Jump to content

showForm() messages not displaying

hugoriffic

By hugoriffic
in PHP Coding Help

 Share

Recommended Posts

hugoriffic Newbie

hugoriffic

Posted
Posted

I wrote a very simple log in page that I am going to build on by adding code to prevent XSS and to encrypt the password but as of right now I cannot get the showForm() messages to display properly. In fact if nothing is entered, or if any information is entered (valid or not), it takes you to a blank screen. Here is the code I wrote. Can anyone see as to where I missed something? I've looked it over so many times I am most likely missing the obvious. Thank you.

 

 

<?php

session_start();



    //validate text was entered in UserName text box

    switch(true){

        case (empty($_POST['btnSubmit']) && empty($_POST['txtUserName']) && empty($_POST['txtPassword'])):

            showForm('Log in to WisCon');

            break;

        case (isset($_POST['btnSubmit']) && isset($_POST['txtPassword']) && empty($_POST['txtUserName'])):

            showForm('Enter your user name.');

            break;

        case (isset($_POST['btnSubmit']) && isset($_POST['txtPassword']) && empty($_POST['txtUserName'])):

            showForm('Enter your password.');

            break;

        case (isset($_POST['btnSubmit']) && (isset($_POST['txtUserName'])) && isset($_POST['txtPassword'])):

            $UserName = $_POST['txtUserName'];

            $Password = $_POST['txtPassword'];

       



    //database login

    $dsn = 'mysql:host=XXX;dbname=XXX';

    $username='XXX';

    $password='XXX';

    //variable for errors

    $options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);

    //try to run code

    try {

    //object to open database

    $db = new PDO($dsn,$username,$password, $options);

    //check username against password

        $SQL = $db->prepare("Select USER_PASSWORD FROM user WHERE user_name = :UserName and USER_PASSWORD = :Password");

        $SQL->bindValue(':UserName', $UserName);

        $SQL->bindValue(':Password', $Password);

        $SQL->execute();

        $username = $SQL->fetch();

   

       if($username === false)

            {

                $password = null;

            }

        else

            {

                $password = $username['USER_PASSWORD'];

                include 'index.php';

            }

           

        return $password;

        $SQL->closeCursor();

        $db = null;

               

        } catch(PDOException $e){

            $error_message = $e->getMessage();

            echo("<p>Database Error: $error_message</p>");

            exit();

        }

        }     



function showForm($formMessage = "Welcome.")

{?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Log In</title>

<link rel="stylesheet" href="styles/default-styles.css" type="text/css" />

<link rel="stylesheet" href="styles/FormStyle.css" type="text/css" />

<script type="text/javascript" src="js/validateLogInForm.js/validateLogInForm.js"></script>

</head>



<body id="logPage">

    <div id="wrapper">

        

        <?php include('includes/header.php'); ?>

        <?php include('includes/topNavigation.php'); ?>

       

        <div id="mainContent">

            <div class="formDiv">

                <form name="registerForm" id="registerForm" action="" method="post">

                    <?php if ($formMessage !="") echo "<h2 style=\"color:#FF0000; text-align: center\">".$formMessage."</h2>"; ?>

                    <h1 style="color:#FF530D; text-align: center">Log into your account here!</h1>

               

                    <fieldset id="security">

                        <legend>Security</legend>

                        <label for="txtUserName" class="boxLabel">User Name:</label>

                        <input type="text" id="txtUserName" name="txtUserName" autofocus="autofocus" required="required" />

                        <script type="text/javascript">

                            if(!("autofocus" in document.createElement("input")))

                            {

                                setTimeout(function(){

                                    document.getElementById("txtUserName").focus();

                                }, 10);

                               

                            }

                            </script>

                        <label for="txtPassword" class="boxLabel">Password:</label>

                        <input type="password" id="txtPassword" name="txtPassword" required="required" />

                    </fieldset>

                   

                    <fieldset id="submission">

                        <div id="buttons">

                            <input type="submit" id="btnSubmit" name="btnSubmit" value="Submit" onclick="return validateLogInForm()"/>

                            <input type="reset" id="btnReset" name="btnReset" >

                        </div><!--end buttons-->

                    </fieldset>

</p>

                </form>

            </div><!--end div class=formDiv-->

        </div><!--end div id=mainContent-->

                

        <?php include('includes/footer.php'); ?>

               

    </div><!--end div id=wrapper-->

</body>

</html>

<?php

}

?>

 

Also, here is a more crude form of the log in page. This one displays the first showForm("Please Enter A User Name") message when you first hit the page (which I'd prefer the "Welcome " message to display and does not change to the other messages if improper data is entered, but hits the database and if the username and password do not exist or match it keeps you on the log in page and if they do match it sends you to the index.php page, as it should.

 

 

<?php

session_start();



    //validate text was entered in UserName text box

    if(empty($_POST['txtUserName']))

        {

            showForm('Please Enter A User Name');

            exit();

        }

    else

        {

            $UserName = $_POST['txtUserName'];

        }

        

        

    //validate text was entered in password text box

    if(empty($_POST['txtPassword']))

        {

            showForm('Please Enter A Valid Password');

            exit();

        }

    else

        {

            $Password = $_POST['txtPassword'];

        }



    if($Password != Password($UserName))

        {

            showForm('User Name And Password Do Not Match!');

            exit();

        }

       

function Password($UserName)

{

    //database login

    $dsn = 'mysql:host=XXX;dbname=XXX';

    $username='XXX';

    $password='XXX';

    //variable for errors

    $options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);

    //try to run code

    try {

    //object to open database

    $db = new PDO($dsn,$username,$password, $options);

    //check username against password

        $SQL = $db->prepare("Select USER_PASSWORD FROM user WHERE user_name = :UserName and USER_PASSWORD = :Password");

        $SQL->bindValue(':UserName', $UserName);

        $SQL->bindValue(':Password', $Password);

        $SQL->execute();

        $username = $SQL->fetch();

   

       if($username === false)

            {

                $password = null;

            }

        else

            {

                $password = $username['USER_PASSWORD'];

                include 'index.php';

            }

           

        return $password;

        $SQL->closeCursor();

        $db = null;

               

        } catch(PDOException $e){

            $error_message = $e->getMessage();

            echo("<p>Database Error: $error_message</p>");

            exit();

        }

        

}

function showForm($formMessage = "Welcome.")

{?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Log In</title>

<link rel="stylesheet" href="styles/default-styles.css" type="text/css" />

<link rel="stylesheet" href="styles/FormStyle.css" type="text/css" />

<script type="text/javascript" src="js/validateLogInForm.js/validateLogInForm.js"></script>

</head>



<body id="logPage">

    <div id="wrapper">

        

        <?php include('includes/header.php'); ?>

        <?php include('includes/topNavigation.php'); ?>

       

        <div id="mainContent">

            <div class="formDiv">

                <form name="registerForm" id="registerForm" action="" method="post">

                    <?php if ($formMessage !="") echo "<h2 style=\"color:#FF0000; text-align: center\">".$formMessage."</h2>"; ?>

                    <h1 style="color:#FF530D; text-align: center">Log into your account here!</h1>

               

                    <fieldset id="security">

                        <legend>Security</legend>

                        <label for="txtUserName" class="boxLabel">User Name:</label>

                        <input type="text" id="txtUserName" name="txtUserName" autofocus="autofocus" required="required" />

                        <script type="text/javascript">

                            if(!("autofocus" in document.createElement("input")))

                            {

                                setTimeout(function(){

                                    document.getElementById("txtUserName").focus();

                                }, 10);

                               

                            }

                            </script>

                        <label for="txtPassword" class="boxLabel">Password:</label>

                        <input type="password" id="txtPassword" name="txtPassword" required="required" />

                    </fieldset>

                   

                    <fieldset id="submission">

                        <div id="buttons">

                            <input type="submit" id="btnSubmit" name="btnSubmit" value="Submit" onclick="return validateLogInForm()"/>

                            <input type="reset" id="btnReset" name="btnReset" >

                        </div><!--end buttons-->

                    </fieldset>

</p>

                </form>

            </div><!--end div class=formDiv-->

        </div><!--end div id=mainContent-->

                

        <?php include('includes/footer.php'); ?>

               

    </div><!--end div id=wrapper-->

</body>

</html>

<?php

}

?>
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.