2 replies to this topic

[capoon]

Hi experts, please i need help on this login code.
i created table login_table with the following identity and 4 passwords.
my aim was to login using the identity and any of the password that the user wants
such that if the user enters her identity and any of the password randomly,if there is a match, she will be authenticated.

this is what i have done so far
login_html.php

<html>

<head></head><body>

<form action=login.php method=post>

identity:< input type=text name=identity>

password:<input type=password name="">

</body></html>

login_php

<?

	if( !isset($_SESSION) ) { session_start(); }

	$database_db="test";

	$user_db="root";

	$password_db="root";

	$host_db="localhost";


	$link=mysql_connect($host_db,$user_db,$password_db) or die ("couldnot connect: ".mysql_error());

	mysql_select_db($database_db, $link)  or exit('Error Selecting database: '.mysql_error()); 

	


// forget about sql injection protection for the form here


	$identity=$_POST["identity"];

	$password1=$_POST["password1"];

        $password2=$_POST["password2"];

        $password3=$_POST["password3"];

        $password4=$_POST["password4"];


	$errormessage = "";


// i needed help here


	$sql="SELECT * FROM login_table  where identity='$identity' and password1='$password1' and password2='$password2'";

	$result = mysql_query($sql, $link)  or exit('$sql failed: '.mysql_error()); 

	$num_rows = mysql_num_rows($result);

	if($num_rows==0){

		header("Location: error_login.php");

	} else {

		header("Location: success.php");

		exit;

	}

?>

thanks

[WingedPanther]

Your form only sets two variables: identity and password.

"SELECT * FROM login_table where identity='$identity' and (password1='$password' or password2='$password' or password3='$password' or password4='$password')";

[capoon]

thanks, working