Page 1 of 2

Want to get rid of die() and want to print an error message

Posted: Sun Mar 04, 2007 2:03 pm
by crazytopu
I need a better solution guys, if you can help. Thanks. Please see the original code at the bottom. Please dont hesitate to ask if anything is unclear.

Here is the form I am currently working on :



http://compquo.com/join_member.php



To understand what I am trying to achieve, if you could simply type two different password - one for password field and nother for re-password field (dong worry filling any other fields) and hit submit, it will tell you password didnot match. But you will notice the paymoves to the right. It is because I am using die() function there.

I am using die() here when username or password is wrong but that is taking me out of the page but I want to display the messsage on the same page where the form exists. (i.e I want to print an error message when something goes wrong in the place of the form).

But if you type the same password twice correctly for those two fields you will see that the confirmation message is printed on the right place which is in place of the form. It's coz I am using echo there instead of die.


I can do it with one if check becuase I can simply use echo. But when there are a number of if statements to be checked the only option i see is die. I got just a vauge idea, like this


Code: Select all

$error = 0

if (!($num_rows))          
{ 

$error = 1;

} 

$row= $connector->fetchArray($result); 
// check if passwords match 
$_POST['password'] = stripslashes($_POST['password']); 
$row['password'] = stripslashes($row['password']); 
$_POST['password'] = md5($_POST['password']); 

//if password doesnot match
if ($_POST['password'] != $row['password']) 
{ 
$error =1
} 

if(error=1){

echo "username or password is invalid";

}

.
.
.

}

else {  ?> 

 display form...        //  [ I want to pritn the error message right here ]  In that case is it best to 
                                       echo the whole form in php rather than doing it as html ?


<?}  //end of else ?>





---- original code ------

Code: Select all

if (isset($_POST['submit'])) 
{ 
require_once ('../includes/DbConnector.php');
$connector = new DbConnector();
$check = "SELECT user_name, password, user_type FROM user WHERE user_name = '".$_POST['user_name']."'"; 

$result = $connector->query($check); 
$num_rows = mysql_num_rows($result); 

if (!($num_rows))          
{ 
die('<center><strong>Username or password is invalid <strong></center>'); 
} 
$row= $connector->fetchArray($result); 
// check if passwords match 
$_POST['password'] = stripslashes($_POST['password']); 
$row['password'] = stripslashes($row['password']); 
$_POST['password'] = md5($_POST['password']); 
//if password doesnot match
if ($_POST['password'] != $row['password']) 
{ 
die('<center><strong>Username or password is invalid </strong></center>'); 
} 


if($_POST['user_type']!= $row['user_type']){

die('<center><strong>That user type is not valid for this user</strong></center>'); 

}


/*register session variables and set last login time.*/ 
$date = date('d,m,y'); 
$update_login = $connector->query("UPDATE user SET last_login = '$date' WHERE user_name = '".$_POST['user_name']."'"); 
$_POST['user_name'] = stripslashes($_POST['user_name']); 
$_SESSION['user'] = $_POST['user_name']; 
$_SESSION['pass'] = $_POST['password']; 
$_SESSION['user_type'] = $_POST['user_type']; 
header("Location: index.php");



}else {

?>

// display the form


<?

} // end of else
?>

Re: Want to get rid of die() and want to print an error mess

Posted: Sun Mar 04, 2007 2:16 pm
by tecktalkcm0391
Why don't you try putting the error to a variable:
crazytopu wrote:

Code: Select all

$error='';
if (isset($_POST['submit'])) 
{ 
require_once ('../includes/DbConnector.php');
$connector = new DbConnector();
$check = "SELECT user_name, password, user_type FROM user WHERE user_name = '".$_POST['user_name']."'"; 

$result = $connector->query($check); 
$num_rows = mysql_num_rows($result); 

if (!($num_rows))          
{ 
if(!empty($error)){ $error.='<br>'; }
$error.='<center><strong>Username or password is invalid <strong></center>'); 
} 
$row= $connector->fetchArray($result); 
// check if passwords match 
$_POST['password'] = stripslashes($_POST['password']); 
$row['password'] = stripslashes($row['password']); 
$_POST['password'] = md5($_POST['password']); 
//if password doesnot match
if ($_POST['password'] != $row['password']) 
{ 
if(!empty($error)){ $error.='<br>'; }
error.='<center><strong>Username or password is invalid </strong></center>';
} 


if($_POST['user_type']!= $row['user_type']){
if(!empty($error)){ $error.='<br>'; }
error.='<center><strong>That user type is not valid for this user</strong></center>';
}


/*register session variables and set last login time.*/ 
$date = date('d,m,y'); 
$update_login = $connector->query("UPDATE user SET last_login = '$date' WHERE user_name = '".$_POST['user_name']."'"); 
$_POST['user_name'] = stripslashes($_POST['user_name']); 
$_SESSION['user'] = $_POST['user_name']; 
$_SESSION['pass'] = $_POST['password']; 
$_SESSION['user_type'] = $_POST['user_type']; 
header("Location: index.php");



}else {

?>

// display the form
<?php if(!empty($error)){ echo $error; } ?>


<?

} // end of else
?>

Posted: Sun Mar 04, 2007 3:16 pm
by crazytopu
Thanks a lot, that's what i needed. By the way,

is there something wrong with this snipet?

The page simply doesnot load when I use the dot to assign the line to the variable inside if block.

Code: Select all

$error = '';
		if (($num_rows))          
		{ 
			$error. = '<center><strong>That username does not exist in our database.</strong></center>'; 
		}
But without the dot (i.e $error = 'bla bla') the page loads fine but then I dont get any output for the following line even if I supply a wrong user name. I checked with mysql_num_rows() and when a wrong user name is provided it outputs 0, or else 1. So, seems like everything is fine. But then why the eror message is not beign displayeD?


Code: Select all

<?php if(!empty($error)){ echo $error; } ?>

Posted: Sun Mar 04, 2007 3:47 pm
by tecktalkcm0391
crazytopu wrote:Thanks a lot, that's what i needed. By the way,

is there something wrong with this snipet?

The page simply doesnot load when I use the dot to assign the line to the variable inside if block.

Code: Select all

$error = '';
		if (($num_rows))          
		{ 
			$error. = '<center><strong>That username does not exist in our database.</strong></center>'; 
		}
But without the dot (i.e $error = 'bla bla') the page loads fine but then I dont get any output for the following line even if I supply a wrong user name. I checked with mysql_num_rows() and when a wrong user name is provided it outputs 0, or else 1. So, seems like everything is fine. But then why the eror message is not beign displayeD?


Code: Select all

<?php if(!empty($error)){ echo $error; } ?>
To append to a variable you need to use $var.= without any spaces.

Posted: Sun Mar 04, 2007 5:35 pm
by volka
crazytopu wrote:$_POST['password'] = stripslashes($_POST['password']);
$row['password'] = stripslashes($row['password']);
stripslashes?
crazytopu wrote:error.='<center
missing a $

Posted: Mon Mar 05, 2007 10:47 am
by crazytopu
By the way, which way you stop the same message being printed twice?

With this code, if someone types wrong username and wrong password the $error variable holds the same message twice.

So, when you output $errror, you get something like

"Invalid username or password"
"Invalid username or password"

Obviously, for security reason not to make it explicit I shouldnot be printing Two different messages like:

"Invalid username"
"Invalid password "

Correct?

So, how to cut it short to just one message when both username and password are typed wrong?

Posted: Mon Mar 05, 2007 2:00 pm
by RobertGonzalez
You can use spaces when concatenating strings using the dot-equal syntax, you just can't have spaces between the dot and the equal.

Code: Select all

<?php
$message .= 'Message was appended';
?>

Posted: Mon Mar 05, 2007 2:02 pm
by crazytopu
Yes, Thanks. Someone helped me earlier figuring it out. Now If anyone could help me with my second question.

Posted: Mon Mar 05, 2007 2:04 pm
by RobertGonzalez
Combine the error message so it is only one message, or just use two different messages.

Posted: Mon Mar 05, 2007 2:18 pm
by crazytopu
Thanks mate.

I got a workaround: inside my password check I put this if block and it is working fine now.

Code: Select all

if ($_POST['password'] != $row['password']) 
	{ 
		
		if(!empty($error))
		{
			$error='';
		}
		
		
		$error.="<br>User name or password is invalid";
	}

Posted: Mon Mar 05, 2007 2:30 pm
by RobertGonzalez
Can I suggest initializing that variable outside of the conditional? That way it is available to the app and will not throw undefined variable notices if it is called outside it defined scope.

Code: Select all

<?php
$error = '';
if ($_POST['password'] != $row['password'])
{
    $error.="<br>User name or password is invalid";
}

// Now you can literally call $error without worry, since it is defined within this scope
?>

Posted: Mon Mar 05, 2007 2:32 pm
by crazytopu
IT was already done, but i just showed the code inside if statement then.

Code: Select all

$check = "SELECT username, password, usertype FROM member WHERE username = '".$_POST['username_txt']."'"; 

	//echo $check;

	$result = $connector->query($check); 
	$num_rows = mysql_num_rows($result); 

	$error="";     // initialised here as a global variable. 

	//echo $num_rows;

	if($num_rows<1){
		$error.="<br>User name or password is invalid";
	}

	
	$row= $connector->fetchArray($result); 
	
		
	$_POST['password'] = stripslashes($_POST['password']); 
	$row['password'] = stripslashes($row['password']); 
	
		
	$_POST['password'] = md5($_POST['password']); 
	
		
	//if password doesnot match
	if ($_POST['password'] != $row['password']) 
	{ 
		
		if(!empty($error))
		{
			$error='';
		}
		
		
		$error.="<br>User name or password is invalid";
	}

Posted: Mon Mar 05, 2007 2:35 pm
by RobertGonzalez
The way it is now, the variable $error gets reset to empty inside the conditional that checks to see if the passwords are the not the same. If there was a value in the $error var it is not gone.

Posted: Mon Mar 05, 2007 2:40 pm
by crazytopu
well, if i got your point you are saing the first error message is being replaced if it is a wrong password?

the way I want to print is


if username is not valid

$errror.="same message";

move to check if password is invalid
if invalid
empty $error
then assign the same message again

if valid password
redirect to account page

// this is so you dont print the same message twice when user name and password are both incorrect.


And it is working fine...what is your point?

Posted: Mon Mar 05, 2007 3:00 pm
by RobertGonzalez
Code cleanliness and readability bro, that is my point. You were manipulating the users posted data by reassigning values to $_POST values, as well as doing unnecessary coding of the error message. What about something like this?

Code: Select all

<?php
// Initialize the error variable
$error = '';

$username_text = isset($_POST['username_txt']) ? $_POST['username_txt'] : '';

if (!empty($username_txt))
{
    $check = "SELECT username, password, usertype FROM member WHERE username = '$username_txt'";
    $result = $connector->query($check);

    if (mysql_num_rows($result) < 1) {
        $error .= '<br>User name or password is invalid';
    }

    $row = $connector->fetchArray($result);

    //if password does not match
    if (md5(stripslashes($_POST['password'])) != stripslashes($row['password'])) {
        // This is the area where things seemed wierd
        // If the error message is empty, add to it without the reset
        if (empty($error)) {
            $error .= '<br>User name or password is invalid';
        }
    }
} else {
    die('The username text field cannot be blank');
}
?>