• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 493
  • Last Modified:

User Login Script

I am trying to create a login script using three fields. I have tried the following code, but I keep getting "Login failure..".

I have two user record in my database and I am sure it keep grabbing the last one. Does anyone have any ideas where I am going wrong?

Also, if anyone could give me some ideas on making this script a little secure for commercial purposes.
<?php
@include("includes/connect.php");

if ($_POST['submit'])
{
	$account= $_POST[account];
	$username = $_POST[username];
	$password = $_POST[pass];
	
	if ($account && $username && $password)
	{
		$query = mysql_query("SELECT * FROM users WHERE account='$account'");
		while ($getrows = mysql_fetch_assoc($query))
		{
			$dbaccount = $getrows['account'];
			$dbusername = $getrows['user_login'];
			$dbpassword = $getrows['password'];
		}
		
		if (($account == $dbaccount) && ($username == $dbusername) && ($password == $dbpassword))
		{
			echo "Login Successful";
		}
		else
		{
			echo $dbaccount;
			echo $dbusername;
			echo $dbpassword;
			echo "Login failure..";
		}
	}
	else
	{
		die("Please ensure all field are completed for login");
	}
}	
?>

Open in new window

0
abdulv
Asked:
abdulv
1 Solution
 
Cornelia YoderArtistCommented:
A simpler and easier way to do this is:

$query = mysql_query("SELECT * FROM users WHERE account='$account' AND password='$password' AND 'user_login='$username'");
if (mysql_num_rows($query) != 1)  .....

Also MAKE CERTAIN that you safety filter the inputs!  Right now you are wide open to SQL Injection hacking.  Use this:

      $account= mysql_real_escape_string($_POST[account]);
      $username = mysql_real_escape_string($_POST[username]);
      $password = mysql_real_escape_string($_POST[pass]);
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now