Jump to content

[SOLVED] php login script error message

SN1P3R_85

By SN1P3R_85
in PHP Coding Help

 Share

Recommended Posts

SN1P3R_85 Member

SN1P3R_85

Posted
Posted

I made a basic login php script. The script works fine except for one small error. I made it so if the either the username or password input boxes are empty when the form is posted, it will set a SESSION called response. Then it redirects back to the page that they logged in on, and prints the $_SESSION['response']. The problem im having is that I use the response session for all my errors, and when the username or password does not exist in the database, it sets the response. This second error is overriding the first, so even if the username or password length = 0, then it will still set the second error value. If i comment out the second error, it will display the first one. Oh, i and know an easy way to fix this would be to just add someone to the mysql table named username: "" password: "" but i want to find out what's really wrong with it. Here is the code:

 

<?php

session_start();

include( 'SQL_PASS.inc' );

 

$url = $_SESSION['lastpage']; //variables are last page person was on, username, and password, respectively

$username = $_POST['username'];

$password = $_POST['password'];

 

$username = mysql_real_escape_string($username); //protecting from mysql injection hackers!!!

$password = mysql_real_escape_string($password);

 

if (strlen($username)<=1 || strlen($password)<=1) //checking to see if username or password are unset

{

$_SESSION['response'] = 'please fill all the fields'; //setting error msg, and redirecting to lastpage

    header("Location: $url");

}

elseif (!$con)

{

die('Could not connect to database: ' . mysql_error()); //if cannot connect, kills program and displays msg

}

elseif (!$db_select)

{

die('Could not select database: ' . mysql_error()); //if cannot select db, kills program and displays msg

}

 

$query = "SELECT * FROM `users` WHERE Username='$username' AND Password='$password'"; //making a query with username and password

$result = mysql_query($query);

 

if (!$result)

{

die('Could not run query: ' . mysql_error());

}

elseif (mysql_num_rows($result)==0) //if username or password do not exist, then sets error msg, and redirects to last page

{

$_SESSION['response'] = 'Name or password is wrong, please try again';

header("Location: $url");

}

 

while ($row = mysql_fetch_array($result)) //sets user info

{

$_SESSION['username'] = $row['Username'];

$_SESSION['userlevel'] = $row['Userlevel'];

$_SESSION['uservalid'] = true;

}

mysql_free_result($lgn_result); //free result because table is large and takes alot of memory

header("Location: $url"); //redirect to last page

 

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.