MySQL PHP Password Checker

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Richard M
    #1

    MySQL PHP Password Checker

    Can anyone please lend me a hand,
    I'm trying to design a cookie based password system.
    I have managed to do everything bar one thing that is driving me
    crazy.


    I have a MYSQL database called "PassworDB" which has a table in it
    called "auth",
    this table has the columns "user_id" (this is an auto incrementing
    number) "user" (meant for the users name) and "password".

    All I'm trying to do is search through the results of a MYSQL query
    "Select * from pages where user = '$form_user'" ($form_user being
    generated from a html form), and compare it to $form_pass (again
    generated by the html form) for verification that the user exists in
    my database and has supplied the correct password.

    I have tried loop's foreach's while statements and all sorts but don't
    seem to be able to crack it.

    I am quite new to the language so I'm sure it's just the way I'm
    trying to do it. If anyone can give me an example or even just tell
    me the best way to do it would be really appreciative... .

    CHEERS......
    Tags: None
    • Andy Hassall
      #2
      Re: MySQL PHP Password Checker

      On 30 Sep 2003 12:28:18 -0700, r_marriott20@ya hoo.com (Richard M) wrote:
      [color=blue]
      >Can anyone please lend me a hand,
      >I'm trying to design a cookie based password system.
      >I have managed to do everything bar one thing that is driving me
      >crazy.
      >
      >I have a MYSQL database called "PassworDB" which has a table in it
      >called "auth",
      >this table has the columns "user_id" (this is an auto incrementing
      >number) "user" (meant for the users name) and "password".
      >
      >All I'm trying to do is search through the results of a MYSQL query
      >"Select * from pages where user = '$form_user'" ($form_user being
      >generated from a html form), and compare it to $form_pass (again
      >generated by the html form) for verification that the user exists in
      >my database and has supplied the correct password.[/color]

      Do $form_user and $form_pass actually have values? Global variables from forms
      are not generated by PHP's default and recommended configuration, as of many
      versions ago. There's plenty of out-of-date tutorials and books out there that
      still use it. Search for 'register_globa ls', and replace any form global
      variables with $_GET['form_user'] or $_POST['form_user'] depending on the form
      method.
      [color=blue]
      >I have tried loop's foreach's while statements and all sorts but don't
      >seem to be able to crack it.[/color]

      It's usually best to post your best effort, as it proves you've put some
      effort in before asking: and you're probably closer than you think to solving
      it in the first place. It's easier for people to post a couple of corrections
      to an existing broken script than writing it up from scratch.

      --
      Andy Hassall (andy@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk)
      Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)

        Comment

        • Geoff Berrow
          #3
          Re: MySQL PHP Password Checker

          I noticed that Message-ID:
          <acf7a0f8.03093 01128.50b2c053@ posting.google. com> from Richard M
          contained the following:
          [color=blue]
          >All I'm trying to do is search through the results of a MYSQL query
          >"Select * from pages where user = '$form_user'" ($form_user being
          >generated from a html form), and compare it to $form_pass (again
          >generated by the html form) for verification that the user exists in
          >my database and has supplied the correct password.[/color]

          Use the query to check it rather than the php. If the username and
          password both exist (you do check at least one of them is unique don't
          you?) then the query will only return one row.

          This code receives parameters from another page.

          $username=strto lower($_POST['user']);
          $password=strto lower($_POST['pass']);
          $usercheck = mysql_query("SE LECT * FROM customer where
          username='$user name' AND password='$pass '",$db);
          $userrow = mysql_fetch_arr ay($usercheck);
          $num_rows = mysql_num_rows( $usercheck);
          if ($num_rows!=1){
          print "<p><b>user name and/or password not found. Try
          again?</b></p>";

          else{retrieve details or do other stuff}
          ?>
          --
          Geoff Berrow
          It's only Usenet, no one dies.
          My opinions, not the committee's, mine.
          Simple RFDs http://www.ckdog.co.uk/rfdmaker/

            Comment

            • Richard M
              #4
              Re: MySQL PHP Password Checker

              Andy.. Cheers for the advise, I can see why you say to post my best
              effort. I will do in the future..

              Geoff... Bang on.. that's brilliant, don't know why I didn't thing of
              using a SQL statement to do the hard work, makes it all run a dam
              sight better as well.


              Mucho thanks to both of you.......

                Comment

                Previous template Next
                Working...