[SOLVED] How do I remedy this?

[Scooby08]

I found a little login code snipplet online and was playing around with it a bit.. I'm adding an error detection array to it.. The error detection works perfectly. The problem I'm having is with matching the username and passwords from the database in the error if statements.. Here is the code:

 

<?php
// we must never forget to start the session
session_start();

include 'include/config.inc.php';

if (isset($_POST['txt_user_name']) && isset($_POST['txt_user_password'])) {
include 'include/database.inc.php';

// post form variables
$txt_user_name = $_POST['txt_user_name'];
$txt_user_password = $_POST['txt_user_password'];

// check if the user id and password combination exist in database
$query  = "SELECT user_name ";
$query .= "FROM dw_users ";
$query .= "WHERE user_name = '$txt_user_name' ";
$query .= "AND user_password = PASSWORD('$txt_user_password') ";		
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)) { 
	$user_name = $row['user_name'];
	$user_password = $row['user_password'];
}
if (mysql_num_rows($result) == 1) {
	// the user id and password match,
	// set the session
	$_SESSION['db_is_logged_in'] = true;

	// after login we move to the main page
	header('Location: '.SCRIPT_URL.'accounts.php');
	exit();
} else {
	//array & variable declaration
	$errorarray = array();	//used to store error messages

	//echo $user_name; // doesnt even echo the username from the database while loop above
	//$user_name = "admin"; // works if I just set it manually
	//$user_password = "admin";

	//validate your input 
	if ($_POST['txt_user_name'] != "" && $_POST['txt_user_name'] != $user_name) { // using post for same page and request for page to page.. Just testing
		$_SESSION['errorstate'] = 1;
		$errorarray[] = "ERROR: Invalid username!";
	} elseif ($_POST['txt_user_name'] == "") { 
		$_SESSION['errorstate'] = 1;
		$errorarray[] = "ERROR: The username field is empty!";
	} else {
		// display nothing if correct
	}
	if ($_POST['txt_user_password'] != "" && $_POST['txt_user_password'] != $user_password) {
		$_SESSION['errorstate'] = 1;
		$errorarray[] = "ERROR: Invalid password!";
	} elseif ($_POST['txt_user_password'] == "") {
		$_SESSION['errorstate'] = 1;
		$errorarray[] = "ERROR: The password field is empty!";
	} else {
		// display nothing if correct
	}

	//check for errors
	if ($_SESSION['errorstate'] == 1) { // if error
		$_SESSION['errormessage'] = $errorarray; //store the errorarray in a session
	}   
}
// Close databse connection
mysql_close();
}
?>

 

The query pulls out the info just fine, but I can't figure out why it won't let me use $user_name, and $user_password in the if statements..

 

[947740]

What do you mean, it will not let you use them?

[Scooby08]

This section doesnt read $user_name and $user_password.. Maybe because it's inside the if statement? Not sure, but I thought if I set $user_name = "admin"; at the top of the script, I would then be able to use it throughout..

 

<?php
//echo $user_name; // doesnt even echo the username from the database while loop above
	//$user_name = "admin"; // works if I just set it manually
	//$user_password = "admin";

	//validate your input 
	if ($_POST['txt_user_name'] != "" && $_POST['txt_user_name'] != $user_name) {
?>

[wildteen88]

The variables $user_name and $user_password will only be set if the query returned any results, How can PHP compare $_POST['txt_user_name'] to the $user_name variable if it  doesn't exit.

 

 

[Scooby08]

because when they fill out the form they get variables to compare..  Anyways, I think I got it good enough.. I just ran another query for the error if's and it seems to be working..