MYSQL PHP/HTML log in problem

Dushan69 · May 12, 2012, 1:56pm

Hello everyone,

I need help about making a log in form with PHP/HTML and MYSQL. I’ll first show you my HTML page:

[code]

Turisticka Agencija

<h1>Unesite vase podatke za logovanje u sistem</h1>

<body>       
    <form action="proveriLogin.php" method="post">

        <p>
        <table>
            <tr>
                <td> Korisnicko ime:</td><td><input type="textbox" name="korisnickoIme"/></td>
            </tr>
            <tr>
                <td> Lozinka:</td><td><input type ="password" name="lozinka"/></td>        
            </tr>      
        </table>     
    </p>

    <p>
        <input type="submit" value="Uloguj se"/>
    </p>

</form>

[/code]

As you can see its pretty simple log in where “Korisnicko ime” is Username and “lozinka” a password, with button to log in. Now

my problem is that i have a MYSQL table named “sluzbenik” which is where register users are, and i have only 2 users /rows in

that table. Now when i try to compare if username and password are correct and i do this:

[php] while ($row = mysql_fetch_array($result)) {
if (($KorisnickoIme == $row[‘Korisnicko Ime’]) && ($Lozinka == $row[‘Lozinka’])) {
echo “Uspesno ste se ulogovali”; // Success message
}[/php]

it works very fine and thats okey, i check both user names and both passwords diffrently and how they should go together and it

works, and thats fine. But, when i want to compare if those two are NOT the same and i create another IF like this:

[php] if (!($KorisnickoIme == $row[‘Korisnicko Ime’]) || !($Lozinka == $row[‘Lozinka’])) {
echo “Uneli ste pogresne podatke”;
break;
}
}[/php]

so that my whole WHILE looks like this :

[php]
while ($row = mysql_fetch_array($result)) {
if (($KorisnickoIme == $row[‘Korisnicko Ime’]) && ($Lozinka == $row[‘Lozinka’])) {
echo “Uspesno ste se ulogovali”; // Success log in
}

            if (!($KorisnickoIme == $row['Korisnicko Ime']) || !($Lozinka == $row['Lozinka'])) {
                echo "Uneli ste pogresne podatke"; // Wrong info
                break;
            }
        }[/php]

For the first user that is in table it works great, when i check the next user, or in my case the 2nd in the table user, i

would always get either both messages that i placed echo in first IF where is success message and 2nd echo in second IF where

is a message if u typed wrong info. Now if i place break; like i did there, i will remove getting 2 messages but i will always

get the message about wrong info even thou i enter the right info, and its only with the 2nd user or last in MYSQL table. I

can’t really see why is it doing that.

I am not sure if there is some more better or more simple way to do this. Or if i am not doing something right.

I’d appriciate any help i could get.

Thanks,

Dusan Acimovic

ErnieAlex · May 12, 2012, 4:38pm

First, you should not use spaces in a database for field names. Not “a bc”, use “a_bc”…
There are many times this will cause problems. It is not suggested.

Now, this “NOT” clause:

if(!($KorisnickoIme == $row[‘Korisnicko Ime’]))

is incorrect. It does two processes and may not work correctly. You should do it this way:

if($KorisnickoIme != $row[‘Korisnicko Ime’])

Which is the preferred way. Also, if you are combining IF’s in one statement, it is done like this:

if ( (condition 1) && (condition 2) ) where you want both conditions to be evaluated 1 AND 2
if ( (condition 1) || (condition 2) ) where you want both conditions to be evaluated 1 OR 2

Notice the difference. In your code, you use OR and this means that if one OR the other condition is true then the entire IF is true. Here is a link for use of operators:
http://www.w3schools.com/php/php_operators.asp Might help…

Now, on to normal log-in projects… Normally, when you create a login page, you have userid and password and your code is set this way. Then, the page goes to the posted PHP code as your pages does. Next, on the PHP page, the userid and password is captured. All of this works correctly in your code.

But, next, most programmers do not pull the entire database of users and send thru IF’s.
It is MUCH easier to just do this type of query:
SELECT * FROM users WHERE userid=$_POST[‘korisnickoIme’] and password=$_POST[‘lozinka’]
This query will pull the user records from the database users table using the posted name and password.
Then, you IF clause does no compares, but, checks the number of records found. Something like this:
if mysql_num_rows($row){
echo “logged in, valid name/password”;
}else{
echo “invalid name/password!”;
}

It is much easier to let the database do your work for you. Just have to check if you got data or not using the number of records returned. Hope that makes sense to you. Good luck!

Dushan69 · May 12, 2012, 4:52pm

Thank you for your reply,

By reading all u suggested i realized i did those mistakes with && and || just a bit later after i started working on the code. In the end i solved the problem in exactly the same way you are suggesting me to, with making SELECT * FROM with $_POST in the code and using the num_row method.

Thanks you so much for helping.

Dusan

ErnieAlex · May 12, 2012, 4:54pm

Great! Glad you solved it… Sorry if I wrote too much… Too much coffee! LOL

See you in your next project…

Dushan69 · May 12, 2012, 4:56pm

haha no worries i learned a lot from this today