Solved

User Login Script

Posted on 2011-03-05
1
465 Views
Last Modified: 2012-05-11
I am trying to create a login script using three fields. I have tried the following code, but I keep getting "Login failure..".

I have two user record in my database and I am sure it keep grabbing the last one. Does anyone have any ideas where I am going wrong?

Also, if anyone could give me some ideas on making this script a little secure for commercial purposes.
<?php
@include("includes/connect.php");

if ($_POST['submit'])
{
	$account= $_POST[account];
	$username = $_POST[username];
	$password = $_POST[pass];
	
	if ($account && $username && $password)
	{
		$query = mysql_query("SELECT * FROM users WHERE account='$account'");
		while ($getrows = mysql_fetch_assoc($query))
		{
			$dbaccount = $getrows['account'];
			$dbusername = $getrows['user_login'];
			$dbpassword = $getrows['password'];
		}
		
		if (($account == $dbaccount) && ($username == $dbusername) && ($password == $dbpassword))
		{
			echo "Login Successful";
		}
		else
		{
			echo $dbaccount;
			echo $dbusername;
			echo $dbpassword;
			echo "Login failure..";
		}
	}
	else
	{
		die("Please ensure all field are completed for login");
	}
}	
?>

Open in new window

0
Comment
Question by:abdulv
1 Comment
 
LVL 27

Accepted Solution

by:
yodercm earned 500 total points
Comment Utility
A simpler and easier way to do this is:

$query = mysql_query("SELECT * FROM users WHERE account='$account' AND password='$password' AND 'user_login='$username'");
if (mysql_num_rows($query) != 1)  .....

Also MAKE CERTAIN that you safety filter the inputs!  Right now you are wide open to SQL Injection hacking.  Use this:

      $account= mysql_real_escape_string($_POST[account]);
      $username = mysql_real_escape_string($_POST[username]);
      $password = mysql_real_escape_string($_POST[pass]);
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Entering a date in Microsoft Access can be tricky. A typo can cause month and day to be shuffled, entering the day only causes an error, as does entering, say, day 31 in June. This article shows how an inputmask supported by code can help the user a…
Read about achieving the basic levels of HRIS security in the workplace.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now