Page 1 of 1

How to do this login and fail message function?

Posted: Thu Oct 09, 2008 5:29 pm
by morris520
Hi

Can someone give me a hand on my coding?

Tasks: I have 2 login pages. main.php is the input window, then it post to check.php which checks whether login is successful and it is invisible to users! If login is ok, then redirects user to further page otherwise I want to redirect user to the main.php. But then I want to print a message "Login fails on main.php". How can I do this?

Here are some code:

Code: Select all

 
<?php
 
include '../conn.php';
 
ob_start();
 
// Connect to server and select databse.
$connect = mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect"); 
 
// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 
 
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
 
$sql="SELECT * FROM customer WHERE username='$myusername' and password='$mypassword'";
$result=mysql_db_query($dbname, $sql, $connect);
 
 
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
 
if($count==1){
 
    while($row = mysql_fetch_array($result, MYSQL_ASSOC))
    {
        $id = $row[id];
    }
 
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("id");
    session_register("myusername");
    session_register("mypassword"); 
 
    header("location:../table.php");
}
else {
    header("location:../main.php");
}
 
ob_end_flush();
?>
 

Re: How to do this login and fail message function?

Posted: Thu Oct 09, 2008 6:15 pm
by SBro
This could be done many ways:
  • Set a session variable (before you redirect back to main.php) with the message, then get that message from the session in main.php (presumably clearing it afterwards so it doesn't print everytime you load main.php).
  • Pass the message as a parameter on the end of the redirect i.e.

    Code: Select all

    header('Location:../main.php?msg=' . urlencode('Login fails on main.php'));
  • Pass a message code on the end of the redirect i.e.

    Code: Select all

    header('Location:../main.php?msgCode=1');
    Then get that message code in main.php and do what you want with it, i.e. if it's "1" you might display "Login failed, incorrect username", if it's "2" you might display "Login failed, incorrect password" or something similar.

Re: How to do this login and fail message function?

Posted: Fri Oct 10, 2008 3:57 am
by mattcooper
Yes, SBro's first suggestion is the preferred way of achieving this if you want to avoid passing values around in the query string. Use functions though, or even better, create a Session class:

Code: Select all

 
class Session {
    function setFlash ($msg) {
        $_SESSION['flashMsg'] = $msg;
    }
 
    function flash () {
        echo $_SESSION['flashMsg'];
        unset ($_SESSION['flashMsg']);
    }
}
 
Use Session::setFlash('yourMessage') to set your login failure (or any other) message and then, after redirecting, use Session::flash() to output it. There you go :)

Re: How to do this login and fail message function?

Posted: Fri Oct 10, 2008 4:53 pm
by morris520
Sbro:

Why you encode the url? If parameter is in english it does not have to be encoded?

Something unlike in PHP forum, eg. I write

Code: Select all

header("location:../register3.php?foo=".urlencode("abc"));
And the url address becomes http://.../register3.php?foo=abc

Should the user see foo=%$@# things such as un-alphabeta words? Why they can see abc ?

Thanks

Re: How to do this login and fail message function?

Posted: Fri Oct 10, 2008 5:07 pm
by morris520
I am not sure I have done right

but I have

http://.../main.php?status=fail

I have used the method and main.php can receive the parameter.

How about the security? Is this safe if user can see the address?