Home/ Questions/Q 6836029
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T23:18:19+00:00

I’m writing a script (mostly for learning purposes) for logging into a database, using

  • 0

I’m writing a script (mostly for learning purposes) for logging into a database, using two different mySQL DB’s. Everything works, except some of the error catching. I have the following situations (the bold ones aren’t working):

  1. Blank username AND password
  2. Blank username
  3. Blank password
  4. Both username AND password contain data, but the username is wrong.
  5. Both username AND password contain data, but the password is wrong.
  6. Both username AND password contain data, and are correct.

Questions: Am I going about this efficiently, and why are (4) and (5) returning blank.

<?php

    $loginstatus;
    if(!$_POST["username"] && !$_POST["password"]){ //FROM HERE
        $loginstatus = "You must enter a username & password!";
    }elseif(!$_POST["username"]){
        $loginstatus = "You must enter a username!";
    }elseif(!$_POST["password"]){
        $loginstatus = "You must enter a password!";//TO HERE WORKS
    }elseif($_POST["username"] && $_POST["password"]){ 
        require_once('config.php'); //contains db info
        $db1 = mysql_connect($dbserver, $dbuser, $dbpass);
        $db2 = mysql_connect($dbserver, $dbuser2, $dbpass2, true);

        if ($db1 && $db2) {                             //both connections must have worked at the same time
            mysql_select_db("nitrousc_tclydb", $db1);   //connect using $db1 link
            $userid = $_POST["username"];               //assign $userid to POST username
            $userid =  mysql_query("SELECT id FROM users WHERE username='$userid'", $db1)or die("Invalid Password!"); //THIS RETUNRS BLANK!
            $userid = mysql_fetch_array($userid);       //reuse $userid again, assigning the returned array.

            $userid = $userid['id'];                    //reuse $userid again - at this point we lose the returned array.

            mysql_select_db("nitrousc_tclyprv", $db2);  //switch databases, using $db2

            $password =  mysql_query("SELECT * FROM users WHERE id='$userid'", $db2) or die("Invalid Password!"); //THIS RETUNRS BLANK!
            $password = mysql_fetch_array($password);   //resuse $password
            $password = $password['hashed_password'];   //resuse, store final hashed in $password




            if (crypt($_POST["password"], $password) == $password){ //check the returned POST password against the hash
                $loginstatus = "Login for".$_POST['username']."succesful!"; //THIS WORKS
                };

        }

        }

    echo $loginstatus;











    ?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    mysql_query will always return true, it will only return false when the query is wrong.

    What you need to check is:

    $userid =  mysql_query("SELECT id FROM users WHERE username='$userid'", $db1)or die("query error"); //THIS RETUNRS BLANK!
if(mysql_num_rows($userid) == 0){ //if no rows returned
     die("user id is wrong");
}

    ALSO stop reusing the same variable for everything, that could lead to confusion and errors.

    • 0