How to do this login and fail message function?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
morris520
Forum Commoner
Posts: 60
Joined: Thu Sep 18, 2008 8:56 pm
Location: Manchester UK

How to do this login and fail message function?

Post by morris520 »

Hi

Can someone give me a hand on my coding?

Tasks: I have 2 login pages. main.php is the input window, then it post to check.php which checks whether login is successful and it is invisible to users! If login is ok, then redirects user to further page otherwise I want to redirect user to the main.php. But then I want to print a message "Login fails on main.php". How can I do this?

Here are some code:

Code: Select all

 
<?php
 
include '../conn.php';
 
ob_start();
 
// Connect to server and select databse.
$connect = mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect"); 
 
// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 
 
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
 
$sql="SELECT * FROM customer WHERE username='$myusername' and password='$mypassword'";
$result=mysql_db_query($dbname, $sql, $connect);
 
 
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
 
if($count==1){
 
    while($row = mysql_fetch_array($result, MYSQL_ASSOC))
    {
        $id = $row[id];
    }
 
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("id");
    session_register("myusername");
    session_register("mypassword"); 
 
    header("location:../table.php");
}
else {
    header("location:../main.php");
}
 
ob_end_flush();
?>
 
SBro
Forum Commoner
Posts: 98
Joined: Tue Sep 30, 2003 10:06 pm

Re: How to do this login and fail message function?

Post by SBro »

This could be done many ways:
  • Set a session variable (before you redirect back to main.php) with the message, then get that message from the session in main.php (presumably clearing it afterwards so it doesn't print everytime you load main.php).
  • Pass the message as a parameter on the end of the redirect i.e.

    Code: Select all

    header('Location:../main.php?msg=' . urlencode('Login fails on main.php'));
  • Pass a message code on the end of the redirect i.e.

    Code: Select all

    header('Location:../main.php?msgCode=1');
    Then get that message code in main.php and do what you want with it, i.e. if it's "1" you might display "Login failed, incorrect username", if it's "2" you might display "Login failed, incorrect password" or something similar.
User avatar
mattcooper
Forum Contributor
Posts: 210
Joined: Thu Mar 17, 2005 5:51 am
Location: London, UK

Re: How to do this login and fail message function?

Post by mattcooper »

Yes, SBro's first suggestion is the preferred way of achieving this if you want to avoid passing values around in the query string. Use functions though, or even better, create a Session class:

Code: Select all

 
class Session {
    function setFlash ($msg) {
        $_SESSION['flashMsg'] = $msg;
    }
 
    function flash () {
        echo $_SESSION['flashMsg'];
        unset ($_SESSION['flashMsg']);
    }
}
 
Use Session::setFlash('yourMessage') to set your login failure (or any other) message and then, after redirecting, use Session::flash() to output it. There you go :)
User avatar
morris520
Forum Commoner
Posts: 60
Joined: Thu Sep 18, 2008 8:56 pm
Location: Manchester UK

Re: How to do this login and fail message function?

Post by morris520 »

Sbro:

Why you encode the url? If parameter is in english it does not have to be encoded?

Something unlike in PHP forum, eg. I write

Code: Select all

header("location:../register3.php?foo=".urlencode("abc"));
And the url address becomes http://.../register3.php?foo=abc

Should the user see foo=%$@# things such as un-alphabeta words? Why they can see abc ?

Thanks
User avatar
morris520
Forum Commoner
Posts: 60
Joined: Thu Sep 18, 2008 8:56 pm
Location: Manchester UK

Re: How to do this login and fail message function?

Post by morris520 »

I am not sure I have done right

but I have

http://.../main.php?status=fail

I have used the method and main.php can receive the parameter.

How about the security? Is this safe if user can see the address?
Post Reply