log in page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

log in page

Post by rrn »

i have created a log in page for my website...
with two fields
usernam and password ... when an user enters username and password , its logging in and tat is working fine ... and if the user enters a wrong password ...it displays a message "invalid password "..
but the problem is whe the user enters a wrong username... i need to display a message " wrong username"... it not working... wats happening is ...when the user enters wrong username and password... it will not log in but not dispalying the message,,,

code is as follows

Code: Select all

$email=$_POST['email'];                       // value of the text box field
$password=$_POST['password'];           // value of the text box field
$message= "Invalid Password";
$msg="Email and Password do not match";
 
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."' and password='".$_POST['password']."'");
if($a=mysql_fetch_array($result))
{
 
    if($a["email"]==$email)
    {
      if($a["password"]==$password)
      {
      header("Location:after_login.php");
      }
     else
      {
       //if password is wrong,  message is displayed
          echo $msg:
 
      }
    }
    else
    {
    echo $msg;
    
     }
 
}

sombody help me to solve this... any help will be appreciated...thank u...
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: log in page

Post by social_experiment »

Code: Select all

 
if($a["password"]==$password)
 
Your script only checks if the password is correct, you should another statement that checks if the username is correct or not. And you should also have a second message, to echo when the wrong username is detected.

You could also have a more generic message to indicate an errorneous login attempt.

Code: Select all

 
<?php
 $username = $_POST['username'];
 $password = $_POST['password'];
 $message = "Error. Incorrect login details";
 
 if ( $a['password '] != $password || $a['username'] != $username ) {
   echo $message
 }
?>
 
Hope this helps
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: log in page

Post by JakeJ »

My only caveat to this is that you should display the same message either way: Your user name or password is incorrect. Please try again.
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: log in page

Post by rrn »

i changed my code to the following ..

Code: Select all

 
 
$email=$_POST['email'];
$password=$_POST['password'];
 
$msg="Invalid Email or Password";
 
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."' and password='".$_POST['password']."'");
 
 
 
if($a=mysql_fetch_array($result))
{
 
    if($a["email"]==$email && $a["password"]==$password)
    {
           header("Location:after_login.php");
      }
 
     else
      {
           echo   $msg ;
 
          }
}
 
 
When i am entering the correct email and password , log in is working fine...
but when i enter the wrong email or password , it's not logging in tats wat i need , but the problem is ''Invalid email or password " msg is not displayed even if i wrote 'echo $msg' .. i dont understand wat the problem is ...please help....
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: log in page

Post by social_experiment »

Code: Select all

 
<?php
 $message = "Invalid username or password";
 
 $result=mysql_query("SELECT * FROM ".TABLE_USERS." WHERE email='".mysql_real_escape_string($_POST['email'])."' AND password='".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
 //shows you the amount of rows matching the username and password.
 $rowsReturned = mysql_num_rows($result);
 
 if ($rowsReturned == 1 ) {
  header('location: after_login.php');
  exit();
 }
 else {
  echo $message;
 }
?>
 
Check the amount of rows returned from your query. Also, i added the 'LIMIT 1' in the query so only one row is selected. Im not sure if you are checking the password / username to ensure that they are unique to each user.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
a.heresey
Forum Commoner
Posts: 59
Joined: Wed Dec 13, 2006 7:31 pm
Location: Chesapeake, VA, US

Re: log in page

Post by a.heresey »

Code: Select all

$email=mysql_real_escape_string($_POST['email']);                       // escape the string first, yo
$password=mysql_real_escape_string($_POST['password']);           // this protects from injection
$emsg = "Invalid Email";
$message= "Invalid Password";
$msg="Email and Password do not match";
 
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$email."'");
if($a=mysql_fetch_array($result)){//nothing in this if will run if you didn't enter an email in the system
      if($a["password"]==$password){
           header("Location:after_login.php");
           }
     else {//password is wrong
           echo $message:
            }
}
else{//email is wrong
    echo $emsg;
}
 
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: log in page

Post by rrn »

Thanks for your help

i tried with register_globals , it is set to off in my phpinfo.php

with following code

Code: Select all

$email=$_POST['email'];
$password=$_POST['password'];
 
$message = "Invalid Email or Password";
 
 
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."'");
 
 
 
if($a=mysql_fetch_array($result))
{
 
    if($a["email"]==$email)
    {
      if($a["password"]==$password)
      {
        
        header("location:after_login.php");
      }
      else
      {
        
        echo $message;
      }
 
    }
    else
    {
      echo $message;
    }
}
if i am entering the correct email and wrong password , it will display $message variable .
if i am entering the email wrong , its not showing the $ message . :crazy:

i changed the code to the following

Code: Select all

$email=$_POST['email'];
$password=$_POST['password'];
 
$message = "Invalid Email or Password";
 
 
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."'");
 
 
 
if($a=mysql_fetch_array($result))
{
 
    if($a["email"]==$email)
    {
      if($a["password"]==$password)
      {
        
        header("location:after_login.php");
      }
      else
      {
        
        echo $message;
      }
 
    }
    else
    {
      echo $message;
    }
    }
else
{
echo $message ;
}
but now what happens is without entering email and password , $message variable is displayed . whenever i refresh the browser it will display the $message variable is displayed .. i am geeting mad with this...
please help... :banghead:
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: log in page

Post by social_experiment »

Your current code :

Code: Select all

 
<?php
  $email=$_POST['email'];
  $password=$_POST['password'];   
  $message = "Invalid Email or Password";   
   
  $result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."'");
  
  if($a=mysql_fetch_array($result))
  {   
      if($a["email"]==$email)
     {
        if($a["password"]==$password)
        {         
          header("location:after_login.php");
        }
        else
        {         
          echo $message;
        }   
      }
   else
      {
        echo $message;
      }
 } 
?>
 
1. Change your query so that you match both the password and the email address at once.

Code: Select all

 
<?php
 $result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".mysql_real_escape_string($_POST['email'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
 
 $rowsReturnedByMatch = mysql_num_rows($result);
 
 if ($rowsReturnedByMatch != 1) {
  echo $message;
 }
 else {
  header('location: pageForLoggedInUser.php');
  exit();
 } 
?>
 
In this way you dont have to check outside the query (as your current script does). The 'LIMIT 1' is to ensure that only 1 match is found. I dont know if you test for things like similar usernames, similar email addresses and so forth, so it's a good idea to pull only one match from the database, if it exists.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: log in page

Post by rrn »

Thanks for the suggestion .. i tried wat you said ..
When i run the code . wat happened is , the page is showing $message variable("Invalid Email or password") even before i enter anything in the form fields..
ie i am abe to log in when i enter the correct email and password but when i log out and come back to the main page that message is displayed . . y is it like tat ?? :crazy:

I hope you understood the problem ...
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: log in page

Post by social_experiment »

Are you calling the form that does the checking on itself with :

Code: Select all

 <?php
 echo $_SERVER['PHP_SELF'];
?> 
or calling another page to do the checking :

Code: Select all

<html>
<form method="post" action="alternative_script">
</form>
</html> 
If it's the first example (and in fact, for BOTH examples) , you should check whether the text fields have been set :

Code: Select all

<?php
 if (isset($_POST['fieldname'])) && isset($_POST['fieldname1'])) {
  //do the checking
 }
 else {
  //give a message that asks the user to enter values into the fields
  // or
  // redirect the user back to the login page
 }
?> 
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: log in page

Post by rrn »

i tried all the ways , it is still creating problems ... :crazy: :crazy:
can u suggest me a code for checking the email and password for log in
ie in my 'users table' , there are two fields , email and password and values test@test.com and test123..

i need to log in from my webpage ..
if the entered email and password does not match with that in the database , it should display an error message and if it matches , it should log in

it will be of great help to me..
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: log in page

Post by social_experiment »

Could you either paste your complete code ( form, processing script ) or add the files for download. It will be much easier to help you then :)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: log in page

Post by rrn »

this is my login.php

Code: Select all

<?php
 
session_start();
 
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".mysql_real_escape_string($_POST['email'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
 
$email=$_POST['email'];
$password=$_POST['password'];
 
 
$message = "Invalid Email or Password";
 
if($a=mysql_fetch_array($result))
{
 
    if($a["email"]==$email)
    {
      if($a["password"]==$password)
      {
        $_SESSION['email']=$email;
        header("location:after_login.php");
      }
      else
      {
 
        echo $message;
      }
 
    }
    else
    {
          echo $message;
    }
}
 
<html>
<head>
<script type="text/javascript" language="JavaScript">
 
function employee_validate() {
if(document.form.email.value=="")
{
alert ('Email left empty');
return false;
}
if(document.form.password.value=="")
{
alert ('Password left empty');
return false;
}
}
</script>
</head>
<body>
<form name="form"  action="login.php" method="POST"  onsubmit="return employee_validate();">
        <table cellpadding="3" cellspacing="1" border="0" width="99%" align="center">
            <tr>
                <td colspan="2" class="f-bold fs-11 fc-FF0">Log In with your Email id and Password.</td>
            </tr>
            <tr> </tr>
            <tr>
                <td class="bg-EEE" width="120">Email</td>
                <td class="bg-F7F"><input type="text" id="email" name="email" value=""></td>
            </tr>
            <tr>
                <td class="bg-EEE">Password</td>
                <td class="bg-F7F"><input type="password" id="password" name="password" value=""></td>
            </tr>
            <tr>
                <td></td>
                <td>
                    <input type="submit" name="submit" value=" Log In " class="button f-bold pb-3" />
                </td>
            </tr>
           </table>
        </form>
</body>
  </html>
?>
this is my after_login.php

Code: Select all

<?php
session_start();
 
echo $_SESSION['email'];
 
<html>
<head>
</head>
<body>
<table align="right">
<tr><td><a href="logout.php"><font color="#FF0000" face="cambria" size="3"><p align="right"><i>Log out</i></p></font></a></td>
</tr>
</table>
 
//text to be displayed here 
 
 
</body>
 </html>
 
?>
this is my log out.php

Code: Select all

<?php
 
session_start();
session_unregister('email');
session_unregister('password');
session_destroy('email');
session_destroy('password');
 
header("Location:employee_login.php");
?>
i have posted all the codes .. please refer to my previous thread and help me to solve it out....thanks...
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: log in page

Post by social_experiment »

Thank you for the code posting. Here is what i did :

Html code for the form :

Code: Select all

 
<html>
<form method="post" action="processPage.php" >
    Email : <input type="text" name="email" size="20" />
    <br />
    Password :<input type="password" name="password" size="20" />
    <br />
    <input type="submit" value="Login" name="bTn" />
</form>
</html>
 
Code on the process page :

Code: Select all

<?php
 $message = "Invalid email or password";
    
 $result = @mysql_query("SELECT * FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."' 
 AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
 $rowsReturned = @mysql_num_rows($result);
    
 #start checking if a match has been found
 #if the number of rows returned are not 1
 #show the message.
 if ($rowsReturned != 1) {
  echo $message;
 }
 else {
  #do everything you need to with the session       
  header('location: loggedIn.php');
  exit();
 }
 
Let me know if it works :)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply