Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

login records problem

records login

  • Please log in to reply
2 replies to this topic

#1 capoon

capoon

    CC Lurker

  • Just Joined
  • Pip
  • 6 posts

Posted 28 September 2011 - 12:57 PM

Hi experts, please i need help on this login code.
i created table login_table with the following identity and 4 passwords.
my aim was to login using the identity and any of the password that the user wants
such that if the user enters her identity and any of the password randomly,if there is a match, she will be authenticated.

this is what i have done so far
login_html.php

<html>
<head></head><body>
<form action=login.php method=post>
identity:< input type=text name=identity>
password:<input type=password name="">
</body></html>

login_php


<?
	if( !isset($_SESSION) ) { session_start(); }
	$database_db="test";
	$user_db="root";
	$password_db="root";
	$host_db="localhost";

	$link=mysql_connect($host_db,$user_db,$password_db) or die ("couldnot connect: ".mysql_error());
	mysql_select_db($database_db, $link)  or exit('Error Selecting database: '.mysql_error()); 
	

// forget about sql injection protection for the form here

	$identity=$_POST["identity"];
	$password1=$_POST["password1"];
        $password2=$_POST["password2"];
        $password3=$_POST["password3"];
        $password4=$_POST["password4"];

	$errormessage = "";

// i needed help here

	$sql="SELECT * FROM login_table  where identity='$identity' and password1='$password1' and password2='$password2'";
	$result = mysql_query($sql, $link)  or exit('$sql failed: '.mysql_error()); 
	$num_rows = mysql_num_rows($result);
	if($num_rows==0){
		header("Location: error_login.php");
	} else {
		header("Location: success.php");
		exit;
	}
?>

thanks
  • 0

#2 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 28 September 2011 - 01:14 PM

Your form only sets two variables: identity and password.

"SELECT * FROM login_table where identity='$identity' and (password1='$password' or password2='$password' or password3='$password' or password4='$password')";
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#3 capoon

capoon

    CC Lurker

  • Just Joined
  • Pip
  • 6 posts

Posted 28 September 2011 - 05:17 PM

thanks, working
  • 0





Also tagged with one or more of these keywords: records, login

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download