0

I am fairly new to PHP (I've read a few books on PHP and watched tons of PHP w/ mysqli videos), and I'm trying to make a simple login system. When you register, a table is created with the $username as a title, and then it puts all the other register info in the newly created table.

How would I get the table's name to check if the username matches a table name? Then, how would I get the password from inside the table to check if the password matches?

Thanks in advance for your help!

index.php:

    <!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Blog</title>
    </head>
    <body>
        <table>
        <form action="loginaction.php" method="post">
            <tr>
                <td>Login</td>
               <td> <input type="text" name="username" placeholder="Username"></input></td>
               <td> <input type="text" name="password" placeholder="Password"></input></td>
               <td><input type="submit" value="Submit"></input> </td>
            </tr>

        </form>
        </table>

        <table>
        <form action="registeraction.php" method="post">
            <tr>
                <td><input type="text" name="firstname" placeholder="First Name"></input></td>
                <td><input type="text" name="lastname" placeholder="Last Name"></input></td>
                <td><input type="text" name="rusername" placeholder="Username"></input></td>
                <td><input type="password" name="rpassword" placeholder="Password"></input></td>
                <td><input type="email" name="email" placeholder="Email"></input></td>
                <td><input type="submit" value="Register"></input></td>

            </tr>
        </form>
        </table>

    </body>
</html>

loginaction.php:

    <?php

    include "config.php";

    $username = $_POST['username'];
    $password = $_POST['password'];
    $umatch = $_GET[] 

    if(!isset($_POST['username']) && ($_POST['password'])){
        echo 'NOT FILLED OUT!';
    }else{

    }
    ?>

regiseraction.php:

    <?php
    // put your code here
    include 'config.php';

      $firstname = $_POST['firstname'];
      $lastname = $_POST['lastname'];
      $rusername = $_POST['rusername'];
      $rpassword = $_POST['rpassword'];
      $email = $_POST['email'];


      $query = "CREATE TABLE $rusername (
          firstname VARCHAR(50) NOT NULL,
          lastname VARCHAR(50) NOT NULL,
          username VARCHAR(50) NOT NULL,
          password VARCHAR(50) NOT NULL,
          email VARCHAR(50) NOT NULL
      )";
      $sql = mysqli_query($link, $query);

      $addinfo = "INSERT INTO $rusername(firstname, lastname, username, password, email) 
          VALUES ('$firstname', '$lastname', '$rusername', '$rpassword', '$email')";
      mysqli_query($link, $addinfo);



    ?>
dish
  • 43
  • 7
  • 5
    You have a table for every user?? That's a dreadful db design – Damien Pirsy Jan 12 '14 at 18:35
  • 3
    Why in the world would you create a table for every user????? That is just awful. You *should* make a users table that houses all your users – mituw16 Jan 12 '14 at 18:37
  • http://stackoverflow.com/questions/14129843/check-if-table-exists-in-mysql – Nouphal.M Jan 12 '14 at 18:41
  • obligatory mention of SQL injection: http://www.php.net/manual/en/security.database.sql-injection.php. For an example of how to do a `users` table properly look http://www.sitepoint.com/users-php-sessions-mysql/ - note that he uses a pretty terrible hashing function, with no salt. Better yet, don't do your own authentication. Try http://openid.net/ – Mitch Jan 12 '14 at 18:43
  • $query = SELECT count(*) FROM information_schema.tables WHERE table_schema = 'databasename'/*your database name here */ AND table_name = $username /*your username here */ – Dinesh Saini Jan 12 '14 at 18:44
  • Thanks for the feedback! Decided I'll do the users table and a row for each user. Thanks again! – dish Jan 12 '14 at 19:23

0 Answers0