To register for an Internet.com membership to receive newsletters and white papers, use the Register button ABOVE.
To participate in the message forums BELOW, click here
Hello I am tryin to build a simple login in php code but i keep gettin a problem, on my else statement before the echo "Incorrect Password" why is that any ideas!
Please help being tryin to fix it for hours ((((((((((((((((((( ! Here is that part of the code :
$connect = mysql_connect("localhost","root","") or die ("couldn't connect!!");
mysql_select_db("phplogin") or die ("Couldn't find db!");
$query=mysql_query("select * from users where username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query));
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
// check to see if they match!
if ($username==$dbusername&&$password==$dbpassword);
{
echo " You are in!";
}
{else
echo "Incorrect Password!";
}
}
else
die ("That user doesn't exist!");
}
else
die("Please enter a username and password");
?>
Do you find anything wrong?
Last edited by NogDog; 10-20-2009 at 02:46 PM.
Reason: Added [php] tags around code
{else
echo "Incorrect Password!";
}
I have put that part in bracets because i tried numerous times without them. but still nothing is fixed I keep getting that :
Parse error: syntax error, unexpected T_ELSE in C:\XAMPP\xampp\htdocs\login.php on line 29
I found 2 syntax errors: (1) you had an unwanted semi-colon after the IF condition where you check the login and password values, and (2) the "{" needs to come after the "else". Also, just for consistency, and ease in debugging, I'd recommend using braces with all if/else blocks, even if they're only one-liners:
PHP Code:
<?php $username = $_POST['username']; $password = $_POST['password']; if ($username && $password) { $connect = mysql_connect("localhost", "root", "") or die("couldn't connect!!"); mysql_select_db("phplogin") or die("Couldn't find db!"); $query = mysql_query("select * from users where username='$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0) { while ($row = mysql_fetch_assoc($query)); { $dbusername = $row['username']; $dbpassword = $row['password']; } // check to see if they match! if ($username == $dbusername && $password == $dbpassword) { echo " You are in!"; } else { echo "Incorrect Password!"; } } else { die("That user doesn't exist!"); } } else { die("Please enter a username and password"); } ?>
__________________
"That's what the gods are! An answer that will do! Because there's food to be caught and babies to be born and life to be lived and so there is not time for big, complicated, and worrying answers! Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." -- from Nation, by Terry Pratchett freelancer.internet.com Email me
I found 2 syntax errors: (1) you had an unwanted semi-colon after the IF condition where you check the login and password values, and (2) the "{" needs to come after the "else". Also, just for consistency, and ease in debugging, I'd recommend using braces with all if/else blocks, even if they're only one-liners:
PHP Code:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
$connect = mysql_connect("localhost", "root", "") or die("couldn't connect!!");
mysql_select_db("phplogin") or die("Couldn't find db!");
$query = mysql_query("select * from users where username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row = mysql_fetch_assoc($query)); {
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
// check to see if they match!
if ($username == $dbusername && $password == $dbpassword) {
echo " You are in!";
} else {
echo "Incorrect Password!";
}
} else {
die("That user doesn't exist!");
}
} else {
die("Please enter a username and password");
}
?>
Tried the code it has fixed the problem on line 29 thank you .
I keep getting the Incorrect password message even when the pass is correct . Any idea why this is happenin? I am sure that the username and pass are the same in MYSQL.
Personally I would recommend you escape both your $_POST['username'] and $_POST['password'] to keep security in mind.
Also, your code seems to allow duplicate usernames and passwords in your database. Surely you would only allow a user to login if $numrows was equal to 1?
Personally I would recommend you escape both your $_POST['username'] and $_POST['password'] to keep security in mind.
Also, your code seems to allow duplicate usernames and passwords in your database. Surely you would only allow a user to login if $numrows was equal to 1?
Just a thought.
That can be enforced by the database table definition by ensuring the username field is unique, so it does not really need to be enforced in the PHP login code (assuming it is enforced in the DB). It wouldn't hurt anything to check that it's equal to 1 (as opposed to > 0), but I don't see any particular advantage to either comparison.
__________________
"That's what the gods are! An answer that will do! Because there's food to be caught and babies to be born and life to be lived and so there is not time for big, complicated, and worrying answers! Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." -- from Nation, by Terry Pratchett freelancer.internet.com Email me
((((((((((((((((((( ! Here is that part of the code : 
. 
Linear Mode
