By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,144 Members | 880 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,144 IT Pros & Developers. It's quick & easy.

MySQL PHP Password Checker

P: n/a
Can anyone please lend me a hand,
I'm trying to design a cookie based password system.
I have managed to do everything bar one thing that is driving me
crazy.
I have a MYSQL database called "PassworDB" which has a table in it
called "auth",
this table has the columns "user_id" (this is an auto incrementing
number) "user" (meant for the users name) and "password".

All I'm trying to do is search through the results of a MYSQL query
"Select * from pages where user = '$form_user'" ($form_user being
generated from a html form), and compare it to $form_pass (again
generated by the html form) for verification that the user exists in
my database and has supplied the correct password.

I have tried loop's foreach's while statements and all sorts but don't
seem to be able to crack it.

I am quite new to the language so I'm sure it's just the way I'm
trying to do it. If anyone can give me an example or even just tell
me the best way to do it would be really appreciative....

CHEERS......
Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
On 30 Sep 2003 12:28:18 -0700, r_**********@yahoo.com (Richard M) wrote:
Can anyone please lend me a hand,
I'm trying to design a cookie based password system.
I have managed to do everything bar one thing that is driving me
crazy.

I have a MYSQL database called "PassworDB" which has a table in it
called "auth",
this table has the columns "user_id" (this is an auto incrementing
number) "user" (meant for the users name) and "password".

All I'm trying to do is search through the results of a MYSQL query
"Select * from pages where user = '$form_user'" ($form_user being
generated from a html form), and compare it to $form_pass (again
generated by the html form) for verification that the user exists in
my database and has supplied the correct password.
Do $form_user and $form_pass actually have values? Global variables from forms
are not generated by PHP's default and recommended configuration, as of many
versions ago. There's plenty of out-of-date tutorials and books out there that
still use it. Search for 'register_globals', and replace any form global
variables with $_GET['form_user'] or $_POST['form_user'] depending on the form
method.
I have tried loop's foreach's while statements and all sorts but don't
seem to be able to crack it.


It's usually best to post your best effort, as it proves you've put some
effort in before asking: and you're probably closer than you think to solving
it in the first place. It's easier for people to post a couple of corrections
to an existing broken script than writing it up from scratch.

--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Jul 17 '05 #2

P: n/a
I noticed that Message-ID:
<ac**************************@posting.google.com > from Richard M
contained the following:
All I'm trying to do is search through the results of a MYSQL query
"Select * from pages where user = '$form_user'" ($form_user being
generated from a html form), and compare it to $form_pass (again
generated by the html form) for verification that the user exists in
my database and has supplied the correct password.


Use the query to check it rather than the php. If the username and
password both exist (you do check at least one of them is unique don't
you?) then the query will only return one row.

This code receives parameters from another page.

$username=strtolower($_POST['user']);
$password=strtolower($_POST['pass']);
$usercheck = mysql_query("SELECT * FROM customer where
username='$username' AND password='$pass'",$db);
$userrow = mysql_fetch_array($usercheck);
$num_rows = mysql_num_rows($usercheck);
if ($num_rows!=1){
print "<p><b>username and/or password not found. Try
again?</b></p>";

else{retrieve details or do other stuff}
?>
--
Geoff Berrow
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #3

P: n/a
Andy.. Cheers for the advise, I can see why you say to post my best
effort. I will do in the future..

Geoff... Bang on.. that's brilliant, don't know why I didn't thing of
using a SQL statement to do the hard work, makes it all run a dam
sight better as well.
Mucho thanks to both of you.......
Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.