How to enter username in form and then search in database to produce if else statement

28
January 12, 2019, at 01:30 AM

How would I get the $UN Variable to be set by the input provided by the form. Then use the variable to search in the database to provide a users details. After I would like to compare the encrypted password AND the username to the database to grant access.

Here is my database copy and pasted from my php web admin, this is also running on a local server as a little project so the data has no actual value. users` (`ID`, `username`, `pword`) VALUES (1, 'dday', '5f4dcc3b5aa765d61d8327deb882cf99'), (2, 'phughes', '81dc9bdb52d04dc20036dbd8313ed055'), (3, 'salt1', '$2y$10$uvCDPfWyAMuMsPj8J8FaYOU4vO3qSY4dQJqh21zhuaJAix5dcyAtK');

I have already been able to get the program to work with providing a username and have the encrypted password show as being correct or incorrect depending on the user input. I have tried different variables and also using different methods of addressing and calling the data such as '' instead of "" but nothing seems to work.

<form method="post">
un:
<br><input type="text" placeholder="Enter username" name = "username"><br><br>
pword: 
<br><input type="text" placeholder="Enter Password" name = "password"><br><br>
<input type ="submit" name = "submit">
</form>
<?php
mysql_connect('localhost',"root","usbw");
@mysql_select_db("Login") or die("unable to select database");
$UN = $_POST['un'];
$query = 'SELECT * FROM users WHERE username = "$UN"';
$result = mysql_query($query= 'SELECT * FROM users WHERE username= "dday"');
$user_info = mysql_fetch_assoc($result);
$temp = md5($_POST['password']);

if (isset($_POST['password'])) {
echo $user_info['pword'];
echo "<br>";

if($user_info['pword'] == $temp AND $user_info['username'] == $UN) {
    echo "You have logged in. <br>" ;
}
else {
    echo "'" . $_POST['password']  . "'"  . " is the incorrect password. <br>";
}
echo "your password is:" . $_POST['password'] . "<br>";
echo "your encrypted password is :" . $temp;
}
mysql_close();
?>

I expect if I enter the un as 'dday' and pword as password to log me in otherwise it will say the password you entered was incorrect

READ ALSO
WHERE IN clause with multiple values

WHERE IN clause with multiple values

I'm trying to select items from a table when any values from a list appear in an array in the table

30
Best practice for storing HTML in mysql DB

Best practice for storing HTML in mysql DB

I'm working on a mini blog which allows users to add a post using a WYSIWYG editor to the site therefore I will be storing this post in my DB

21
MySql error when trying to combine two tables

MySql error when trying to combine two tables

Hi i am getting the error below when i am tryin to combine two tables, Post and User

52