Hi, I'm coding a signup/sign in script. It's working fine so far as far as the user can signup then sign in, provided the username + password are on the DB or the username is on the DB but the password is invalid, in which case it redirects back to the login page and tells them password is wrong. However, seen as the username is used as a bench mark to test whether the password is correct, how would I test whether the username is correct? I don't have anything to "SELECT x FROM" in the DB to test whether username is correct. I've tried these below, but they don't seem to work: $query1 = mysql_query("SELECT * FROM users2 WHERE username = '$username'"); while($info = mysql_fetch_array( $query1 )){ $usertocheck = $info['username']; $passtocheck = $info['password']; IF($usertocheck == " " || ($usertocheck == "" || ($usertocheck == 0))){ //redirect back to login page saying username doesn't exist. } } PHP: So it seems that $usertocheck never gets assigned a value because it doesn't exist in the DB .. so why doesn't checking if it's NULL, or "" or " " or 0 work? All help appreciated, Thanks, Lee.
Well if the username is incorrect then the password will also be incorrect. The best thing is to redirect back to the login page if the username or password fails and have a generic "Username or password is incorrect" message.
Yes, but that's the thing, HOW do I check whether the username is invalid when it doesn't exist in the DB? For example: My username is BRUm:12345 if I typed BBRum by accident, even though my password is valid the username is not. So the PHP get MySQL to search for BBRUm but it doesn't exsit.. how do I check whether it exsits when my above code that should do that, doesn't?
$query1= MYSQL_QUERY("SELECT * FROM users2 WHERE username = '$username'"); if (!$info=mysql_fetch_array($query1)){ //redirect back to login page saying username doesn't exist. } else { //check to see if $passtocheck = $info['password']; } PHP: