php user authentication... plss help

[exceed01]

hello guys.. this week i've been practicing how to create a system using php. but im stack in the area wherein you are going to authenticate username and password. can you help me guys to figure out how to solve my problem?

here is my code:

<?php
// we must never forget to start the session
session_start();

$host="localhost"; // Host name
$dbusername="root"; // Mysql username
$dbpassword=""; // Mysql password
$db_name="student"; // Database name
$tbl="account"; // Table name

 

// This connects to server and then selects the members databse.

mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB"); 

$txt = 'Account Authentication';

$errorMessage = '';
if (isset($_POST['username']) && isset($_POST['password'])) {


$username = $_POST['username'];
$password = $_POST['password'];

// check if the user id and password combination is correct
$sql = ("SELECT id, username, PASSWORD
           FROM account
           WHERE username = '".mysql_real_escape_string($_POST['username'])."'");
           

   $result = mysql_query($sql)
             or die('Query failed. ' . mysql_error());

echo mysql_num_rows($result);

   if (mysql_num_rows($result) == 1) {
      // the user id and password match,
      // set the session
      $_SESSION['db_is_logged_in'] = true;

      // after login we move to the main page
      header('Location: main.php');
      exit;
    
   }
   else {
      $errorMessage = 'Username and Password not found!';
   }

  }
?>



<html>
<head>
<title>Account Authentication</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>














<p align="center"><strong><font color="#0000FF" size="+2"><?php echo $txt; ?></font></strong></p>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>



<form method="post" name="frmLogin" id="frmLogin">
<table width="250" frame="box" align="center" cellpadding="2" cellspacing="2" bgcolor="#FFFFCC">
<tr>
<td width="150">Username</td>
<td><input name="username" type="text" id="username" maxlength=15></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="password" type="password" id="password" maxlength=10></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="btnLogin" value="Login">
</form>



<a href="register.php"><font color="#0099FF">Register</font>[/url]
</td>
</tr>
</table>

</body>
</html>

[michaewlewis]

It seems that most of us don't know that much about php yet. You might find more help at www.phpbuilder.net They have a great forum for php/mysql help.

[Astoria]

Code: [Select]


$username = mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];

// check if the user id and password combination is correct

$sql = "SELECT * FROM account WHERE username = '$username' AND password = '$password'";



Is the name for the password field PASSWORD or password?

Also, since username and password are send over the internet, I recommend you encrypt both username and password when they sign up and login with MD5.
So on both your sign up form and login form you'd have:

Code: [Select]

$username=MD5($_POST['username']);
$password=MD5($_POST['password']);


[exceed01]

Is the name for the password field PASSWORD or password?


the name of the password field is password...