API tools faq
paste
Advertisement
gitlez

YA: Login System Checks 20130602133558AAn5syI

gitlez
Jun 2nd, 2013
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.52 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // http://answers.yahoo.com/question/index?qid=20130602133558AAn5syI
  4.  
  5.  
  6. session_start();
  7.  
  8. $server ="localhost";
  9. $username ="root";
  10. $password ="spenck23";
  11. $database ="user_accounts";
  12. $connect = mysqli_connect($server, $username, $password, $database) or die("cannot connect");
  13.  
  14. function __post($name){
  15.     $var = ((isset($_POST[$name]))? trim($_POST[$name]) : '');
  16.     return mysqli_real_escape_string( stripslashes( $var ) );
  17. }
  18.  
  19. $username = __post('username');
  20. $password = __post('password');
  21.  
  22.  
  23. // Missing Closing Quotes (") on the statement below.
  24. // Only return one column, saves resources.
  25. // Matching the username and password in MySQL, frees you from doing the checks in PHP.
  26. // LIMIT 1, stop searching once a match is found. No need to return multiple rows.
  27. $result = mysqli_query($connect,"SELECT username FROM users WHERE username='$username' && password='$password' LIMIT 1");
  28.  
  29. if( !$result ){
  30.     // Query Failed/Errored Display error message
  31.     echo '<h3>MySQL Query Error</h3>';
  32.     echo '<p>' . mysqli_error( $connect ) . '</p>';
  33.     exit;
  34. }else if( mysqli_num_rows( $result) === 1){ // One row returned = one match found
  35.     // session_register() is depracated, stop using it.
  36.     $_SESSION['username'] = $username;
  37.     // Although no need to keep the password
  38.     $_SESSION['password'] = $password;
  39.     // header('location: login_success.php');
  40.     // Why are you sending the user somewhere when there
  41.     // is still data to display.
  42.     echo '<p>Hello ' . $username . ', you have been logged in successfully.</p>';
  43. }else{
  44.     echo '<h3>Login Error</h3>';
  45.     echo '<p>Username/Password combo is incorrect.</p>';
  46.     exit;
  47. }
  48.  
  49.  
  50. // Tip: When PHP tells you the error is on one line, typically it is a line directly above that line
  51. // or within a couple. I would suggest using a text editor with code highlighting. It will save you
  52. // time looking for certain errors. ( http://notepad-plus-plus.org )
  53.  
  54. $result = mysqli_query($connect,"SELECT * FROM notes");
  55.  
  56. // Again Check if query was successfull.
  57. if( !$result ){
  58.     // Query Failed/Errored Display error message
  59.     echo '<h3>MySQL Query Error</h3>';
  60.     echo '<p>' . mysqli_error( $connect ) . '</p>';
  61.     exit;
  62. }else if( mysqli_num_rows( $result) === 0){ // Query Was successfull, but no notes to display
  63.     echo '<h3>Query Successfull</h3>';
  64.     echo '<p>There are currently no Notes in the database.</p>';
  65. }else{ // Query Successful and at least one row of notes was returned.
  66.     echo '<h3>Notes</h3>';
  67.     while($row = mysqli_fetch_array($result)){
  68.         echo $row['username'];
  69.         echo "<br>";
  70.     }
  71. }
  72.  
  73. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!