Check that user details are correct

Discussion in 'PHP' started by oo7ml, Jun 17, 2007.

0
  1. #1
    I have a cancel membership section which is only available to users who are logged in.

    In order to cancel your membership, users must fill in the form which consists of their username and password.

    This then checks the username and password that they entered in the form against the session variables username and password (username and password of the person logged in). It seems to work fine if the username and password are the exact same but if they are different it doesn't work

    e.g i've set up two accounts using the details below

    username: peter password: peter works fine
    username: john password: simon doesn't work

    So i have:

    PHP Code:
    $username    = $_POST['username']; // gets username from the form
$password    = $_POST['password']; // gets username from the form
$susername    = $_SESSION['my_array'][0]; // username of person logged in
$spassword  = $_SESSION['my_array'][10]; // password of person logged in
    PHP:
    Here is the code i have:

    PHP Code:
    if ($username == $susername & $password == $spassword)    

{
    PHP:
    Can anyone see why this is not working
    Reply With Quote
     
    oo7ml, Jun 17, 2007 IP
  2. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #2
    Use two ampersand signs, or AND (Less confusing)
    
if ($username == $susername && $password == $spassword)

// OR

if ($username == $susername AND $password == $spassword)
    PHP:
     
    nico_swd, Jun 17, 2007 IP
  3. oo7ml

    oo7ml Well-Known Member

    Messages:
    656
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    105
    #3
    Sorry, i got it working. The script is case sensitive because of the code:

    $username    = $_POST['username']; // gets username from the form
$password    = $_POST['password']; // gets username from the form
$susername    = $_SESSION['my_array'][0]; // username of person logged in
$spassword  = $_SESSION['my_array'][10]; // password of person logged in
    PHP:

    if ($username == $susername && $password == $spassword)   

{
    PHP:
    However the log in page or any other part of the site for that matter is not case sensitive. The only reason it is case sensitive here is because, it checks the username and password from the form, against the username and password of the user who is logged in (stored in a session variable). So they have to be exact for that matter, ie - case sensitive. Does anyone know another way i could design this section, thanks
     
    oo7ml, Jun 17, 2007 IP