Page 1 of 1
log in page
Posted: Fri Jan 22, 2010 7:42 am
by rrn
i have created a log in page for my website...
with two fields
usernam and password ... when an user enters username and password , its logging in and tat is working fine ... and if the user enters a wrong password ...it displays a message "invalid password "..
but the problem is whe the user enters a wrong username... i need to display a message " wrong username"... it not working... wats happening is ...when the user enters wrong username and password... it will not log in but not dispalying the message,,,
code is as follows
Code: Select all
$email=$_POST['email']; // value of the text box field
$password=$_POST['password']; // value of the text box field
$message= "Invalid Password";
$msg="Email and Password do not match";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."' and password='".$_POST['password']."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email)
{
if($a["password"]==$password)
{
header("Location:after_login.php");
}
else
{
//if password is wrong, message is displayed
echo $msg:
}
}
else
{
echo $msg;
}
}
sombody help me to solve this... any help will be appreciated...thank u...
Re: log in page
Posted: Sat Jan 23, 2010 1:32 pm
by social_experiment
Your script only checks if the password is correct, you should another statement that checks if the username is correct or not. And you should also have a second message, to echo when the wrong username is detected.
You could also have a more generic message to indicate an errorneous login attempt.
Code: Select all
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$message = "Error. Incorrect login details";
if ( $a['password '] != $password || $a['username'] != $username ) {
echo $message
}
?>
Hope this helps
Re: log in page
Posted: Sat Jan 23, 2010 2:22 pm
by JakeJ
My only caveat to this is that you should display the same message either way: Your user name or password is incorrect. Please try again.
Re: log in page
Posted: Sun Jan 24, 2010 1:28 am
by rrn
i changed my code to the following ..
Code: Select all
$email=$_POST['email'];
$password=$_POST['password'];
$msg="Invalid Email or Password";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."' and password='".$_POST['password']."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email && $a["password"]==$password)
{
header("Location:after_login.php");
}
else
{
echo $msg ;
}
}
When i am entering the correct email and password , log in is working fine...
but when i enter the wrong email or password , it's not logging in tats wat i need , but the problem is ''Invalid email or password " msg is not displayed even if i wrote 'echo $msg' .. i dont understand wat the problem is ...please help....
Re: log in page
Posted: Sun Jan 24, 2010 3:52 am
by social_experiment
Code: Select all
<?php
$message = "Invalid username or password";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." WHERE email='".mysql_real_escape_string($_POST['email'])."' AND password='".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
//shows you the amount of rows matching the username and password.
$rowsReturned = mysql_num_rows($result);
if ($rowsReturned == 1 ) {
header('location: after_login.php');
exit();
}
else {
echo $message;
}
?>
Check the amount of rows returned from your query. Also, i added the 'LIMIT 1' in the query so only one row is selected. Im not sure if you are checking the password / username to ensure that they are unique to each user.
Re: log in page
Posted: Sun Jan 24, 2010 4:05 pm
by a.heresey
Code: Select all
$email=mysql_real_escape_string($_POST['email']); // escape the string first, yo
$password=mysql_real_escape_string($_POST['password']); // this protects from injection
$emsg = "Invalid Email";
$message= "Invalid Password";
$msg="Email and Password do not match";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$email."'");
if($a=mysql_fetch_array($result)){//nothing in this if will run if you didn't enter an email in the system
if($a["password"]==$password){
header("Location:after_login.php");
}
else {//password is wrong
echo $message:
}
}
else{//email is wrong
echo $emsg;
}
Re: log in page
Posted: Tue Jan 26, 2010 4:59 am
by rrn
Thanks for your help
i tried with register_globals , it is set to off in my phpinfo.php
with following code
Code: Select all
$email=$_POST['email'];
$password=$_POST['password'];
$message = "Invalid Email or Password";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email)
{
if($a["password"]==$password)
{
header("location:after_login.php");
}
else
{
echo $message;
}
}
else
{
echo $message;
}
}
if i am entering the correct email and wrong password , it will display $message variable .
if i am entering the email wrong , its not showing the $ message .
i changed the code to the following
Code: Select all
$email=$_POST['email'];
$password=$_POST['password'];
$message = "Invalid Email or Password";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email)
{
if($a["password"]==$password)
{
header("location:after_login.php");
}
else
{
echo $message;
}
}
else
{
echo $message;
}
}
else
{
echo $message ;
}
but now what happens is without entering email and password , $message variable is displayed . whenever i refresh the browser it will display the $message variable is displayed .. i am geeting mad with this...
please help...

Re: log in page
Posted: Tue Jan 26, 2010 6:30 am
by social_experiment
Your current code :
Code: Select all
<?php
$email=$_POST['email'];
$password=$_POST['password'];
$message = "Invalid Email or Password";
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".$_POST['email']."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email)
{
if($a["password"]==$password)
{
header("location:after_login.php");
}
else
{
echo $message;
}
}
else
{
echo $message;
}
}
?>
1. Change your query so that you match both the password and the email address at once.
Code: Select all
<?php
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".mysql_real_escape_string($_POST['email'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
$rowsReturnedByMatch = mysql_num_rows($result);
if ($rowsReturnedByMatch != 1) {
echo $message;
}
else {
header('location: pageForLoggedInUser.php');
exit();
}
?>
In this way you dont have to check outside the query (as your current script does). The 'LIMIT 1' is to ensure that only 1 match is found. I dont know if you test for things like similar usernames, similar email addresses and so forth, so it's a good idea to pull only one match from the database, if it exists.
Re: log in page
Posted: Wed Jan 27, 2010 2:16 am
by rrn
Thanks for the suggestion .. i tried wat you said ..
When i run the code . wat happened is , the page is showing $message variable("Invalid Email or password") even before i enter anything in the form fields..
ie i am abe to log in when i enter the correct email and password but when i log out and come back to the main page that message is displayed . . y is it like tat ??
I hope you understood the problem ...
Re: log in page
Posted: Wed Jan 27, 2010 4:25 am
by social_experiment
Are you calling the form that does the checking on itself with :
Code: Select all
<?php
echo $_SERVER['PHP_SELF'];
?>
or calling another page to do the checking :
Code: Select all
<html>
<form method="post" action="alternative_script">
</form>
</html>
If it's the first example (and in fact, for BOTH examples) , you should check whether the text fields have been set :
Code: Select all
<?php
if (isset($_POST['fieldname'])) && isset($_POST['fieldname1'])) {
//do the checking
}
else {
//give a message that asks the user to enter values into the fields
// or
// redirect the user back to the login page
}
?>
Re: log in page
Posted: Wed Jan 27, 2010 7:01 am
by rrn
i tried all the ways , it is still creating problems ...
can u suggest me a code for checking the email and password for log in
ie in my 'users table' , there are two fields , email and password and values
test@test.com and test123..
i need to log in from my webpage ..
if the entered email and password does not match with that in the database , it should display an error message and if it matches , it should log in
it will be of great help to me..
Re: log in page
Posted: Wed Jan 27, 2010 7:22 am
by social_experiment
Could you either paste your complete code ( form, processing script ) or add the files for download. It will be much easier to help you then

Re: log in page
Posted: Thu Jan 28, 2010 12:28 am
by rrn
this is my login.php
Code: Select all
<?php
session_start();
$result=mysql_query("SELECT * FROM ".TABLE_USERS." where email='".mysql_real_escape_string($_POST['email'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
$email=$_POST['email'];
$password=$_POST['password'];
$message = "Invalid Email or Password";
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email)
{
if($a["password"]==$password)
{
$_SESSION['email']=$email;
header("location:after_login.php");
}
else
{
echo $message;
}
}
else
{
echo $message;
}
}
<html>
<head>
<script type="text/javascript" language="JavaScript">
function employee_validate() {
if(document.form.email.value=="")
{
alert ('Email left empty');
return false;
}
if(document.form.password.value=="")
{
alert ('Password left empty');
return false;
}
}
</script>
</head>
<body>
<form name="form" action="login.php" method="POST" onsubmit="return employee_validate();">
<table cellpadding="3" cellspacing="1" border="0" width="99%" align="center">
<tr>
<td colspan="2" class="f-bold fs-11 fc-FF0">Log In with your Email id and Password.</td>
</tr>
<tr> </tr>
<tr>
<td class="bg-EEE" width="120">Email</td>
<td class="bg-F7F"><input type="text" id="email" name="email" value=""></td>
</tr>
<tr>
<td class="bg-EEE">Password</td>
<td class="bg-F7F"><input type="password" id="password" name="password" value=""></td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="submit" value=" Log In " class="button f-bold pb-3" />
</td>
</tr>
</table>
</form>
</body>
</html>
?>
this is my after_login.php
Code: Select all
<?php
session_start();
echo $_SESSION['email'];
<html>
<head>
</head>
<body>
<table align="right">
<tr><td><a href="logout.php"><font color="#FF0000" face="cambria" size="3"><p align="right"><i>Log out</i></p></font></a></td>
</tr>
</table>
//text to be displayed here
</body>
</html>
?>
this is my log out.php
Code: Select all
<?php
session_start();
session_unregister('email');
session_unregister('password');
session_destroy('email');
session_destroy('password');
header("Location:employee_login.php");
?>
i have posted all the codes .. please refer to my previous thread and help me to solve it out....thanks...
Re: log in page
Posted: Thu Jan 28, 2010 7:40 am
by social_experiment
Thank you for the code posting. Here is what i did :
Html code for the form :
Code: Select all
<html>
<form method="post" action="processPage.php" >
Email : <input type="text" name="email" size="20" />
<br />
Password :<input type="password" name="password" size="20" />
<br />
<input type="submit" value="Login" name="bTn" />
</form>
</html>
Code on the process page :
Code: Select all
<?php
$message = "Invalid email or password";
$result = @mysql_query("SELECT * FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."'
AND password = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1 ");
$rowsReturned = @mysql_num_rows($result);
#start checking if a match has been found
#if the number of rows returned are not 1
#show the message.
if ($rowsReturned != 1) {
echo $message;
}
else {
#do everything you need to with the session
header('location: loggedIn.php');
exit();
}
Let me know if it works
