getrows['account'];
			$dbusername = $getrows['user_login'];
			$dbpassword = $getrows['password'];
		}
		
		if (($account == $dbaccount) && ($username == $dbusername) && ($password == $dbpassword))
		{
			echo "Login Successful";
		}
		else
		{
			echo $dbaccount;
			echo $dbusername;
			echo $dbpassword;
			echo "Login failure..";
		}
	}
	else
	{
		die("Please ensure all field are completed for login");
	}
}	
?>

Open in new window

0
abdulv
Asked:
abdulv
1 Solution
 
Cornelia YoderArtistCommented:
A simpler and easier way to do this is:

$query = mysql_query("SELECT * FROM users WHERE account='$account' AND password='$password' AND 'user_login='$username'");
if (mysql_num_rows($query) != 1)  .....

Also MAKE CERTAIN that you safety filter the inputs!  Right now you are wide open to SQL Injection hacking.  Use this:

      $account= mysql_real_escape_string($_POST[account]);
      $username = mysql_real_escape_string($_POST[username]);
      $password = mysql_real_escape_string($_POST[pass]);
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now