login code...1/2 works...now what's wrong with the rest?
Posted: Sat Feb 08, 2003 10:14 pm
This is a simple script that I'm trying to implement on my site. Basically, i want 4 things to happen.
1) if both username and password are located in the database, redirect and show login status (currently works with this script)
2) if a username is entered but no password, display an error and redirect to the login page
3) same as 2, but password is enter with no username
4) same as 2 & 3 but no pass or username was entered
right now I have a login.php page that takes the users info and pases it to another script that runs the below snippet to determine if login is good or not. If an error occurred (as in #2, 3 or 4) I want it to redirect to the login_failure.php page where I display a uniform login error and provide the same login form to try again. Now, the weirdest thing happens with this code. If you enter an incorrect username and password, your redirected to the login_failure.php page just fine. However, if you don't provide login info, or leave either the password or username off, it just displays a blank page. Actually the URL shows http://ws-74r116-11l/login_script.php?page_id=1" (NOTE: the login_script is the name of the code snippet below, it's the script that runs the login for the site). Instead of showing that, I want it to redirect to the login_failure.php page. Shouldn't one of the elseif's do this as I have it coded? Someone help...
1) if both username and password are located in the database, redirect and show login status (currently works with this script)
2) if a username is entered but no password, display an error and redirect to the login page
3) same as 2, but password is enter with no username
4) same as 2 & 3 but no pass or username was entered
right now I have a login.php page that takes the users info and pases it to another script that runs the below snippet to determine if login is good or not. If an error occurred (as in #2, 3 or 4) I want it to redirect to the login_failure.php page where I display a uniform login error and provide the same login form to try again. Now, the weirdest thing happens with this code. If you enter an incorrect username and password, your redirected to the login_failure.php page just fine. However, if you don't provide login info, or leave either the password or username off, it just displays a blank page. Actually the URL shows http://ws-74r116-11l/login_script.php?page_id=1" (NOTE: the login_script is the name of the code snippet below, it's the script that runs the login for the site). Instead of showing that, I want it to redirect to the login_failure.php page. Shouldn't one of the elseif's do this as I have it coded? Someone help...
Code: Select all
<?php
<? session_start();
if(!session_is_registered("valid_user"))
{
if(@$username && @$password)
{
include("functions.php");
trim($username);
trim($password);
getDatabaseConnect('','auth');
//setup query to test for a match. This will return the number of matches that are found. 0 for no matches
$query = "select count(*) from auth_users
where username='".$username."'
AND pass=password('".$password."')";
//echo $query."<br>";
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);
for($i = 0; $i < $num_rows; $i++)
{
$row = mysql_fetch_row($result);
}
//test the return of the first query. If the number is greater than 0, a match was found and the valid_user
//var can be registered
if($row[0] == 1)
{
$valid_user = $username;
session_register("valid_user");
header("Location: http://ws-74r116-11l/default.php");
}
elseif($username == 'false' && $password == 'false')
{
header("Location: http://ws-74r116-11l/xx_db/login_failure.php");
}
elseif($username == 'false' && $password)
{
header("Location: http://ws-74r116-11l/xx_db/login_failure.php");
}
elseif($password == 'false' && $username)
{
header("Location: http://ws-74r116-11l/xx_db/login_failure.php");
}
}
}
?>
?>