Applying authentication

I am making a login page and registration page in php with mysql and i need to apply some authentication like;
1)when login if i don’t enter the password and click on Submit button, it should show me a alert box that password is not filled.

2)during registration if some fields are not filled,then it show me a alret box that these fields are not filled. and when all fields are filled then all the data should go in a mysql database.

3)how can i match that,during login usernaam along with its corresponding password name is correct .and if nt connect show me a alert ox that username and password donot match.

please help…Its urgent:):mad:

Ahem - The CHAR datatype, shorthand for “Characters”, is for alphanumeric characters valid within the encoding set of the column (usually UTF-8). Numerals are characters and so are punctuation glyphs - to the computer they are all characters. VARCHAR is shorthand for “Variable Characters”. VARCHAR doesn’t magically accept more types of characters than CHAR does, what it allows is for the number of characters in the string to vary. The “variable” here refers to the length of the string, not to the type of characters allowed.

No it’s not. CHAR and VARCHAR can contain all characters.

i had to use varchar(40) so can i use varchar in sha or md5.

But now you are using varchar(20). Why? It would’ve worked with varchar(40), although being password a column with a fixed length value, having a variable length column doesn’t make much sense like Michael said.

you are right. i was using varchar(20),and when i char to varchar(60)…my user name and password both are working.

Thanks a lot to everyone my problem is solved.

you are right but char is only used for alphabets and in password if someone write numerals then i had to use varchar(40) so can i use varchar in sha or md5.

That’s part of your problem. An md5 hash is always exactly 32 characters. Use char(32) to store it. If using sha1 use char(40). Hash string lengths are invariant, declaring it varchar is slight extra overhead.

Totally missed that post. And it even was an anwser to one of my questions :blush:

when i used plain text and logged in again,with username:-rita and password:-riya
so it was showing in this after login…

$_POST pass = riya
$info passsword = riya
it was showing me same error…
plzz help…

Then you need to step through your code using echo statements to check variables’ values like shown earlier to find the source of the problem. You don’t have many lines in your code so it shouldn’t take long.

I think you’ll find most people will advise using sha1 instead of md5 for hashing strings.

But in any case, I normally use sha1() and use these simplified basic steps.

1- when someone registers a username/password I run a query similar to

$query= "insert into tblUsers (username, password) values ('myUsername',sha1('myPassword'))";

except you’ll have variable names for the username and password. sha1() creates a unique 40 character string so your password column in the db table needs to be varchar(40).

2- when a user logs in with a username and password you check if the sha1 hash of the user entered password matches the hashed password in the database for the entered username.

$query = 'select * from tblUsers where username = "'.$username.'" and password = "'.sha1($password).'"';

$rs = mysql_query($query,$conn);

if(mysql_num_rows($rs) == 1){
     //username, password are correct, so allow user in
} else {
     //username and/or password are incorrect

instead of using md5 i am just using a plain text but then also it is showing me incorrect password.

I can’t step through the code for you like I suggested because I can’t run your code.

while writing php program…i just write md5 password so will give me password in encrypt and if i want to use plain text,i just removed md5 and just wrieeten password so it was giving me plain text…

Generally? What does that mean?

How comes in one test it gives you an encrypted password, and in the other a plain text one?

How do you store the passwords? MD5 encrypted? Or plain text?

when i removed the md5 key and logged in again,with username:-rita and password:-riya
so it was showing in this after login…

$_POST pass = riya
$info passsword = riya

The type of the column. Varchar?

That “incorrect password…” message is telling you that this IF block

if ($_POST['pass'] != $info['password']) {

         die('Incorrect password, please try again.');


is evaluating to true. So that means $_POST[‘pass’] != $info[‘password’].

Just above that IF block , insert this code to check the values of those 2 variables.

echo '$_POST pass = '.$_POST['pass'].'<br />';
echo '$info passsword = '.$info['password'].'<br />';

The output of the above echo statements should give you a big clue as to the source of your problem.

In login table the password column is named as password only…

how did you define the password column in the login table?