Solved

User Login Script

Posted on 2011-03-05
1
475 Views
Last Modified: 2012-05-11
I am trying to create a login script using three fields. I have tried the following code, but I keep getting "Login failure..".

I have two user record in my database and I am sure it keep grabbing the last one. Does anyone have any ideas where I am going wrong?

Also, if anyone could give me some ideas on making this script a little secure for commercial purposes.
<?php
@include("includes/connect.php");

if ($_POST['submit'])
{
	$account= $_POST[account];
	$username = $_POST[username];
	$password = $_POST[pass];
	
	if ($account && $username && $password)
	{
		$query = mysql_query("SELECT * FROM users WHERE account='$account'");
		while ($getrows = mysql_fetch_assoc($query))
		{
			$dbaccount = $getrows['account'];
			$dbusername = $getrows['user_login'];
			$dbpassword = $getrows['password'];
		}
		
		if (($account == $dbaccount) && ($username == $dbusername) && ($password == $dbpassword))
		{
			echo "Login Successful";
		}
		else
		{
			echo $dbaccount;
			echo $dbusername;
			echo $dbpassword;
			echo "Login failure..";
		}
	}
	else
	{
		die("Please ensure all field are completed for login");
	}
}	
?>

Open in new window

0
Comment
Question by:abdulv
1 Comment
 
LVL 27

Accepted Solution

by:
yodercm earned 500 total points
ID: 35043920
A simpler and easier way to do this is:

$query = mysql_query("SELECT * FROM users WHERE account='$account' AND password='$password' AND 'user_login='$username'");
if (mysql_num_rows($query) != 1)  .....

Also MAKE CERTAIN that you safety filter the inputs!  Right now you are wide open to SQL Injection hacking.  Use this:

      $account= mysql_real_escape_string($_POST[account]);
      $username = mysql_real_escape_string($_POST[username]);
      $password = mysql_real_escape_string($_POST[pass]);
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 tmp files 3 40
physical_device_name field in SQL 3 30
Redirect 301 from one address  to another 5 25
PHP breaks when used in Wordpress template file 3 30
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question