-1

I have tried to create a PHP log in form. My code is as follows. The if-else statement is not functioning well. Please solve this. 

    $connect = mysql_connect("localhost", "root", ""); //connect
    mysql_select_db("elective_mgmt", $connect);
    $username = $_GET["name"];
    $password = $_GET["password"];
    $query = "SELECT * from verify_student where 
      username='$username' && password='$password'";
    $result = mysql_query($query);
    $row = mysql_fetch_array($result);
    if (name == $username && password == $password)
        echo "you are logged in";
    else 
        echo "please recheck your password and username";
icedwater
  • 4,701
  • 3
  • 35
  • 50
Shiva Bhusal
  • 57
  • 10
  • 7
    Totally dirty code, I won't solve your issue as it will just make you even lazier..Instead I would suggest you to learn PHP first and than start writing your code... Also note, login will never be possible without sessions... – Mr. Alien Jul 08 '13 at 05:43
  • 5
    you are wide open for SQL injection. Also, by using `$_GET` you are putting `password` in the url. – Sean Jul 08 '13 at 05:43
  • 1
    what are the value of var_dump $username ,$password, $result. this line is wrong 'if (name == $username && password == $password)'. Just think what is name ???? where it comes from.. – Ruwantha Jul 08 '13 at 05:53
  • Also, OP should be hashing the passwords at the very least. –  Jul 08 '13 at 05:54
  • use this link for better http://stackoverflow.com/questions/10956308/php-and-mysql-login-query – Desire Jul 08 '13 at 06:08
  • Your if condition is wrong. `name == $username` What is name ? – GoodSp33d Jul 08 '13 at 07:02

3 Answers3

1
$result = mysql_query($query);
if(mysql_num_rows($result) > 0 ){
 echo "you are logged in";
}
    else 
        echo "please recheck your password and username";

You can also do this by counting the number of rows. In your code $row is an array so whenver you need to acces the array elements do this $row['name']

Moeed Farooqui
  • 3,604
  • 1
  • 18
  • 23
0

You have a problem here.

if(name==$username && password==$password)

It should be

if($row['name']==$username && $row['password']==$password)

OR

if(mysql_num_rows($result) == 1)

You should look at - Why shouldn't I use mysql_* functions in PHP?

Community
  • 1
  • 1
Ashwini Agarwal
  • 4,828
  • 2
  • 42
  • 59
  • Actually he should be using `mysql_num_rows()` to check whether the query returns 1, if yes than re direct else fail.. – Mr. Alien Jul 08 '13 at 05:44
  • 1
    Great... Not the down voter here.. but again your condition is wrong, it should be `== 1` and not `>= 1` because we are talking about login system, where usernames has to be unique so there's no possibility of multiple returning rows – Mr. Alien Jul 08 '13 at 05:49
  • @ Ashwini . Again I couldn't find the solution. I tried this too !! – Shiva Bhusal Jul 08 '13 at 06:14
  • Thanks Ashiwini and Mr. Alien. I found the solution !! – Shiva Bhusal Jul 08 '13 at 06:20
0

You could remove your if/else statement since you check the inputs already with your mysql query (name && password) and replace it with a mysql_num_rows == 1 (as the others have already mentioned before).

It seems that you are new to php and creating log in forms, so let me give you a good advice:

  1. input values for a log in form shouldn't be passed via URL, use method post instead
  2. never save passwords unencrypted (use sha512 since md5 is considered unsafe)
  3. never use single information to store the log in status in the session
qsi
  • 683
  • 1
  • 7
  • 16