5 Replies - 536 Views - Last Post: 02 April 2012 - 11:29 AM Rate Topic: -----

#1 Syfer  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 190
  • Joined: 08-October 10

Validation not working

Posted 02 April 2012 - 08:38 AM

<?php
if(isset($_POST['login']))
{
$uname=$_POST['uname'];
if(empty($uname)
){
echo "<script>alert('username is empty')</script>";
}
else
{
if(empty($_POST['pwd']))
{
echo "<script>alert('password is empty')</script>";
}
else
{

$po = "SELECT * FROM accounts WHERE uname='$uname'";
$resulty = mysql_query($po) or die(mysql_error());
while($rowy = mysql_fetch_array($resulty))
{
if(empty($rowy['id_no']))
{
    echo "<script>alert('Account doesn't exist')</script>";
}
else
{
if(md5($_POST['pwd']) != $rowy['pwd'])
{
     echo "<script>alert('Your password is incorrect')</script>";
}
else
{
		     
			 $_SESSION['position']=$rowy['position'];
			 $_SESSION['id_no'] = $rowy['id_no'];
             $_SESSION['uname'] = $_POST['uname'];
		    echo '<meta http-equiv="refresh" content="0;url=index1.php">';
	         exit;
    }
	}
	}	
	}	
	}
	}
  
   if(isset($_REQUEST["action"]) && $_REQUEST["action"] == "login"){
  echo '<div class="gin">
<form method="post">
  LOGIN
  <br />
  Username:
  <input type="text" name="uname"/>
  <br />
  <br />
 Password:&nbsp
<input type="password" name="pwd"/>
<input type="submit" name="login" value="login" />
<a href="index.php"><input type="button" value="back" /></a></p>
</form>
</div>';
}
  
?>




my code
and the part of my validation which is not working
if(empty($rowy['id_no']))
{
    echo "<script>alert('Account doesn't exist')</script>";
}
else
{



any help would be appreciated.

Is This A Good Question/Topic? 0
  • +

Replies To: Validation not working

#2 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 943
  • View blog
  • Posts: 2,353
  • Joined: 15-February 11

Re: Validation not working

Posted 02 April 2012 - 09:01 AM

If you're only checking for the existence of an account you should use MySQL's function COUNT().
SELECT COUNT(`field`) AS `total` FROM `table` WHERE `username` = :uname


You would only need to fetch one row with this query.
$results = mysql_query($sql);
$row = mysql_fetch_assoc($results);
if((int)$row['total'] > 0)
    // ... Account exists
else
    // ... Account doesn't exist



Next time when you're posting at least use indentation so that we don't have to sift through code to really follow what's going on. Don't throw user input directly into your queries since they'll make your application vulnerable to SQL injections. I'm sure we've told you this time and time again. Finally, use MySQLi or PDO. mysql_* functions are outdated.
Was This Post Helpful? 0
  • +
  • -

#3 Syfer  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 190
  • Joined: 08-October 10

Re: Validation not working

Posted 02 April 2012 - 09:52 AM

are there any other solution aside from that?
Was This Post Helpful? 0
  • +
  • -

#4 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6021
  • View blog
  • Posts: 23,395
  • Joined: 23-August 08

Re: Validation not working

Posted 02 April 2012 - 09:58 AM

WHY??? That's the RIGHT way to do it!
Was This Post Helpful? 0
  • +
  • -

#5 Syfer  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 190
  • Joined: 08-October 10

Re: Validation not working

Posted 02 April 2012 - 10:22 AM

<?php
if(isset($_POST['login'])){
$uname=$_POST['uname'];
if(empty($uname)){
echo "<script>alert('username is empty')</script>";
}else{
if(empty($_POST['pwd'])){
echo "<script>alert('password is empty')</script>";
}else{
$po = "SELECT COUNT(`id_no`) AS total FROM accounts WHERE uname='$uname'";
$results = mysql_query($po);
$row = mysql_fetch_assoc($results);
if((int)$row['total'] > 0)
    if(md5($_POST['pwd']) != $rowy['pwd']){
     echo "<script>alert('Your password is incorrect')</script>";
	}else{
		     
			 $_SESSION['position']=$rowy['position'];
			 $_SESSION['id_no'] = $rowy['id_no'];
             $_SESSION['uname'] = $_POST['uname'];
		    echo '<meta http-equiv="refresh" content="0;url=index1.php">';
	         exit;
    }
else
    echo "<script>alert('Account doesn't exist')</script>";

	
	}
	}	
	}	
	
?>



then i might be the one who got it wrong..
did i used it correctly or wrong?
*disregard the sql injection thing gonna fix that later after this.*
Was This Post Helpful? 0
  • +
  • -

#6 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 943
  • View blog
  • Posts: 2,353
  • Joined: 15-February 11

Re: Validation not working

Posted 02 April 2012 - 11:29 AM

It looks like you're just trying to guess a solution. Firstly, $rowy does not exist and you don't need to check if an accounts exists if you're trying to match the credentials. All you need to do is count the amount of matches you have and if it's equal to one then the user name and password are correct.
SELECT COUNT(`field`) AS `total` FROM `table` WHERE `username` = :uname AND `password` = :pass

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1