Jump to content

Finishing Off Error Messages

justlukeyou

By justlukeyou
in PHP Coding Help

 Share

Recommended Posts

justlukeyou Advanced Member

justlukeyou

Posted
Posted

Hi,

 

I have a login page which I have added a number of error messages. However there is one set which I just cant get to work. The set at the bottom of the post provide the error message as soon as the page is visited.

 

I'm trying to check if the email address in the database, the password matches and if the character 'Y' is in the "accountconfirmed" column.

 

Can anyone advise how I can finish these error messages off or why the are displayed as soon as the page is viewed?

 

 

 


<?php
     if ($_SESSION['userLoggedIn'])

        session_start();
       $_SESSION['userLoggedIn'] = 0;
       $_SESSION['userEmail'] = '';
       $_SESSION['userID'] = '';
$_SESSION['userfirstname'] = '';
$_SESSION['usersurname'] = '';

       // Reset errors and success messages
       $errors = array();
       $success = array();

					  if(($password) ==($row['password'])) {
       $errors['incorrectpassword'] = "Your password is incorrect.";
   } 



        if($email != ($row['email'])) 
           $errors['incorrectpassword'] = 'Your passwords did not match.';  



   // Login attempt
   if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
   {
       $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
       $loginPassword    = trim($_POST['password']);

		$accounty = ('y'); 


       if(count($errors) === 0)
       {
$loginPassword = md5($loginPassword);
$query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = "' . $loginPassword . '" AND accountconfirmed = "' . $accounty . '"LIMIT 1';
           $result = mysql_query($query);
           if (!$result)
           {
               die('Invalid query: ' . mysql_error());
           }

           if(mysql_num_rows($result) === 1)
           {
               $row = mysql_fetch_assoc($result);
               $_SESSION['userLoggedIn'] = 1;
               $_SESSION['userEmail'] = $loginEmail;
               $_SESSION['userID'] = $row['id'];
               $_SESSION['userfirstname'] = $row['firstname'];
			$_SESSION['usersurname'] = $row['surname'];

               header('Location: /index1.php');
               exit;
           } else {
               $errors['login'] = 'No user was found with the details provided.1.';
           }
       }
   }
   /*
     The rest of your login page code
   */ 

 // Reset errors and success messages  
   $errors = array();  
   $success = array();  
   // Login attempt  
   if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){  
       $loginEmail = trim($_POST['email']);  
       $loginPassword  = trim($_POST['password']);  

   }  


  	if(!isset($loginEmail) || empty($loginEmail)) {   
       $errors['loginEmail'] = "Please enter your email.";
   }	  



if(!isset($loginPassword) || empty($loginPassword)) { 
       $errors['loginPassword'] = "Please enter your password.";
   }


$accounty = ('Y'); 


						  if(($email) != ($row['email'])) {
       $errors['incorrectemail'] = "Your email is incorrect.";
   } 

		  if(($accounty) != ($row['accountconfirmed'])) {
       $errors['confirmedaccount'] = "Your account has not yet been confirmed.  Please request a confirmation email.";
   } 

  	 if(($password) != ($row['password'])) {
       $errors['incorrectpassword'] = "Your password is incorrect.";
   } 

   ?>    

	  <?php if($errors['incorrectemail']) print '<div class="invalid">' . $errors['incorrectemail'] . ''; ?>	
	  <?php if($errors['confirmedaccount']) print '<div class="invalid">' . $errors['confirmedaccount'] . ''; ?>   
	  <?php if($errors['incorrectpassword']) print '<div class="invalid">' . $errors['incorrectpassword'] . ''; ?>

 

 

 

 

$accounty = ('Y'); 


						  if(($email) != ($row['email'])) {
       $errors['incorrectemail'] = "Your email is incorrect.";
   } 

		  if(($accounty) != ($row['accountconfirmed'])) {
       $errors['confirmedaccount'] = "Your account has not yet been confirmed.  Please request a confirmation email.";
   } 

  	 if(($password) != ($row['password'])) {
       $errors['incorrectpassword'] = "Your password is incorrect.";
   } 

   ?>    

	  <?php if($errors['incorrectemail']) print '<div class="invalid">' . $errors['incorrectemail'] . ''; ?>	
	  <?php if($errors['confirmedaccount']) print '<div class="invalid">' . $errors['confirmedaccount'] . ''; ?>   
	  <?php if($errors['incorrectpassword']) print '<div class="invalid">' . $errors['incorrectpassword'] . ''; ?>

 

Link to comment
https://forums.phpfreaks.com/topic/273292-finishing-off-error-messages/
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

Hmmm...I moved the error messages beneath form so they now only run when the button is pressed however the codes are not comparing the values against the database.

 

When I enter an email address which is in the database it still returned the message that the email address is incorrect.

 

Do I need to have a session started to compare an input against the table?

 


			  if(($loginEmail) != ($row['email'])) {
       $errors['incorrectemail'] = "Your email address is incorrect.";
   }

justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

hi,

 

Can anyone advise please how I can compare a form input with what is in a database and return a message. Am I doing it in the correct process?

 

                           if(($loginEmail) != ($row['email'])) {
               $errors['incorrectemail'] = "Your email address is incorrect.";
       }

justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

Thanks mate,

 

I have tried using this but it creates an "mysqli_real_escape_string() expects parameter 1 to be mysqli" error.

 

I'm not totally what process it is taking. Is it designed to count the number of rows of the $email column?

 

<?php
$emailrow = mysqli_query($mysqli, "SELECT * FROM users WHERE email = '" . mysqli_real_escape_string($mysqli, $loginEmail) . "'");
$row = mysqli_num_rows($emailrow);

if ($row != 0)
{
echo "Email taken";
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.