<? if(isset($_POST['email_log'])){ $email_log = $_POST['email_log']; } if(isset($_POST['pass'])) { $pass = $_POST['pass']; } $db = mysql_connect("localhost","USER","MY_PASSWORD"); mysql_select_db("mpp",$db); $query="SELECT * FROM users WHERE email='$email_log'"; $result=mysql_query($query); $password="SELECT * FROM users WHERE password='$pass'"; $result_pass=mysql_query($password); if(mysql_num_rows($result)==0){ $result = mysql_query("INSERT INTO users (email, password) VALUES ('$email_log', '$pass')"); } else { if(mysql_num_rows($result_pass)==$pass){ $_SESSION['msg'] = "Incorrect password!"; } } ?> <!doctype html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>TEST</title> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <link href="css/style.css" rel="stylesheet" type="text/css"> <script type="text/javascript" src="js/jquery-3.2.1.min.js"></script> <script type="text/javascript" src="js/resize.js"></script> </head> <body> <? include("blocks/header.php")?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="loginform"> <label class="box_email_log" for="email_log"><div class="email_log_text">Email:</div></label> <input type="email" name="email_log" id="email_log" value="" maxlength="50" required> <label class="box_pass" for="pass"><div class="pass_text">Password:</div></label> <input type="password" name="pass" id="pass" value="" maxlength="20" placeholder="8-20" pattern="[\S\s]{8,20}" required> <input class="submit_pass" type="submit" value="Log In" name="submit"> <div class="box_result_pass"><div class="result_pass"><? if (!empty($_SESSION['msg'])) { echo $_SESSION['msg']; $_SESSION['msg'] = ''; } ?></div></div> </form> <? include("blocks/slide.php")?> <? include("blocks/footer.php")?> </body> </html>
  • 2
    Do not use the mysql_ functions, they are not in php7. - Visman
  • What the hell is going on with creating a login in the table, if it was not found? And with game passwords of some kind ... Neither you encryption, nor the tube of protection from SQL injection. What do you want to do at all ??? - n.osennij

1 answer 1

  1. mysql_num_rows returns the number of rows of the query result. If zero is returned, then it should be compared with zero.

  2. if(mysql_num_rows($result)==0) if not in the database, why register it with a password. And the authentication check should be "Wrong login or password"

  3. No start of session session_start

  • Registered session_start, all the same is not displayed. If instead of $ _SESSION I write echo, then it outputs. But I need to display the block. What is the reason? - 3 Darin
  • in if (mysql_num_rows ($ result_pass) == $ pass) gets? - Chameleon