1. The username stays at its pre-refresh value.
2. The last error message received ("Username must contain...", "Password must contain...", "Username/password combination...") remains.
I've tried setting form value = "", unset($_POST), and various $_POST[] values to "", all to no avail. I'm almost positive this is a header issue, but I'm not sure how to fix it.
Any ideas? (Also, I'm rather new to php, so comments on any other part of the code or the format of this forum post that would improve it would be helpful.)
Thank you.
login.php:
Code: Select all
<?php
//ob_start();
?>
<html>
<head>
</head>
<body>
<form action="login.php" method="post">
<p>
<label for="username">Username</label>
<input type="text" name="username" id="username" value="" />
</p>
<p>
<label for="password">Password</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="login" value="Sign in" />
</p>
</form>
<?php
// test user login
if (isset($_POST["login"]))
{
include_once ("msffl.php");
// check for username not valid
if (!validate($_POST["username"]))
{
echo "<p>Username must contain only alphanumeric characters (a-z, A-Z, 0-9), and may not be blank.</p>";
}
// check for password not valid
else if (!validate($_POST['password']))
{
echo "<p>Password must contain only alphanumeric characters (a-z, A-Z, 0-9), and may not be blank.</p>";
}
// username/password valid
else
{
// compare username/password
connect();
$user_type = compare($_POST["username"], md5($_POST["password"]));
// administrator signing in, load admin page
if (!strcasecmp($user_type, "A"))
{
//header("Location: admin/admin.php");
}
// player signing in, load player page
else if (!strcasecmp($user_type, "P"))
{
//header("Location: players/player.php");
}
// username/password combination incorrect
else
{
echo "<p>Username/password combination incorrect; please try again.</p>";
}
}
//ob_end_flush();
}
?>
</body>
</html>Code: Select all
<?php
// connects to a mySQL database, printing error message if unable
function connect()
{
@mysql_pconnect("localhost", "----", "----")
or die("Could not connect to MySQL server");
@mysql_select_db("fantasy_football") or die("Could not open database");
}
// compares username and password, returns user type if they match, blank otherwise
function compare($username, $password)
{
$query = "SELECT player_id, password, user_type from players WHERE player_id = '"
.$username."' and password = '".$password."'";
$result = mysql_query($query);
if (mysql_num_rows($result) == 0) $user_type = "";
else $user_type = mysql_result($result, 0, "user_type");
return $user_type;
}
// closes the database
function close_db()
{
mysql_close();
}
// validates that no [:punct:] characters are present, and that string is not null
function validate($string)
{
$valid = true;
if (preg_match("/[[:punct:]]/", $string) || strlen($string) == 0)
{
$valid = false;
}
return $valid;
}
?>