justlukeyou Posted January 17, 2013 Share Posted January 17, 2013 Hi, I have a login page which I have added a number of error messages. However there is one set which I just cant get to work. The set at the bottom of the post provide the error message as soon as the page is visited. I'm trying to check if the email address in the database, the password matches and if the character 'Y' is in the "accountconfirmed" column. Can anyone advise how I can finish these error messages off or why the are displayed as soon as the page is viewed? <?php if ($_SESSION['userLoggedIn']) session_start(); $_SESSION['userLoggedIn'] = 0; $_SESSION['userEmail'] = ''; $_SESSION['userID'] = ''; $_SESSION['userfirstname'] = ''; $_SESSION['usersurname'] = ''; // Reset errors and success messages $errors = array(); $success = array(); if(($password) ==($row['password'])) { $errors['incorrectpassword'] = "Your password is incorrect."; } if($email != ($row['email'])) $errors['incorrectpassword'] = 'Your passwords did not match.'; // Login attempt if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true') { $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL); $loginPassword = trim($_POST['password']); $accounty = ('y'); if(count($errors) === 0) { $loginPassword = md5($loginPassword); $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = "' . $loginPassword . '" AND accountconfirmed = "' . $accounty . '"LIMIT 1'; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); } if(mysql_num_rows($result) === 1) { $row = mysql_fetch_assoc($result); $_SESSION['userLoggedIn'] = 1; $_SESSION['userEmail'] = $loginEmail; $_SESSION['userID'] = $row['id']; $_SESSION['userfirstname'] = $row['firstname']; $_SESSION['usersurname'] = $row['surname']; header('Location: /index1.php'); exit; } else { $errors['login'] = 'No user was found with the details provided.1.'; } } } /* The rest of your login page code */ // Reset errors and success messages $errors = array(); $success = array(); // Login attempt if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){ $loginEmail = trim($_POST['email']); $loginPassword = trim($_POST['password']); } if(!isset($loginEmail) || empty($loginEmail)) { $errors['loginEmail'] = "Please enter your email."; } if(!isset($loginPassword) || empty($loginPassword)) { $errors['loginPassword'] = "Please enter your password."; } $accounty = ('Y'); if(($email) != ($row['email'])) { $errors['incorrectemail'] = "Your email is incorrect."; } if(($accounty) != ($row['accountconfirmed'])) { $errors['confirmedaccount'] = "Your account has not yet been confirmed. Please request a confirmation email."; } if(($password) != ($row['password'])) { $errors['incorrectpassword'] = "Your password is incorrect."; } ?> <?php if($errors['incorrectemail']) print '<div class="invalid">' . $errors['incorrectemail'] . ''; ?> <?php if($errors['confirmedaccount']) print '<div class="invalid">' . $errors['confirmedaccount'] . ''; ?> <?php if($errors['incorrectpassword']) print '<div class="invalid">' . $errors['incorrectpassword'] . ''; ?> $accounty = ('Y'); if(($email) != ($row['email'])) { $errors['incorrectemail'] = "Your email is incorrect."; } if(($accounty) != ($row['accountconfirmed'])) { $errors['confirmedaccount'] = "Your account has not yet been confirmed. Please request a confirmation email."; } if(($password) != ($row['password'])) { $errors['incorrectpassword'] = "Your password is incorrect."; } ?> <?php if($errors['incorrectemail']) print '<div class="invalid">' . $errors['incorrectemail'] . ''; ?> <?php if($errors['confirmedaccount']) print '<div class="invalid">' . $errors['confirmedaccount'] . ''; ?> <?php if($errors['incorrectpassword']) print '<div class="invalid">' . $errors['incorrectpassword'] . ''; ?> Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted January 17, 2013 Author Share Posted January 17, 2013 Blast, is it just because the error message should be below the form? Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted January 17, 2013 Author Share Posted January 17, 2013 Hmmm...I moved the error messages beneath form so they now only run when the button is pressed however the codes are not comparing the values against the database. When I enter an email address which is in the database it still returned the message that the email address is incorrect. Do I need to have a session started to compare an input against the table? if(($loginEmail) != ($row['email'])) { $errors['incorrectemail'] = "Your email address is incorrect."; } Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted January 18, 2013 Author Share Posted January 18, 2013 hi, Can anyone advise please how I can compare a form input with what is in a database and return a message. Am I doing it in the correct process? if(($loginEmail) != ($row['email'])) { $errors['incorrectemail'] = "Your email address is incorrect."; } Quote Link to comment Share on other sites More sharing options...
devilsvein Posted January 18, 2013 Share Posted January 18, 2013 $emailrow = mysqli_query($mysqli, "SELECT * FROM TABLE WHERE email = '" . mysqli_real_escape_string($mysqli, $loginemail) . "'");$row = mysqli_num_rows($emailrow); if ($row != 0){echo "Email taken";}[/php Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted January 26, 2013 Author Share Posted January 26, 2013 Thanks mate, I have tried using this but it creates an "mysqli_real_escape_string() expects parameter 1 to be mysqli" error. I'm not totally what process it is taking. Is it designed to count the number of rows of the $email column? <?php $emailrow = mysqli_query($mysqli, "SELECT * FROM users WHERE email = '" . mysqli_real_escape_string($mysqli, $loginEmail) . "'"); $row = mysqli_num_rows($emailrow); if ($row != 0) { echo "Email taken"; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.