8 replies to this topic

[mutago]

good day everyone,I want to develop a login page with username and password.if the user uses the account two times, let the account be disable.that is if the user tries to use the account the 3rd time she will recieve an error message that the account is no longer valid that she has to get new username and password.

thanks

[dargueta]

This sounds like homework. What do you have so far?

[Alexander]

You can store their login count in a tinyint column named logincount.

On login:

• Check if logincount is <= 2. True? display message. False? allow login.
  
• Update the count, "UPDATE tbl_users SET logincount = logincount + 1 WHERE uid = $uid"

[mutago]

Thanks for your reply, this is what i have so far. how do i proceed

<?

	if( !isset($_SESSION) ) { session_start(); }

	$database_db="crown";

	$user_db="root";

	$password_db="root";

	$host_db="localhost";


	$link=mysql_connect($host_db,$user_db,$password_db) or die ("couldnot connect: ".mysql_error());

	mysql_select_db($database_db, $link)  or exit('Error Selecting database: '.mysql_error()); ;

	

	$userid=$_POST["userid"];

	$password=$_POST["password"];


	$errormessage = "";


	$sql="SELECT * FROM usertab  where userid='$userid' and password='$password'";

	$result = mysql_query($sql, $link)  or exit('$sql failed: '.mysql_error()); 

	$num_rows = mysql_num_rows($result);

	if($num_rows==0){

		header("Location: error.php");

	} else {

		header("Location: test/add.php");

		exit;

	}

?>

[dargueta]

$sql="SELECT * FROM usertab  where userid=[COLOR=RED]'$userid' and password='$password'[/COLOR]";

Bad idea. This leaves you vulnerable to SQL injection, which can blow away your entire database. Definitely sanitize your input before running it, i.e. scan for invalid characters like * / \ | & and so on, and reject the input as necessary.

[Alexander]

One way is to append AND count <= 2 to the query that checks their login credentials, assuming you have set up a tinyint column named "count".

Then on successful login before header("Location: test/add.php") you may add another query, such as
UPDATE usertab SET count = count + 1 WHERE userid = '$userid'

Also Dargueta is right, you must escape your variables for data integrity:

     $userid = mysql_real_escape_string($_POST["userid"]);
     $password = mysql_real_escape_string($_POST["password"]);

[mutago]

thanks for your response.
I tried to add it as shown in the code below but it displays an error. Secondly how and where can i add this count <=2 in the code

<?

	if( !isset($_SESSION) ) { session_start(); }

	$database_db="crown";

	$user_db="root";

	$password_db="root";

	$host_db="localhost";


	$link=mysql_connect($host_db,$user_db,$password_db) or die ("couldnot connect: ".mysql_error());

	mysql_select_db($database_db, $link)  or exit('Error Selecting database: '.mysql_error()); ;

	

	$userid=$_POST["userid"];

	$password=$_POST["password"];


	$errormessage = "";


	$sql="SELECT * FROM usertab  where userid='$userid' and password='$password'";

 $sql="UPDATE usertab SET count = count + 1 WHERE userid = '$userid'";

	$result = mysql_query($sql, $link)  or exit('$sql failed: '.mysql_error()); 

	$num_rows = mysql_num_rows($result);

	if($num_rows==0){

		header("Location: error.php");

	} else {

		header("Location: test/add.php");

		exit;

	}

?>

please can you help me to fix it where it should be thanks

[Alexander]

To the first query, you also need to bring the second query right before the header("Location: test/add.php"); line and of course execute them both separately.

[mutago]

I have work the code as you said. Now the code only count or update the number of times the user logged in. I like I said earlier, my intention was to make users login account invalid on 2nd time login.That is if the user use the account 2 times,it will be invalid and she will be ask to produce another username and password. below is the updated code
thanks

<?

      if( !isset($_SESSION) ) { session_start(); }

	$database_db="cat";

	$user_db="root";

	$password_db="root";

	$host_db="localhost";

	$link=mysql_connect($host_db,$user_db,$password_db) or die ("couldnot connect: ".mysql_error());

	mysql_select_db($database_db, $link)  or exit('Error Selecting database: '.mysql_error()); ;

	$userid=$_POST["userid"];

	$password=$_POST["password"];

	$errormessage = "";

	$sql="SELECT * FROM usertab  where userid='$userid' and password='$password'";

      $sql1="UPDATE usertab SET count = count + 1 WHERE userid = '$userid'";

      $result1=mysql_query($sql1);


	$result = mysql_query($sql, $link)  or exit('$sql failed: '.mysql_error()); 

	$num_rows  = mysql_num_rows($result);

	if($num_rows==0 AND $count <= 2){

		echo "error <BR>";

} 

else {

		header("Location: insert1.php");

		exit;

	}

?>