Jump to content

Login Help!

tebrown

By tebrown
in PHP Coding Help

 Share

Recommended Posts

tebrown Member

tebrown

Posted
Posted

Hey Guys,

 

Im trying to work on my login script after successfully doing my register script.

 

The problem im having trouble is that when i login with false details, it still prompts me with 'You have logged in".

 

Also if the user is not activated it should say "Account has not been activated."

 

Could someone help me out. Thanks.

 

<?php include"database.php";?>

<html>
<head>
<title>Login</title>
</head>
<body>

<h1>Manager Login</h1>

<form action="login.php" method="post">
<TABLE BORDER="0">
  <TR>
    <TD>Email:</TD>
    <TD> 
    <input type="text" name="email" size="20">
</TD>
  </TR>
  <TR>	
  <TD>Password:</TD>
  <TD><INPUT TYPE="password" NAME="password" SIZE="20"></TD>
</TR>
</table>
<P>
<input type="submit" name="login" value="Login" />
</form> 

<?php

	session_start(); 

	if (isset($_POST['login'])) {

		if (empty($_POST['email']) || empty($_POST['password'])) {
		                $errors[] = "Please fill out all fields.";
		                }

    
						$email = $_POST['email'];
					    $password = $_POST['password'];
					    $level = 'level';

		$check = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."'");
	    if (mysql_num_rows($check)>=1) {
		$errors[] =  "Wrong Details. Try Again.";
					         }

		$check = mysql_query("SELECT * FROM users WHERE level='".$level."'");
		if (mysql_num_rows($check)>=1) {
				if ($level == '0') {
		$errors[] =  "Account has not been activated.";
						     }}

          if (empty($errors)) {

	echo "You have logged in!";

	} else {
                         
         foreach($errors as $nErrors){
         echo $nErrors . "<br>";
                         }
                     }
                 }

?>

Link to comment
https://forums.phpfreaks.com/topic/259523-login-help/
Share on other sites
dragon_sa Member

dragon_sa

Posted
Posted

session_start(); and form processing should be at the top of the page.

$check = mysql_query("SELECT * FROM users WHERE level='".$level."'");

This code only checks if any user in the database has a level=level, it should be restricted by the email as well.

 

Link to comment
https://forums.phpfreaks.com/topic/259523-login-help/#findComment-1330348
Share on other sites
merylvingien Regular Member

merylvingien

Posted
Posted 

<?php

	session_start(); 

	if (isset($_POST['login'])) {

		if (empty($_POST['email']) || empty($_POST['password'])) {
		                $errors[] = "Please fill out all fields.";
		                }

    
						$email = $_POST['email'];
					    $password = $_POST['password'];
					    $level = 'level';

		$check = mysql_query("SELECT * FROM users WHERE email='".$email."' AND password='".$password."'");
	    if (mysql_num_rows($check)>=1) {
		$errors[] =  "Wrong Details. Try Again.";
					         }

		$check = mysql_query("SELECT * FROM users WHERE level='".$level."'");
		if (mysql_num_rows($check)>=1) {
				if ($level == '0') {
		$errors[] =  "Account has not been activated.";
						     }}

          if (empty($errors)) {

	echo "You have logged in!";

	} else {
                         
         foreach($errors as $nErrors){
         echo $nErrors . "<br>";
                         }
                     }
                 }

?>

That bit, put above the rest for starters.

 

Whats $level? and how do you check if someone loggin in has a "level" of ?

 

At the moment, your code sets $level to "level"

 

$level = 'level';

 

 

Link to comment
https://forums.phpfreaks.com/topic/259523-login-help/#findComment-1330364
Share on other sites
tebrown Member

tebrown

Posted
  • Author
Posted

Ok i've given it another go. Although this code below still doesn't work properly. When i log in and enter a correct email and password, it still shows "You have successfully logged in", it should be saying the error message: "You have not been activated yet!". I must be nearly there....

 

<?php

session_start(); 
include"database.php";

?>

<html>
<head>
<title>Login</title>
</head>
<body>

<h1>Manager Login</h1>

<form action="login.php" method="post">
<TABLE BORDER="0">
  <TR>
    <TD>Email:</TD>
    <TD> 
    <input type="text" name="email" size="20">
   </TD>
  </TR>
  <TR>   
  <TD>Password:</TD>
  <TD><INPUT TYPE="password" NAME="password" SIZE="20"></TD>
</TR>
</table>
<P>
<input type="submit" name="login" value="Login" />
</form> 

<?php

if (isset($_POST['login'])) {
   
if (empty($_POST['email']) || empty($_POST['password'])) {
echo "Please fill out all fields.";
}


else {

$email=mysql_real_escape_string($_POST['email']);
$password=mysql_real_escape_string($_POST['password']);

$sql="SELECT * FROM users WHERE email='$email' and password='".md5($password)."'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if ($count['level'] == '0'){
    echo "You have not been activated yet!";
} 

if($count==1){
  //session_register("email");
  //session_register("password");
  echo "You have successfully logged in!";
}

else {
  echo "Wrong Email or Password";
}



}
}

?>     

Link to comment
https://forums.phpfreaks.com/topic/259523-login-help/#findComment-1330377
Share on other sites
Drummin Member

Drummin

Posted
Posted

Something more like this.  Not tested, but should be closer.

<?php
session_start(); 
include"database.php";
if (isset($_POST['login'])) {
   
if (empty($_POST['email']) || empty($_POST['password'])) {
$message="Please fill out all fields.";
}else{
$email=mysql_real_escape_string($_POST['email']);
$password=mysql_real_escape_string($_POST['password']);

$sql="SELECT id FROM users WHERE email='$email' and password='".md5($password)."'";
$result=mysql_query($sql);
	if (mysql_num_rows($result)){
	$row = mysql_fetch_row($result);
	$_SESSION['user_id']=$row[0];
	$message="You have successfully logged in!";
	}else{
	$message="Wrong Email or Password!";
	}
} 
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>

<h1>Manager Login</h1>
<?php if (isset($message)){echo "$message";}?>  
<form action="login.php" method="post">
<table border="0">
	<tr>
		<td>Email:</td>
		<td><input type="text" name="email" size="20" /></td>
	</tr>
	<tr>   
		<td>Password:</td>
		<td><input type="password" name="password" size="20"></td>
	</tr>
	<tr>   
		<td colspan="2"><input type="submit" name="login" value="Login" /></td>
	</tr>
</table>
</form> 
</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/259523-login-help/#findComment-1330385
Share on other sites
Drummin Member

Drummin

Posted
Posted

Just modify query as needed.

 

$sql="SELECT id,level,firstname FROM users WHERE email='$email' and password='".md5($password)."'";

$result=mysql_query($sql);

if (mysql_num_rows($result)){

$row = mysql_fetch_row($result);

$_SESSION['user_id']=$row[0];

$_SESSION['user_level']=$row[1];

$_SESSION['user_first']=$row[2];

$message="You have successfully logged in!";

}else{

$message="Wrong Email or Password!";

}

}

}

?>

Link to comment
https://forums.phpfreaks.com/topic/259523-login-help/#findComment-1330388
Share on other sites
Drummin Member

Drummin

Posted
Posted

You didn't indicate in your code what defines that.  I would assume it is the level.  Then adding an IF statement to check level within the result loop.

 

<?php
session_start(); 
include"database.php";
if (isset($_POST['login'])) {
   
if (empty($_POST['email']) || empty($_POST['password'])) {
$message="Please fill out all fields.";
}else{
$email=mysql_real_escape_string($_POST['email']);
$password=mysql_real_escape_string($_POST['password']);

$sql="SELECT id,level,firstname FROM users WHERE email='$email' and password='".md5($password)."'";
   $result=mysql_query($sql);
      if (mysql_num_rows($result)){
      $row = mysql_fetch_row($result);
	  if ($row[1]=="good Level"){
      $_SESSION['user_id']=$row[0];
      $_SESSION['user_level']=$row[1];
      $_SESSION['user_first']=$row[2];
      $message="You have successfully logged in!";
	  }else{
	  $message="You are not activated yet";
	  }
      }else{
      $message="Wrong Email or Password!";
      }
   }
}
?>

 

Not sure I have that all bracketed up right as I'm just adding things without testing anything.

Link to comment
https://forums.phpfreaks.com/topic/259523-login-help/#findComment-1330391
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.