Page 1 of 1

login code...1/2 works...now what's wrong with the rest?

Posted: Sat Feb 08, 2003 10:14 pm
by rathlon
This is a simple script that I'm trying to implement on my site. Basically, i want 4 things to happen.

1) if both username and password are located in the database, redirect and show login status (currently works with this script)
2) if a username is entered but no password, display an error and redirect to the login page
3) same as 2, but password is enter with no username
4) same as 2 & 3 but no pass or username was entered

right now I have a login.php page that takes the users info and pases it to another script that runs the below snippet to determine if login is good or not. If an error occurred (as in #2, 3 or 4) I want it to redirect to the login_failure.php page where I display a uniform login error and provide the same login form to try again. Now, the weirdest thing happens with this code. If you enter an incorrect username and password, your redirected to the login_failure.php page just fine. However, if you don't provide login info, or leave either the password or username off, it just displays a blank page. Actually the URL shows http://ws-74r116-11l/login_script.php?page_id=1" (NOTE: the login_script is the name of the code snippet below, it's the script that runs the login for the site). Instead of showing that, I want it to redirect to the login_failure.php page. Shouldn't one of the elseif's do this as I have it coded? Someone help...

Code: Select all

<?php
<? session_start();
  if(!session_is_registered("valid_user"))
  {
       if(@$username && @$password)
       {
          include("functions.php");
          trim($username);
          trim($password);
          getDatabaseConnect('','auth');

          //setup query to test for a match.  This will return the number of matches that are found.  0 for no matches
          $query = "select count(*) from auth_users
                    where username='".$username."'
                    AND pass=password('".$password."')";
                    //echo $query."<br>";
          $result = mysql_query($query);
          $num_rows = mysql_num_rows($result);
          for($i = 0; $i < $num_rows; $i++)
          {
              $row = mysql_fetch_row($result);
          }
          //test the return of the first query.  If the number is greater than 0, a match was found and the valid_user
          //var can be registered
          if($row[0] == 1)
          {
              $valid_user = $username;
              session_register("valid_user");
              header("Location: http://ws-74r116-11l/default.php");
          }
          elseif($username == 'false' && $password == 'false')
          {
              header("Location: http://ws-74r116-11l/xx_db/login_failure.php");
          }
          elseif($username == 'false' && $password)
          {
              header("Location: http://ws-74r116-11l/xx_db/login_failure.php");
          }
          elseif($password == 'false' && $username)
          {
              header("Location: http://ws-74r116-11l/xx_db/login_failure.php");
          }
       }
  }
?>
?>

Posted: Sun Feb 09, 2003 5:28 am
by rathlon
for anyone who is wondering...I fixed the problem. New code snippet attached below. Basically I changed the elseif()'s to one compound if() to default to the error page if the queried info doesn't resolve to 1. The above problem was fixed by adding an else clause to the main if() in case certain login criteria were not provided. I.E. no username or no password or leaving both off.

Code: Select all

<?php
<? session_start();
  if(!session_is_registered("valid_user"))
  {
       //take the info that the user put into the form and connect to the databse to see if there is an entry
       //in the auth database that matches both the userrname and password.  If a match is found, then register
       //the username as valid_user var.  If the num_rows < 1 or no match
       //was found, redirect the user to an error page.  This will only start a match test if both a username and password are detected.
       if(@$username && @$password)
       {
          include("functions.php");
          trim($username);
          trim($password);
          getDatabaseConnect('','auth');

          //setup query to test for a match.  This will return the number of matches that are found.  0 for no matches
          $query = "select count(*) from auth_users
                    where username='".$username."'
                    AND pass=password('".$password."')";
                    //echo $query."<br>";
          $result = mysql_query($query);
          $num_rows = mysql_num_rows($result);
          for($i = 0; $i < $num_rows; $i++)
          {
              $row = mysql_fetch_row($result);
          }
          //test the return of the first query.  If the number is greater than 0, a match was found and the valid_user
          //var can be registered
          if($row[0] == 1)
          {
              $valid_user = $username;
              session_register("valid_user");
              header("Location: http://ws-74r116-11l/default.php");
          }
          else
          {
               header("Location: http://ws-74r116-11l/xx_db/login_failure.php");
          }
       }
       else
       {
           header("Location: http://ws-74r116-11l/xx_db/login_failure.php");
       }

  }
?>
?>