When I try to login it is only checking for the username and not the password. Whatever password I give it accepts it. If I echo the html as 1 in connect.php it works properly except that the redirect doesn't work
dataconnect.php
<?PHP
@mysql_connect("localhost","root","")
or die("could not connect to mysql");
@mysql_select_db("login")or die("no database");
?>
index.php
<html>
<head>
<title>Animated Login</title>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<link rel="stylesheet" type="text/css" href="login.css">
<script type="text/javascript">
$(function() {
$(".center").animate({
opacity: 100.0,
left: '+=800',
height: 'toggle'
}, 5000, function(){
});
$(".sign_b_btn").live("click",function() {
var u=$("#u").val();
var p=$("#p").val();
if(u==""){
$("#u").css("border-color","red");
$("#un").css("color","red");
$(".error").show().html("Please enter your username.");
$("#p").css("border-color","#606060");
$("#up").css("color","#333333");
}else if(p==""){
$("#u").css("border-color","#606060");
$("#un").css("color","#606060");
$(".error").show().html("Please enter your password.");
$("#p").css("border-color","red");
$("#up").css("color","red");
}else{
dataString = 'u=' + u + '&p=' + p;
$.ajax({
type: "POST",
url: "connect.php",
data: dataString,
cache: false,
success: function(html){
if(html == "" ){
$(".error").show().html("The email or password you entered ois incorrect.");
$("#p,#u").css("border-color","red");
$("#up,#un").css("color","red");
}if(html != ''){
var redirect_url = html;
$(".error").fadeOut(1000);
$("#u").css("border-color","#606060");
$("#un").css("color","#333333");
$("#p").css("border-color","#606060");
$("#up").css("color","#333333");
$(".center").animate({
opacity: 0.25,
left: '+=900',
height: 'toggle'
}, 5000, function() {
$(".done").slideDown(200).html("Welcome "+u);
setTimeout(function(){
var u=$("#u").val("");
var p=$("#p").val("");
window.location=redirect_url;
}, 5000);
});
}
}
});
}
});
});
</script>
</head>
<body>
<div class="main">
<div class="done"></div>
<div class="center">
<div class="title">Login</div>
<div class="error"></div>
<div class="input">
<div class="left" id="un">Username:</div>
<div class="right">
<input type="text" class="log" id="u"></div><div class="c">
</div>
</div>
<div class="input">
<div class="left" id="up">Password:</div>
<div class="right">
<input type="password" class="log" id="p">
</div>
<div class="c"></div>
</div>
<div class="sign_b_btn">
<div class="sign_btn">Sign In</div>
</div>
</div>
</div>
</body>
</html>
connect.php
<?PHP
include('dataconnect.php');//Your connection to your database
//Get posted values from form
$u=$_POST['u'];
$p=$_POST['p'];
//Strip slashes
$u = stripslashes($u);
$p = stripslashes($p);
//Strip tags
$u = strip_tags($u);
$p = strip_tags($p);
$p=md5($p);
$check = mysql_query("SELECT * FROM user WHERE user ='$u'
AND pass='$p'")or die(mysql_error());
$check = mysql_num_rows($check);
if($check !== "0"){
$results = mysql_query("SELECT user, redirect FROM user WHERE user ='$u'") or die(mysql_error());
while ($row = mysql_fetch_assoc($results)) {
$user=$row['user'];
session_register('user');
$_SESSION['user'] = $user;
echo $row['redirect'];
}
}
?>
I tried my best understanding your work, hope it helps.
From your query
$results = mysql_query("SELECT user, redirect FROM user WHERE user ='$u'") or die(mysql_error());
On WHERE clause, you're only putting the username as your validation thing.
Try adding the password too.
$results = mysql_query("SELECT user, redirect FROM user WHERE user ='$u' AND password ='$p'") or die(mysql_error());
You are using
if ($check !== "0") { ...
which is checking for a string, when $check is an integer. Change it to:
if ($check != "0") { ...
which will check if $check is 0 in either string or integer form
or change it to
if ($check !== 0) { ...
which will check if $check is the integer 0 (which is what it would be)
The problem is probably with this:
if($check !== "0"){
!== is strict comparison operator, while $check will hold an integer value, you are comparing against the string "0" which do not result in equal data type and thus the if is never entered.. To correct it, you should do:
if($check > 0){
which means if the number of rows returned is greater than 1. If no combination with that username and password is found, it will result in 0 rows.
Check your return value in variable $check. if we have any values, then we can use next code.
if($check){
Try!