View Full Version : Login help?

03-02-2012, 04:47 PM
I've created a PHP script which links to a mySQL database. I have data in a registration database but I don't know how to get the Users information from the User table into the login table. Can someone please help?

// dBase file
include "dbConfig.php";

if ($_GET["op"] == "login")


//echo $_POST["email"];
//echo $_POST["password"];

if (!$_POST["email"] || !$_POST["password"])
die("You need to provide a email and password.");

// Create query
$q = "SELECT * FROM `User` "
."WHERE `Email`='".$_POST["email"]."' "
."AND `Password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";

//echo $q;
// Run query
//$r = mysql_query($q);

if ( $obj = mysql_fetch_object($r) )

// Login good, create session variables
//$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_email"] = $_POST["email"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: members.php");
// Login not successful
die("Sorry, could not log you in. Wrong login information.");

//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Email: <input name=\"email\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";



-- phpMyAdmin SQL Dump
-- version 2.6.4-pl2
-- http://www.phpmyadmin.net
-- Host: mysql5
-- Generation Time: Mar 02, 2012 at 03:46 PM
-- Server version: 5.0.67
-- PHP Version: 5.2.4
-- Database: `fet10016378`

-- --------------------------------------------------------

-- Table structure for table `User`

`ID` int(11) NOT NULL auto_increment,
`Name` varchar(20) NOT NULL,
`Email` varchar(100) NOT NULL,
`Password` varchar(100) NOT NULL,
`ConfirmPassword` varchar(20) NOT NULL,
`Address` varchar(100) NOT NULL,
`City` varchar(50) NOT NULL,
`Postcode` varchar(10) NOT NULL,

-- Dumping data for table `User`

INSERT INTO `User` VALUES (1, 'Dean Jones', 'deanjones@me.com', 'harry1', 'harry1', '132 Fish Lane', 'Bristol', 'BS7 9SJ');
INSERT INTO `User` VALUES (2, 'Sarah Beatle', 'sarahbeatle@gmail.com', 'peter1991', 'peter1991', '124 Hill Lane', 'Bristol', 'BS7 0PU');
INSERT INTO `User` VALUES (3, 'Greg Hill', 'greghill@hotmail.co.uk', 'julie12', 'julie12', '71 Ducking Lane', 'Manchester', 'M1 8SJ');
INSERT INTO `User` VALUES (4, 'Lisa McDonald', 'lisa@gmail.co.uk', 'mcdonald1', 'mcdonald1', '12 Wells Lane', 'Slough', 'SL67 9KL');
INSERT INTO `User` VALUES (5, 'Lauren Potter', 'lpotter@yahoo.com', 'lauren3', 'lauren3', '8 sheridan road', 'wolverhampton', 'WV5 8KO');
INSERT INTO `User` VALUES (6, 'Jayne Appleton', 'jappleton@yahoo.com', 'ginger', 'ginger', '1 Firbank', 'Elton', 'CH2 4LY');
INSERT INTO `User` VALUES (7, 'Jessica Wharton', 'jess--@hotmail.co.uk', 'maggie', 'maggie', '31 Dover Road', 'Runcorn', 'WA7 8DJ');
INSERT INTO `User` VALUES (8, 'Tom Potts', 'tom.potts@me.com', 'password', 'password', '9', 'bristol', 'bs37');
INSERT INTO `User` VALUES (9, 'Peter Appleton', 'peter@me.com', '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257', '123', '145', 'Sandy Lane', 'BS6 9UL');
INSERT INTO `User` VALUES (74, 'Richard George', 'rich@gmail.com', 'Alice1', 'Alice1', '19 Kingston Drive', 'Bristol', 'BS16 9BQ');
INSERT INTO `User` VALUES (10, 'Abi Cook', 'abii_cook--x@hotmail,com', 'qwer', 'qwer', '21 Selborne Road', 'Bristol', 'BS79PH');
INSERT INTO `User` VALUES (11, 'John Peters', 'johnp@gmail.co.uk', 'dawn51', 'dawn51', '47 School Lane', 'London', 'LD9 8KL');

03-02-2012, 05:01 PM
What login table are you referring to? What are you trying to store? Will a standard INSERT not do?

And I REALLY hope you did not just give us actual people's username and password combinations...

The general structure of that table is... unsettling. Why do you need to store their confirmed password? Registration forms usually ask that so when the user enters their password hidden, they don't make a typo. You should also definitely store your passwords hashed...

03-02-2012, 05:11 PM
No they are not real people's usernames and passwords, they are fake and I made them up just to post it on here.

Well, I have a User table, which stores the information the users enter to register with the website and I basically want the information that belongs to the person who has logged in. I want to store who has logged in basically, so it would store their email and password, hidden of course.

Will a standard INSERT not do? - What do you mean by an INSERT and where would it go?

03-02-2012, 05:36 PM
Well, first, why store their email and their password? You'd have it down in multiple places, which makes no sense. You're storing an ID for a reason... if you're going to store login attempts, just login attempts by ID.

Second, and more importantly, is this a script you pulled off the web? When I say an INSERT, I mean an INSERT statement. If you don't know how to insert data in MySQL, I would strongly recommend the first thing you do be to go study the basics of MySQL operation. You should know how to insert, select, update, and delete safely and correctly.