4 replies to this topic

[mutago]

Good day everyone, This code updates or counts the number of times users logged in. I want to disable or make users login account invalid on 4th attempt by loading an error page such that the user will be ask to get new account. how do I proceed. Below is my attempt so far. Do i need to set count <=4 to true? or false?. If possible,how
thanks

<?

      if( !isset($_SESSION) ) { session_start(); }

	$database_db="cat";

	$user_db="root";

	$password_db="cyberworld";

	$host_db="localhost";

	$link=mysql_connect($host_db,$user_db,$password_db) or die ("couldnot connect: ".mysql_error());

	mysql_select_db($database_db, $link)  or exit('Error Selecting database: '.mysql_error()); ;

	$userid=$_POST["userid"];

	$password=$_POST["password"];

	$errormessage = "";

	$sql="SELECT * FROM usertab  where userid='$userid' and password='$password'";

      $sql1="UPDATE usertab SET count = count + 1 WHERE userid = '$userid'";

      $result1=mysql_query($sql1);


	$result = mysql_query($sql, $link)  or exit('$sql failed: '.mysql_error()); 

	$num_rows  = mysql_num_rows($result);

	if($num_rows==0 AND count <= 2){

		echo "error <BR>";

} 

else {

		header("Location: insert1.php");

		exit;

	}

?>

[Alexander]

I would personally simplify it, for example separating the queries in a logical manner and check if the account exists before checking if they have a higher count, I had commented the code to better give you an understanding of what I have done.

<?php
    if( !isset($_SESSION) ) { session_start(); }
    $database_db="cat";
    $user_db="root";
    $password_db="cyberworld";
    $host_db="localhost";
    
    // connect to database
    mysql_connect($host_db,$user_db,$password_db) or die ("couldnot connect: ".mysql_error());
    mysql_select_db($database_db, $link)  or exit('Error Selecting database: '.mysql_error()); ;
    
    // escape user input for database protection
    $userid = mysql_real_escape_string($_POST["userid"]);
    $password = mysql_real_escape_string($_POST["password"]);
    
    // get user count from database, as that is all we need
    $user = "SELECT count FROM usertab WHERE userid='$userid' AND password='$password'";
    $userres = mysql_query($user);

    // fetch the single user row we had selected
    $row = mysql_fetch_row($userres);
    
    // check if the user exists first
    if(mysql_num_rows($userres) != 0) {
        // check if the user has logged in 3 times already
        if($row['count'] > 3) {
            echo "Error - You have logged in three times.";
        } else {
            //successful login, increment count by one
            mysql_query("UPDATE usertab SET count = count + 1 WHERE userid = '$userid'");
            //redirect them to the page
            header("Location: insert1.php");
        }
    } else {
        //if their username and password returned nothing
        echo "Error - Your account does not seem to exist.";
    }
?>

Note I have not tested this, if there is an error it is most likely something simple, you can ask.

Edited by Alexander, 17 February 2011 - 09:56 PM.

[mutago]

Thanks Mr. Alexander, I have set operator >=3 and it allows the user to login as many as she want by loading insert1.php without limit. but my intention was to stop the user from login after three times account usage by loading the error page

echo "Error - You have logged in three times.";

However, the error page can only load if i use <=3 but it will not allow any user to login in the first place. Please what do i do.I created my table using this data type
count = tinyint
userid = varchar
password = varchar
What do i do thanks

[Alexander]

Here I had time to test, the following works fine on my machine:

  <?php
    if( !isset($_SESSION) ) { session_start(); }
    $database_db="cat";
    $user_db="root";
    $password_db="cyberworld";
    $host_db="localhost";
    
    // connect to database
    mysql_connect($host_db,$user_db,$password_db) or die ("couldnot connect: ".mysql_error());
    mysql_select_db($database_db, $link)  or exit('Error Selecting database: '.mysql_error());
      
    // escape user input for database protection
    $userid = mysql_real_escape_string($_POST["userid"]);
    $password = mysql_real_escape_string($_POST["password"]);
    
    // get user count from database, as that is all we need
    $user = "SELECT count FROM usertab WHERE userid='$userid' AND password='$password'";
    $userres = mysql_query($user);

    // fetch the single user row we had selected
    $row = mysql_fetch_row($userres);
    
    // check if the user exists first
    if(mysql_num_rows($userres) != 0) {
        // check if the user has logged in 3 times already, 0-1-2
        if($row[0] > 2) {
            echo "Error - You have logged in three times.";
        } else {
            //successful login, increment count by one
            mysql_query("UPDATE usertab SET count = count + 1 WHERE userid = '$userid'");
            //redirect them to the page
            echo "Should be redirected now";
        }
    } else {
        //if their username and password returned nothing
        echo "Error - Your account does not seem to exist.";
    }
?> 

Simply had to access the first element that mysql_fetch_row returned rather than accessing it as an array, as it does not associate. Try that!

Remember to insert new users with 0 as their count, or else it may not work.

[mutago]

Thanks, Your are the greatest Alexander, believe me I will cross the globe singing your name