Login Script

[Garcia]

When fields left blank it does not show error. Also how is it possible when successful login to have a page that says "Successful Login" and then redirect to another.

Here is main code:
[code]
<?php
//login page
session_start();
require ("config.php");
switch (@$_POST['do'] )
{
case "new":
//if entered blank form returns error
foreach ($_POST as $field => $value)
{
if ($value == "")
{
$blanks[] = $field;
}
}
    if (isset ($blanks) )
{
$message = "The following fields are blank.
    Please enter the required information: ";
foreach ($blanks as $value)
{
$message .= "$value, ";
}
extract ($_POST);
include ("login_form.php");
exit();
}

$sql = "SELECT username FROM members WHERE username='$_POST[username]'";
$rs = mysql_query($sql, $con)
or die ("Couldn't execute query.");
$num = mysql_num_rows($rs);
if ($num > 0) // login name found!
{
$sql = "SELECT username From members WHERE username='$_POST[username]'
AND password=md5('$_POST[password]')";
$result2 = mysql_query($sql,$con)
                or die ("Couldn't execute query 2.");
$num2 = mysql_num_rows ($result2);
if ($num > 0) //correct passy
{
$_SESSION['auth'] = "yes";
$logname=$_POST['username'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:i:s");
$sql = "INSERT INTO Login (loginName, loginTime)
      VALUES ('$logname', '$today')";
$result = mysql_query ($sql, $con)
or die ("Couldn't execute query");
header ("Location: members.php");
}
      else
{
  $message = "The Login Name, '$_POST[username]' exists, but you have not entered the correct password!<br/>";
  include ("login_form.php");
}
}
elseif ($num == 0)
{
$message = "Login Name does not exist";
include ("login_form.php");
}
break;

default:
include ("login_form.php");

}

?>
[/code]

Login Form:
[code]
<html>
<head>
<title>Member Login</title>
</head>
<body>
<h1>Member Login:</h1><br />
<?php
    if (isset ($message) )
{
print " $message ";
}
?>
<form action="login.php?do=new" method="POST">
Member ID: <input type="text" name="<?php print $username ?>" size="20" /><br /><br />
Password: <input type="password" name="<?php print $password ?>" size="20" /><br /><br />
<input type="hidden" name="do" value="new">
<input type="submit" name="log" value="Log In" />
</form>
</body>
</html>
[/code]


Thanks!

[trq]

The $_POST array simply wont contain a fied if it was left blank. You need to check each field individually.

Use the [url=http://php.net/header]header[/url] function to redirect to a success page.

[Ameslee]

this is my login script which, feel free to use:

login form
[code]
<FORM METHOD=POST ACTION="processlogin_script.php">
<?php
echo "<font color=red><strong>".$msg."</font>";
?>
     <table>
       <tr>
         <td>Username:
         <td><input type="text" Name="username">
       <tr>
         <td>Password:
         <td><input type="password" Name="password">
     </table>
     <input name="submit" type="submit" value="Login"> </form.[/code]

login script
[code]
<?php
session_start();
header("Cache-control: no-cache");
//this includes the database connection
include("database.inc");

//Get the user's input from the form

$username = trim($_POST['username']);

//Get the user's input from the form

$password = trim($_POST['password']);

//check username and password are correct
$users_query = "SELECT * FROM login where username ='$username' AND password ='$password'";

$mysql_result=mysql_query($users_query,$conn);
$username=mysql_fetch_row($mysql_result);

//if valid user doesn't exist set the error message and redirect to badlogin page
if($username=="")
{

//redirect with a msg, if you have written anything to the page (even a space) you will receive an error saying headers already sent

header("Location:login.php?msg=You have not entered a valid username or password");

}
else
{
//if valid user exists set all the session variables

$_SESSION['valid']="yes";
$_SESSION['Level']=$username[3];
$_SESSION['username']=$username[1];
//redirect to the page you want to allow the user to access
header("Location:index.php");

}
?>[/code]

hope this helps, i also have other code that goes with the bottom part of that code, that is put at the top of every page.  its a session variable that holds who is logged in, and then makes sure only certain things are displayed for certain ppl.

[Garcia]

Alright well i still am having a problem  ???.

Updated Code:

Login
[code]
<?php
//login page
session_start();
require ("config.php");
switch (@$_POST['do'] )
{
case "new":
//if entered blank form returns error
if($_POST['username'] == "")
{
  $message = "Blank Username";
include ("login_form.php");
}
if($_POST['password'] == "")
{
  $message = "Blank Password";
include ("login_form.php");
}

$sql = "SELECT username FROM members WHERE username='$_POST[username]'";
$rs = mysql_query($sql, $con)
or die ("Couldn't execute query.");
$num = mysql_num_rows($rs);
if ($num > 0) // login name found!
{
$sql = "SELECT username From members WHERE username='$_POST[username]'
AND password=md5('$_POST[password]')";
$result2 = mysql_query($sql,$con)
                or die ("Couldn't execute query 2.");
$num2 = mysql_num_rows ($result2);
if ($num > 0) //correct passy
{
$_SESSION['auth'] = "yes";
header ("Location: members.php");
}
      else
{
  $message = "The Login Name, '$_POST[username]' exists, but you have not entered the correct password!<br/>";
  include ("login_form.php");
}
}
elseif ($num == 0)
{
$message = "Login Name does not exist";
include ("login_form.php");
}
break;

default:
include ("login_form.php");

}

?>
[/code]

login form

[code]
<html>
<head>
<title>Member Login</title>
</head>
<body>
<h1>Member Login:</h1><br />
<?php
    if (isset ($message) )
{
print " $message ";
}
?>
<form action="login.php?do=new" method="POST">
Member ID: <input type="text" name="username " size="20" /><br /><br />
Password: <input type="password" name="password" size="20" /><br /><br />
<input type="submit" name="Submit" value="Login" />
</form>
</body>
</html>
[/code]

When entered without information it doesn't display any information and goes right to login.php?do=new .

Thanks!