Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Aug 2007
    Posts
    19
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Problem with login.php

    I have a login form with username and password fields. and a login button. I am getting the values from the fields using javascript, and I am comparing with the DB values using php. for this

    <script>
    function validate()
    {
    var uname=loginfrm.user.value
    var pwd = loginfrm.password.value
    <?php
    $Query = "Select pwd from tab where uname='abc'";
    $res = mysql_query($query);
    $row = mysql_fetch_assoc($res);
    $dbpwd = $row['pwd'];
    ?>
    if(pwd != <?php echo $dbpwd; ?>)
    {
    alert("Record Not found!");
    return false
    }
    else
    {
    location.href = "logindetails.php";
    }
    }
    </script>


    <form name="loginfrm" method="POST" action="LoginAfter.php">
    <input type="text" name="user" />
    <input type="password" name="pass" />
    <input type="Submit" name="Login" value="Login" onclick = "return validate()" />

    here if I remove the php code block with in the <script> tag then logging into the page, but without any validations. If I keep the php code, then a javascript error is coming. can anybody help me in this. Thanks in advance!

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    View the source of the page, you'll see the problem with your Javascript.

  • #3
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    try:

    PHP Code:
    <script>
    function validate(){

      var uname= document.loginfrm.user.value
      var pwd   = document.loginfrm.password.value
    <?php
    $res 
    mysql_query("Select pwd from tab where uname='abc'");
    $row mysql_fetch_assoc($res);
    $dbpwd $row['pwd'];
    ?>
      if(pwd !== '<?=$dbpwd?>'){
        alert("Record Not found!");
        return false
      } else {
        location.href = "logindetails.php";
      }
    }
    </script>

  • #4
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    thats not very secure...
    compare in php then output
    PHP Code:
    <script>
    function validate(){

      var uname= document.loginfrm.user.value
      var pwd   = document.loginfrm.password.value
    <?php
    $pass 
    $_POST['password'];
    $res mysql_query("Select pwd from tab where uname='abc'");
    $row mysql_fetch_assoc($res);
    $dbpwd $row['pwd'];
      if(
    $pass != $dbpwd){
    echo 
    'alert("Record Not found!")';
      }else{
        
    header("Location: LoginDetails.php");
      }
    ?>
    }
    </script>

  • #5
    Registered User
    Join Date
    Jul 2007
    Posts
    20
    Thanks
    3
    Thanked 0 Times in 0 Posts
    the above posts are not secured.encrypt the password and store the db and get the password , decrypt it and then compare with text box value

  • #6
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    why? you sha1() the password store it in the database and sha1() the text box field then compare, thats more secure than decrypting the database value.
    but you should compare the passwords in php not javascript as they can then check the correct value of the password in the source of the page.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •