Jump to content
MakeWebGames

sql issue


PHPDevil
 Share

Recommended Posts

Hi guys,

Im simply creating a login page for when people visit my website. Not up at the moment though.

Issue I'm having is that authentication of the username and password works when you visit the page for the first time but doesn't when you press the login button.

the php and sql i've used is:

 

$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';
$error_string = '';
if ($page_mode == 'Login')
{
 $username = $_POST['username'];
 $password = $_POST['password'];
    if (trim($username) == '' || trim($password) == '') 
            $error_string .= '<font color=red>You have left either the username or password field blank!</font><br />';
}
else 
{
$result = $mysqli->query("SELECT PlayerID, Username, Password FROM Persons WHERE Username='" . mysql_real_escape_string($username) . "'");
if (!($row = mysql_fetch_assoc($result)) || $row['password'] != sha1($password))
         $error_string .= 'Please check your email address or password. Your details weren\'t correct <br />';
   else
   {
         $error_string .= 'Site not ready';
   }

}

 

and for my HTML

 

echo "
<div class='login'>
<div align='right'>
<img src='/outsideimage/toppart.png' />
</div>
<div class='logincol'>";
echo $error_string; 
echo "<form method='post' action=''>
<input type='hidden' name='page_mode' value='Login'>
  Username:<br />
 <input type='text' name='username' size='30px' /><br />
  Password:<br />
 <input type='password' name='password' size='30px' /><br /><br />
  <input type='submit' value='Login' title='Login' />
</div>
<img src='/outsideimage/topbot.png' />
</div>";

 

I would like to point out that if either the username or password is blank the correct error message comes up. if there not nothing happens :( it simply won't check it against the databse when you press login but will when you type the url in O,o

Link to comment
Share on other sites

$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';
$error_string = '';
if( $page_mode == 'Login' )
{
$username = $_POST['username'];
$password = $_POST['password'];
if( trim($username) == '' || trim($password) == '' )
{
	$error_string .= '<font color=red>You have left either the username or password field blank!</font>';
}
else
{
	$result = $mysqli->query("SELECT PlayerID, Username, Password FROM Persons WHERE Username='" . mysql_real_escape_string($username) . "'");
	if( ! ($row = mysql_fetch_assoc($result)) || $row['password'] != sha1($password))
	{
		$error_string .= 'Please check your email address or password. Your details weren\'t correct ';
	}
}
}

 

Give it a try, post back.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...