login error doesnt show up

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
carsky
Forum Commoner
Posts: 30
Joined: Sun Jul 08, 2007 3:26 am

login error doesnt show up

Post by carsky »

hi i am having problem with the error message on my login section..the error doesnt show up..well my login is located at the lower left of the homepage..i dont have a login page..users must login through my homepage...here's the code for the form...

Code: Select all

<? 
/* Include Files **********************/
require_once 'library/config.php';
/*************************************/
?>
<body>
<?php
if(isset($_SESSION['login_user']) && $_SESSION['login_user'] == 'ok'){
?>
<table cellpadding="3" cellspacing="0" border="0" width="140" style="font-family:sans-serif">
					<tr>
						<td align="center"><img src="include/myacc.jpg"></td>
					</tr>
					<tr>
						<td class="accountmenu"><img src="icons/help_f2.png" width="22" height="22"><?php echo $_SESSION['login_name'];?></td>
					</tr>
					<tr>
						<td class="accountmenu"><img src="icons/addedit.png" width="22" height="22"><a href="viewprofile.php" class="accmenu">View/Edit Profile</a></td>
					</tr>
					<tr>
						<td class="accountmenu"><img src="icons/" width="22" height="22"><a href="orderhistory.php" class="accmenu">Orders</a></td>
					</tr>
					<tr>
						<td class="accountmenu"><img src="icons/logout.png" width="22" height="22"><a href="logout.php" class="accmenu">Logout</a></td>
					</tr>
				</table>

<?php
}else{

$error = '';
?>
<form method="post" action="login2.php" onsubmit='return formValidator()' >
<?php echo $error; ?>
<table width="150" align="left" border="0" cellspacing="0" cellpadding="1">
<tr><td style="font-size:14px;font-weight:bolder" colspan="2" align="center">USER LOGIN</td></tr>
<tr><td style="font-size:12px">Username:</td><td><input type="text" name="user" size="10" id='user' maxlength="30"></td></tr>
<tr><td style="font-size:12px">Password:</td><td><input type="password" name="pass" size="10" id='pass' maxlength="30"></td></tr>

<tr><td colspan="2" align="center">
<input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td align="center"><a href="registration.php" class="1">Join</a></td><td colspan="2" align="center"><a href="forgotpassword.php" class="1">Forgot Password</a></td></tr>
</table>
</form>
<?php
}
?>
</body>
that's where the user will input his/her login info..if the login is correct the account option will show up..and if the login is false then the login form will still show up..i call this file the main2.php which is being required by my index.php..

and here's the script for my login..this script can allow the user to login and can already determine if the user info is available or not..my problem here is to show the errormessage if the login is incorrect or incomplete..

Code: Select all

<?php
require_once 'library/config.php';

$error = '';
$userName = $_POST['user'];
$password = $_POST['pass'];

	if($userName == '')
	{
		$error = "Invalid username";
	}
		else if($password == '')
		{
			$error = "Invalid password";
		}
			else
			{
				$sql = "SELECT * FROM tbl_customer WHERE Username = '$userName' AND Password = md5('$password')";
				$result = dbQuery($sql);

					if (dbNumRows($result) == 1)
					{
						$_SESSION['login_user']='ok';
						$row = dbFetchAssoc($result);
						$_SESSION['login_name'] = $row['Username'];
						$_SESSION['login_id'] = $row['Customerno'];
					}
						else
						{
							$error = "Wrong username and password";
						}
						
				
			}
			header('Location: index.php');

?>
ive tried putting return error$ at the end but login takes me into a blank php page..the error reporting is already turned on..please help me out..thanks
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Re: login on error doesnt show up

Post by tecktalkcm0391 »

Code: Select all

<?php
require_once 'library/config.php';

$error = '';
$userName = $_POST['user'];
$password = $_POST['pass'];

	if($userName == '')
	{
		$error = "Invalid username";
	}
		else if($password == '')
		{
			$error = "Invalid password";
		}
			else
			{
				$sql = "SELECT * FROM tbl_customer WHERE Username = '$userName' AND Password = md5('$password')";
				$result = dbQuery($sql);

					if (dbNumRows($result) == 1)
					{
						$_SESSION['login_user']='ok';
						$row = dbFetchAssoc($result);
						$_SESSION['login_name'] = $row['Username'];
						$_SESSION['login_id'] = $row['Customerno'];
					}
						else
						{
							$error = "Wrong username and password";
						}
						
				
			}
			header('Location: index.php'); // this line is going to foward to index.php no matter what so lets change it to:
                       //  the below:
                       if(!empty($error) && isset($error)){
                               echo $error;
                               exit;
                       } else {
                               header('Location: index.php'); 
                       }

?>
ive tried putting return error$ at the end but login takes me into a blank php page..the error reporting is already turned on..please help me out..thanks[/quote]
carsky
Forum Commoner
Posts: 30
Joined: Sun Jul 08, 2007 3:26 am

Post by carsky »

actually that was suppose to be $error as the variable for the error message
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

please try

Code: Select all

<?php
error_reporting(E_ALL);
ini_set('display_errors', true);
require_once 'library/config.php';

if ( empty($_POST['user']) || empty($_POST['pass']) ) {
  $error = 'username or password parameter missing';
}
else {
  $sql = "SELECT
      Username,Customerno
    FROM
      tbl_customer
    WHERE
      Username = '" . dbEscapeString($userName) . "'
      AND Password = '" . md5($password) . "'";
  $result = dbQuery($sql);

  if ( 1!=dbNumRows($result) ) {
    $error = "Wrong username and password";
  }
  else {    
    $row = dbFetchAssoc($result);
    $_SESSION['login_user']='ok';
    $_SESSION['login_name'] = $row['Username'];
    $_SESSION['login_id'] = $row['Customerno'];
  }
}

if ( isset($error) ) {
  echo $error;
  exit;
}
else {
  header('Location: index.php');
}
?>
where dbEscapeString() is a function analog to mysql_real_escape_string().
Post Reply