Web Analytics Made Easy -
StatCounter Login Script Code - CodingForum

Announcement

Collapse
No announcement yet.

Login Script Code

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Login Script Code

    Hi All

    I am a relative newbie to PHP and I am having issues with the below login script. I can get it to log me in correct no problems and validates the data correctly but what I want it to do is when the login fails I want it to return me to the index.php page and return a specific line of text along the lines of "username or password were incorrect please try again".
    I can get it to return to the PHP page an d return an error but for some unknown reason to me it displays the error on the registration page.

    BTW I have the returning to a page with error message if some fields are blank working for the registration page so not sure what i need to alter to get the same happening for a failed login

    Any help you can give would be greatly appreciated:

    Regards
    Tommy

    Below is my code for executing the login

    PHP Code:
    <?php
        
    //Start session
        
    session_start();
        
        
    //Include database connection details
        
    require_once('config.php');
        
        
    //Array to store validation errors
        
    $errmsg_arr = array();
        
        
    //Validation error flag
        
    $errflag false;
        
        
    //Connect to mysql server
        
    $link mysql_connect(DB_HOSTDB_USERDB_PASSWORD);
        if(!
    $link) {
            die(
    'Failed to connect to server: ' mysql_error());
        }
        
        
    //Select database
        
    $db mysql_select_db(DB_DATABASE);
        if(!
    $db) {
            die(
    "Unable to select database");
        }
        
        
    //Function to sanitize values received from the form. Prevents SQL injection
        
    function clean($str) {
            
    $str = @trim($str);
            if(
    get_magic_quotes_gpc()) {
                
    $str stripslashes($str);
            }
            return 
    mysql_real_escape_string($str);
        }
        
        
    //Sanitize the POST values
        
    $login clean($_POST['login']);
        
    $password clean($_POST['password']);
        
        
    //Input Validations
        
    if($login == '') {
            
    $errmsg_arr[] = 'Login ID missing';
            
    $errflag true;
        }
        if(
    $password == '') {
            
    $errmsg_arr[] = 'Password missing';
            
    $errflag true;
        }
        
        
    //Create query
        
    $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
        
    $result=mysql_query($qry);
        
        
    //Check whether the query was successful or not
        
    if($result) {
            if(
    mysql_num_rows($result) == 1) {
                
    //Login Successful
                
    session_regenerate_id();
                
    $member mysql_fetch_assoc($result);
                
    $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
                
    $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
                
    $_SESSION['SESS_EMAIL'] = $member['email'];
                
    session_write_close();
                
    header("location: ../products.php");
                exit();
            }else {
          
    //Login failed
                //header("location: login-failed.php");
                
    $errmsg_arr[] = 'username or password were incorrect please try again';
              
    $errflag true;
            }
        }else {
            die(
    "Query failed");
        }
        
      
    //If there are input validations, redirect back to the login form
        
    if($errflag) {
            
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            
    session_write_close();
            
    header("location: ../index.php");
            exit();
        }
    ?>

  • #2
    I can get it to return to the PHP page an d return an error but for some unknown reason to me it displays the error on the registration page.
    Which error?
    Try it like
    PHP Code:
    echo $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
        
    $result=mysql_query($qry) or die(mysql_error()); 
    and copy the generated query string from browser output and then try to execute it via mysql console or phpmyadmin
    Last edited by abduraooft; Apr 4, 2009, 07:49 AM.
    Digitalocean Cloud Hosting (Referral link - get $10 free credit) Fameco

    Comment


    • #3
      Looks like you are getting redirected when the login fails and not getting the error message.

      In that case you can pass some thing like

      header("location: ../index.php?err=1");

      and in the index.php if $_GET['err'] == 1 // Display the Error message.

      If you are not getting redirected use the

      ob_start() method at the start of the page.

      Hope this helps
      Dedicated Servers - [email protected] - 1-888-869-HOST(4678)
      Award winning Managed Hosting - Dedicated Server Hosting
      Managed Dedicated Servers. Reseller Discounts. 24/7 Impressive Tech Support.

      Comment


      • #4
        Hi All

        Thanks for the help your posts above got me thinking about how I am handling the error in the index.php and turns out that I forgot to start the session and also hadn't been reading the arguments passed to it correctly

        so now I have this code in the index.php to handle any arguments passed to it from the login script. I hope that this might be of use to somebody one day if they are having a similar issue.

        PHP Code:
        <?php
            
        if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >) {
                echo 
        '<ul class="err">';
                foreach(
        $_SESSION['ERRMSG_ARR'] as $msg) {
                    echo 
        '<li>',$msg,'</li>'
                }
                echo 
        '</ul>';
                unset(
        $_SESSION['ERRMSG_ARR']);
            }
        ?>

        Comment

        Working...
        X