PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
i have created a log in page for my website...
with two fields
usernam and password ... when an user enters username and password , its logging in and tat is working fine ... and if the user enters a wrong password ...it displays a message "invalid password "..
but the problem is whe the user enters a wrong username... i need to display a message " wrong username"... it not working... wats happening is ...when the user enters wrong username and password... it will not log in but not dispalying the message,,,
$email=$_POST['email']; // value of the text box field
$password=$_POST['password']; // value of the text box field
$message= "Invalid Password";
$msg="Email and Password do not match";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."' and password='".$_POST['password']."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email)
{
if($a["password"]==$password)
{
header("Location:after_login.php");
}
else
{
//if password is wrong, message is displayed
echo $msg:
}
}
else
{
echo $msg;
}
}
sombody help me to solve this... any help will be appreciated...thank u...
Your script only checks if the password is correct, you should another statement that checks if the username is correct or not. And you should also have a second message, to echo when the wrong username is detected.
You could also have a more generic message to indicate an errorneous login attempt.
$email=$_POST['email'];
$password=$_POST['password'];
$msg="Invalid Email or Password";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."' and password='".$_POST['password']."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email && $a["password"]==$password)
{
header("Location:after_login.php");
}
else
{
echo $msg ;
}
}
When i am entering the correct email and password , log in is working fine...
but when i enter the wrong email or password , it's not logging in tats wat i need , but the problem is ''Invalid email or password " msg is not displayed even if i wrote 'echo $msg' .. i dont understand wat the problem is ...please help....
<?php
$message = "Invalid username or password";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." WHERE email='".mysql_real_escape_string($_POST['email'])."' AND password='".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
//shows you the amount of rows matching the username and password.
$rowsReturned = mysql_num_rows($result);
if ($rowsReturned == 1 ) {
header('location: after_login.php');
exit();
}
else {
echo $message;
}
?>
Check the amount of rows returned from your query. Also, i added the 'LIMIT 1' in the query so only one row is selected. Im not sure if you are checking the password / username to ensure that they are unique to each user.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
$email=mysql_real_escape_string($_POST['email']); // escape the string first, yo
$password=mysql_real_escape_string($_POST['password']); // this protects from injection
$emsg = "Invalid Email";
$message= "Invalid Password";
$msg="Email and Password do not match";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$email."'");
if($a=mysql_fetch_array($result)){//nothing in this if will run if you didn't enter an email in the system
if($a["password"]==$password){
header("Location:after_login.php");
}
else {//password is wrong
echo $message:
}
}
else{//email is wrong
echo $emsg;
}
if i am entering the correct email and wrong password , it will display $message variable .
if i am entering the email wrong , its not showing the $ message .
but now what happens is without entering email and password , $message variable is displayed . whenever i refresh the browser it will display the $message variable is displayed .. i am geeting mad with this...
please help...
<?php
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".mysql_real_escape_string($_POST['email'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
$rowsReturnedByMatch = mysql_num_rows($result);
if ($rowsReturnedByMatch != 1) {
echo $message;
}
else {
header('location: pageForLoggedInUser.php');
exit();
}
?>
In this way you dont have to check outside the query (as your current script does). The 'LIMIT 1' is to ensure that only 1 match is found. I dont know if you test for things like similar usernames, similar email addresses and so forth, so it's a good idea to pull only one match from the database, if it exists.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Thanks for the suggestion .. i tried wat you said ..
When i run the code . wat happened is , the page is showing $message variable("Invalid Email or password") even before i enter anything in the form fields..
ie i am abe to log in when i enter the correct email and password but when i log out and come back to the main page that message is displayed . . y is it like tat ??
<?php
if (isset($_POST['fieldname'])) && isset($_POST['fieldname1'])) {
//do the checking
}
else {
//give a message that asks the user to enter values into the fields
// or
// redirect the user back to the login page
}
?>
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
i tried all the ways , it is still creating problems ...
can u suggest me a code for checking the email and password for log in
ie in my 'users table' , there are two fields , email and password and values test@test.com and test123..
i need to log in from my webpage ..
if the entered email and password does not match with that in the database , it should display an error message and if it matches , it should log in
<?php
$message = "Invalid email or password";
$result = @mysql_query("SELECT * FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."'
AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
$rowsReturned = @mysql_num_rows($result);
#start checking if a match has been found
#if the number of rows returned are not 1
#show the message.
if ($rowsReturned != 1) {
echo $message;
}
else {
#do everything you need to with the session
header('location: loggedIn.php');
exit();
}
Let me know if it works
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering