Hi all, it's the first time i use this ML and i'm pretty new to php and sql
so please excuse me for every well known thing i say.
I'm trying to make a little login routine.
Here i post my code:
<HTML>
<BODY>
<?php
if(!empty($_POST['submit'])){
$query1="select * from admin where User=$user;";
include ("dbdats.txt");
$link = mysql_connect ( "$db_host", "$db_login", "$db_pass");
if(($link) && (mysql_select_db($database,$link))){
print("Connection to the server is ok.<br>");
}
else{
print( "Can't connect to the server.<br>");
exit;
}
$user=$_POST['user'];
$password=$_POST['password'];
$query=(mysql_query("select * from admin where user=\"$user\"",$link));
if(!empty($query)){
$dati=mysql_query("select * from admin where (user=\"$user\" AND
password=\"$password\");",$link);
if(!empty($dati)){
print("Authentication ok.<br>");
for ($i = mysql_num_rows ($dati) - 1; $i >=0; $i--) {
if (!mysql_data_seek ($dati, $i))
continue;
if(!($row = mysql_fetch_object ($dati)))
continue;
printf ( "Welcome back %s!<BR>\n", $row->User);
}
}
else
print("Wrong password.<br>");
}
else
print("User name <b>".$user."</b> not valid.<br>");
}
else{ ?>
<form method="POST">
Inserire UserId<br>
<input type="text" size="10" name="user">
<br>Inserire Password<br>
<input type="password" size="10" name="password">
<input type="submit" name="submit" value="Login">
</form>
<?php
}
?>
</BODY>
</HTML>
I cannot understand why whatever USER i type i always am authenticated :(
I've put 2 checks:
user name
and
password.
Neverthless everything i type is ok for this script.
Why?
If i type the same queries from the mysql shell, they work!
Can't understand where the error is.
Hope some one can help me.
Thank you
Claudio
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
