SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Finishing Off Error Messages

    Hi,

    I have a login page which I have added a number of error messages. However there is one set which I just cant get to work. The set at the bottom of the post provide when the button is pressed however they do not compare the what is being entered against what is in the database.

    I'm trying to check if the email address in the database, the password matches and if the character 'Y' is in the "accountconfirmed" column.

    Can anyone advise how I can finish these error messages off or why the are displayed as soon as the page is viewed?

    Code:
     <?php
                     if ($_SESSION['userLoggedIn'])
    
                            session_start();
                    $_SESSION['userLoggedIn'] = 0;
                    $_SESSION['userEmail'] = '';
                    $_SESSION['userID'] = '';
    $_SESSION['userfirstname'] = '';
    $_SESSION['usersurname'] = '';
    
                    // Reset errors and success messages
                    $errors = array();
                    $success = array();
    
                                                      if(($password) ==($row['password'])) {
                    $errors['incorrectpassword'] = "Your password is incorrect.";
            } 
                    
            
            
                            if($email != ($row['email'])) 
                            $errors['incorrectpassword'] = 'Your passwords did not match.';  
            
                    
    
            // Login attempt
            if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
            {
                    $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
                    $loginPassword  = trim($_POST['password']);
    
                            $accounty = ('y'); 
    
                    
                    if(count($errors) === 0)
                    {
    $loginPassword = md5($loginPassword);
    $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = "' . $loginPassword . '" AND accountconfirmed = "' . $accounty . '"LIMIT 1';
                            $result = mysql_query($query);
                            if (!$result)
                            {
                                    die('Invalid query: ' . mysql_error());
                            }
    
                            if(mysql_num_rows($result) === 1)
                            {
                                    $row = mysql_fetch_assoc($result);
                                    $_SESSION['userLoggedIn'] = 1;
                                    $_SESSION['userEmail'] = $loginEmail;
                                    $_SESSION['userID'] = $row['id'];
                                    $_SESSION['userfirstname'] = $row['firstname'];
                                    $_SESSION['usersurname'] = $row['surname'];
                                    
                                    header('Location: /index1.php');
                                    exit;
                            } else {
                                    $errors['login'] = 'No user was found with the details provided.1.';
                            }
                    }
            }
            /*
              The rest of your login page code
            */ 
    
      // Reset errors and success messages  
            $errors = array();  
            $success = array();  
            // Login attempt  
            if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){  
                    $loginEmail = trim($_POST['email']);  
                    $loginPassword  = trim($_POST['password']);  
    
            }  
    
              
                    if(!isset($loginEmail) || empty($loginEmail)) {   
                    $errors['loginEmail'] = "Please enter your email.";
            }         
              
              
             
            if(!isset($loginPassword) || empty($loginPassword)) { 
                    $errors['loginPassword'] = "Please enter your password.";
            }




    Code:
    $accounty = ('Y'); 
    
    
                                                              if(($email) != ($row['email'])) {
                    $errors['incorrectemail'] = "Your email is incorrect.";
            } 
    
                              if(($accounty) != ($row['accountconfirmed'])) {
                    $errors['confirmedaccount'] = "Your account has not yet been confirmed.  Please request a confirmation email.";
            } 
            
                     if(($password) != ($row['password'])) {
                    $errors['incorrectpassword'] = "Your password is incorrect.";
            } 
            
            ?>      
    
                      <?php if($errors['incorrectemail']) print '<div class="invalid">' . $errors['incorrectemail'] . ''; ?>        
                      <?php if($errors['confirmedaccount']) print '<div class="invalid">' . $errors['confirmedaccount'] . ''; ?>   
                      <?php if($errors['incorrectpassword']) print '<div class="invalid">' . $errors['incorrectpassword'] . ''; ?>

  2. #2
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,501
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Not an answer to your question, but something I don't quite understand:
    PHP Code:
    if ($_SESSION['userLoggedIn'])
                            
    session_start();
    $_SESSION['userLoggedIn'] = 0
    $_SESSION['userLoggedIn'] will never be set at that moment, because first you have to session_start(). Do that always, without a condition.

    And then immediately after you set $_SESSION['userLoggedIn'] to 0. Why? Someone that is already logged in has to log in every time again?

  3. #3
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    This is the login page so I am not creating or continuing a session. Do I need to be doing this?

  4. #4
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    session_start is somewhat misnamed. It essentially does this (in pseudocode):

    function session_start() {
    if(isset($_SESSION['PHPSESSID']() { //If a session already exists
    set_session_timeout($now + $sessionTimeoutLength); //Extend the session until the new timeout.
    } else {
    create_new_session($sessionTimeoutLength); //Create a new session.
    }
    }

    You can put things in a $_SESSION array, but that array will be lost between pageloads, because you havent defined a session to be started.

    Consider it this way; What the lines that guido has pointed out says is equivilant to:
    If the user has bought an apple, sell him an apple. If not, he cant buy an apple.

    You will never sell a user an apple, because they can never get to the point that you will sell them an apple.

    The general rule of thumb is; if you're going to be using sessions anywhere in your site, you should be 'starting' a session for every user, logged in or not, on every page.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  5. #5
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I have this in connection code on each page.

    ob_start(); session_start();

    When I log in the pages that I want people to be loggin in remain logged in. Im not totally sure what the issue is?

    Does this affect the error messages?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •