0

Basically I want to check a database to see if the username and password are a match if so unlock the submit button.

<?php
mysql_connect('localhost', '', '');
mysql_select_db('database');
if(isset($_POST['submit'])){
    mysql_query("SELECT username,password FROM table WHERE username='".$_POST['username']."',password='".$_POST['password']."'")
}
?>

Form:

<form method="post">
Username <input type="text" name="username" />
Password <input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>
Improve this question
1
  • why do you need to unlock submit button, then there is no use of submit button in your login form. Commented Apr 9, 2011 at 17:45

3 Answers 3

Reset to default
2

I don't know if i get you right but anyway try :

HTML:

  <form method="post">
     Username <input type="text" id="username" name="username" />
     Password <input type="password" id="password" name="password" />
    <input type="submit" name="submit" id="submit" value="Login" />
 </form>

jQuery:

    $("#submit").hide();
    $.post("checkUsername.php", { username: $("#username").val(), password: $("#password").val() }, function(result) {
 if(result == "true") { $("#submit").fadeIn(fast); }

 });

Php ( checkUsername.php ):

if(mysql_num_rows(mysql_query("SELECT username,password FROM table WHERE username LIKE '". mysql_real_escape_string($_POST['username']) . "',password LIKE '".mysql_real_escape_string($_POST['password'])."'")))
    {
       echo "true";
    }
    else
    {

    echo "false";
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2
  1. What's your question? You forgot to actually ask one ;)
  2. You need to, at a minimum, escape strings with mysql_real_escape_string() before inserting them into a query. Otherwise you're ripe for SQL injection
  3. Saving passwords in plain text is generally inadvisable. Hash and salt.
  4. There are already auth libraries out there that do most of this for you, and protect you against a whole host of other issues you've not yet heard of. Don't reinvent a wheel that's been built many times before by much more experienced people. Evaluate packages like PEAR_Auth
Improve this answer

Comments

0

You should avoid using the LIKE keyword for a login prompt like this, since wildcards are unaffected by mysql_real_escape_string. A user can log in with a username and password of "%".

See the following blog post: http://blog.spiderlabs.com/2012/03/like-omg.html

Use = instead of LIKE.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.