Jump to content

Handling errors and invalid login

matleeds

By matleeds
in PHP Coding Help

Recommended Posts

matleeds Member

matleeds

Posted
Posted

Hi,

 

I've inherited some html/php code (lucky me) and it's been years since i've played with it so I'm quite rusty.

 

Anyway, I have a fairly bog standard login process and wish to simply display some text on the login page if the login detail is invalid and possibly

log the error to a log file too.

 

here's the index.php file...the login stuff is at the bottom

 


<?php 
$dir = dirname(__FILE__);

require_once "$dir/ot/ot.php";

ot::include_view('header', array('account' => null))
?>

<html>
<head>
<title>Welcome to ....</title>
</head>

<body style="font-size: 14pt; font-family=verdana;">
<div><img src="OTLogo1.bmp"/><h1> Welcome to ...</h1> </div>
<?php if (!empty($account)): ?>
    <div style="border-bottom: 1px dotted #AAA; padding-bottom: 2px; margin-bottom: 10px;">
        <div style="float: left">
            <?php
                $mtime = (int)@file_get_contents(otDB_DIR."/updated");
                $date = date("d/m/Y", $mtime);
                $time = date("G:i", $mtime);
                if ($mtime > 0) {
                    echo "Last Updated $date at $time";
                }
            ?>
        </div>
    	<div style="float: right">Welcome, <?php echo $account->email;?> - <a href="?page=home">Home</a> - <?php ot::include_view('logout_link')?></div>		
        <div style="clear: both"></div>
    </div>
        <?php
            if (ot::is_admin()) {
                ot::include_view('admin_page');
            } else {
                ot::include_view('user_page');
            }
        ?>
<?php else: ?>
    <p>Please login below.</p>
<?php ot::include_view('login_form')?>
<?php endif; ?>

</body>
</html>

 

here's login_form.php

 

<form action='<?php echo $_SERVER['REQUEST_URI']?>' method='post' >
<fieldset>
<legend>Login</legend>
<p>Email:<br/><input type='text' name='email' /></p>
<p>Password:<br/><input type='password' name='pwd' /></p> 
<!-- <p><input type='submit' name='do_login' value='Login' /> <input type='submit' name='do_reset_password' value='Reset Password' /></p> -->
<p><input type='submit' name='do_login' value='Login'/> </p> 
</fieldset>
</form>

 

and here's the function do_login (contained in ot.php..a php function file)

 


public static function do_login(&$err="")
{
	$adb = ot::db('account');
	$e = self::post('email');
	$p = self::post('pwd', '', false);
	if (self::post('do_login') && $e && $p) {
		$ao = self::account_from('email', $e);
		if ($ao) {
			if (self::validate_login($e, $p, $ao)) {
				$_SESSION['id'] = $ao->id;
				return $ao;
				}
		}
		$err = "Invalid email or password";			
		return false;
	}
}

 

I'm unclear if the do_login fails as to how that ($err) is fed back to the web pages.

 

Any assistance would be greatly appreciated.

Link to comment
https://forums.phpfreaks.com/topic/251630-handling-errors-and-invalid-login/
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

Use the function like

$message = null;
$success = ot::do_login($message);

If $success then all's good and if !$success then $message will contain the error message (which, as it stands now, will always be "Invalid email or password").

 

The &$err in the do_login declaration means that $err is passed by-reference. If you give the function a variable (has to be a variable) then do_login can modify it. If $err was passed by-value (ie, just $err) then do_login would only be modifying its copy of the variable - not the original one you passed in.

matleeds Member

matleeds

Posted
  • Author
Posted

Hi there,

 

I follow the logic in what your says but I'm unsure where I'd put that code?

 

In index.php, somewhere round

<?php else: ?>    
<p>Please login below.</p>	
<?php ot::include_view('login_form')?>
<?php endif; ?>

 

or the login_form.php

<p><input type='submit' name='do_login' value='Login'/> </p>

matleeds Member

matleeds

Posted
  • Author
Posted

the function do_login() is taken from the form <input> tag

 

<p><input type='submit' name='do_login' value='Login'/> </p>

 

and the file ot.php which holds it is included in index.php (see the top part of that code) which is called on the form submit, the $_server['request_uri'] equating to index.php

 

<form action='<?php echo $_SERVER['REQUEST_URI']?>' method='post' >

 

as i mentioned, i inherited this code, so the previous coder was either very good at php or has created a spagatti monster ( coder's rule no. 3 - blame the previous coder where ever possible ;)

 

so, i'm still stumped.

requinix Prolific Member

requinix

Posted
Posted

Unless you're telling me that submit button's name determines which function gets called, that button is completely separate from the code.

 

Some PHP code is calling the do_login() function. That's what needs to change.

matleeds Member

matleeds

Posted
  • Author
Posted

I've got it sorted thanks.

 

In the do_login fucntion I've add a 'error' variable to the SESSION and pick up on this when the focus returns to the index/form.

 

In short, I've learned that using the SESSION to handle messages fed back to the user/web pages is good practice.

 

thanks fo ryou help tho.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.