SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Same Error Message For Email Address

    Hi,

    I have a login script which compares a loginEmail and against an email in the database and logs the user in if they match (along with password).

    However I am struggling to return a message to say that the email address is not in the database. What Im struggling to understand is that message appears when I enter a correct email address and a valid email address.

    When I enter a correct email address but leave out the password it still displays the erorr message "Your email address is not registered."

    PHP Code:
              <?php
                  
    if(($loginEmail) != ($row['email'])) {
            
    $errors['falseemail1'] = "Your email address is not registered.";
        } 
        
    ?>    
               
              <?php if($errors['falseemail1']) print '<div class="invalid">' $errors['falseemail1'] . ''?>


    PHP Code:
     <?php
             
    if ($_SESSION['userLoggedIn'])
        
                
    session_start();
            
    $_SESSION['userLoggedIn'] = 0;
            
    $_SESSION['userEmail'] = '';
            
    $_SESSION['userID'] = '';
    $_SESSION['userfirstname'] = '';
    $_SESSION['usersurname'] = '';
    $accounty = ('Y'); 

       
            
    // Reset errors and success messages
            
    $errors = array();
            
    $success = array();

        
        
    // Login attempt
        
    if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
        {
            
    $loginEmail filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
            
    $loginPassword    trim($_POST['password']);

            
            if(
    count($errors) === 0)
            {
    $loginPassword md5($loginPassword);
    $query 'SELECT * FROM users WHERE email = "' mysql_real_escape_string($loginEmail) . '" AND password = "' $loginPassword '" AND accountconfirmed = "' $accounty '"LIMIT 1';
                
    $result mysql_query($query);
               
                
                if(
    mysql_num_rows($result) === 1)
                {
                    
    $row mysql_fetch_assoc($result);
                    
    $_SESSION['userLoggedIn'] = 1;
                    
    $_SESSION['userEmail'] = $loginEmail;
                    
    $_SESSION['userID'] = $row['id'];
                    
    $_SESSION['userfirstname'] = $row['firstname'];
                    
    $_SESSION['usersurname'] = $row['surname'];
                    
                    
    header('Location: /index1.php');
                    exit;
                } 
            }
        }
        
    /*
          The rest of your login page code
        */ 

      // Reset errors and success messages  
        
    $errors = array();  
        
    $success = array();  
        
    // Login attempt  
        
    if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){  
            
    $loginEmail trim($_POST['email']);  
            
    $loginPassword  trim($_POST['password']);  

        }  
          
          
              if(!isset(
    $loginEmail) || empty($loginEmail)) {   
            
    $errors['loginEmail'] = "Please enter your email address.";
        }      
          
        if(!isset(
    $loginPassword) || empty($loginPassword)) { 
            
    $errors['loginPassword'] = "Please enter your password.";
        }
        

        
    ?>
    Last edited by SpacePhoenix; Jan 1, 2013 at 18:34. Reason: swapped code tags for php tags around php code

  2. #2
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,014
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    session_start() needs to be before any code that might need to access the $_SESSION array, preferably it should be the very first line after the initial <?php

    PHP Code:
    if(($loginEmail) != ($row['email'])) { 
    echo the value for both of them to make sure they match up when you expect them to.

    You should consider migrating from the mysql_* extension over to either the mysqli_* extension or PDO and use prepared statements. The mysql_* extension is depreciated as of php version 5.5
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  3. #3
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Many thanks,

    This is for the login page so I dont have a session on this page. As soon as someone visits the page it kills the session. Should I keep the session code so that the login page doesn't kill a session?

    I have tried looking into PDO before. The first person who told me about it said it was just a different connection code but when I looked into it further it appears that much of the code is different. I spent alot of time trying to connect with PDO but couldn't get the connection code to work so I just carried on with PHP.

    Is there a basic PDO connection that I can use with PHP and then start using PDO fully once I am connecting.

    http://wiki.hashphp.org/PDO_Tutorial...SQL_Developers

  4. #4
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,014
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by justlukeyou View Post
    Many thanks,

    This is for the login page so I dont have a session on this page. As soon as someone visits the page it kills the session. Should I keep the session code so that the login page doesn't kill a session?

    I have tried looking into PDO before. The first person who told me about it said it was just a different connection code but when I looked into it further it appears that much of the code is different. I spent alot of time trying to connect with PDO but couldn't get the connection code to work so I just carried on with PHP.

    Is there a basic PDO connection that I can use with PHP and then start using PDO fully once I am connecting.

    http://wiki.hashphp.org/PDO_Tutorial...SQL_Developers
    Have a look at the mysqli_* extension, you might find it easier to work with
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  5. #5
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I have made a bit of progress. I can now query if the account has a Y (yes) in accountconfirmed column.

    Code:
    '" AND accountconfirmed = "' . $accounty .

    However this code runs whenever the page is visited. Is there a idiots guide to writing error messages?

    For me this should only be displayed when someone tries log into an account which does have Y in accountconfirmed.

    I can echo the Y from accounty but not the row but this comes after the query to attempt the log in.

    Code:
    	$accounty = ('Y'); 
    
        ?>   
    		  
    					 		  		  <?php
    			  if(($accounty) != ($row['accountconfirmed'])) {
            $errors['confirmedaccount'] = "Your account has not yet been confirmed.  Please request a confirmation email.";
        } 
        ?>    
    		   
    		  <?php if($errors['confirmedaccount']) print '<div class="invalid">' . $errors['confirmedaccount'] . ''; ?>


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •