I've been trying to make loggin in on my website possible with php. I've made 2 files: inloggen.php (just with a simple form where you can login) and test2.php (where it's supposed to check if the given username (gebruikersnaam) and password (wachtwoord) match. My problem is that it checks whether the textfields are filled in or not, but it doesn't check any of the other if statements. Whatever I fill in. It always redirect to the link it supposed to redirect to when the username and password match..... Here's my code: test2.php: <?php $username = $_GET['gebruikersnaam']; $password = $_GET['wachtwoord']; if ( empty($username) && (empty($password)) ) { // Check if username and password fields were empty echo "Voer uw gegevens in"; exit(); } else { mysql_connect("localhost", "root"); mysql_select_db("test1"); // Define a query to check if the submitted username is found in the database $check_user = "SELECT gebruikersnaam, wachtwoord FROM inloggen WHERE gebruikersnaam ='" . $gebruikersnaam . "' AND wachtwoord = '" . $wachtwoord . "'"; $r = mysql_query($check_user); if (!$r) { // If query unsucessful, username not found, redirect to login form header ('Location: ../mario/error.php'); exit(); } else { // username found, check password // Define a query to check if the password is correct for the username $check_pass = "SELECT gebruikersnaam, wachtwoord FROM inloggen WHERE gebruikersnaam = '" . $gebruikernaam . "' && wachtwoord = '" . $password . "'"; $r = mysql_query($check_pass); if (!$r) { // If query unsucessful, password is not correct for username, redirect to login form //header ('Location: ../mario/error.php'); echo "MISLUKT"; exit(); } else { session_start(); $_SESSION['gebruikersnaam'] = $_GET['gebruikersnaam']; $_SESSION['loggedin'] = time(); header ('Location: ../mario/test.php'); exit(); } } } mysql_close(); ?> Code (markup): inloggen.php: <html> <body> <form name="inloggen" action="test2.php" method="GET"> <table> <tr> <td>Gebruikersnaam:</td> <td><input type="text" size="10" maxlength="50" name="gebruikersnaam"></td></tr> <tr> <td>Wachtwoord:</td> <td><input type="password" size="10" maxlength="50" name="wachtwoord"></td></tr> <tr><td colspan="2" align="right"><input type="submit" name="submit" value="Inloggen"></td></tr></table> </form> </body> </html> Code (markup):
I'm not sure, but does mysql understand && as AND? $check_pass = "SELECT gebruikersnaam, wachtwoord FROM inloggen WHERE gebruikersnaam = '" . $gebruikernaam . "' && wachtwoord = '" . $password . "'"; Code (markup): Change this && to AND, then try again.
personally i would just do a single query like "SELECT user_id, username FROM users WHERE password='".$_POST['password']."' AND username='".$_POST['username']."'" and then save user_id and username in your session, or redirect to your error page if you get no result back if(user_id==0 || user_id=="") { header ('Location: ../mario/error.php'); exit(); } PHP: and its no a good choice to pass username&password via GET to another page, because every user can see it in browser history this way.
ah alright thx alot! oh and yeh I knew about the get and post stuff. I was just tryin some things out. Tho I must say I forgot to change it back