Form Validation

[robriley]

Hi all,

 

Fairly new to this so be nice 

 

I've set up a basic authentication system with a mysql db of users. I want the login form to display relevant error messages when submitted (for example 'incorrect password' or 'please fill out all fields') and this all works fine apart from the page always displays a message even before the form is submitted. I want to find a way around this without using a switch and global variables if possible. My code looks like this:

 

<?php

session_start();

require_once("scripts/config.php");

require_once("scripts/functions.php");

require_once("scripts/connect.php");

?>

 

<html>

<head>

<title><?php echo $title ?></title>

</head>

<body>

 

<?php

 

LoginForm();

 

//check both fields were entered

 

if (!$_POST['username'] or !$_POST['password']){

 

echo "Please enter both a username and password.";

 

exit;

 

}

 

//connect to mysql and authenticate

 

$username = $_POST['username'];

$password = $_POST['password'];

$sqlquery = "SELECT * from USERS where user = '$username' and pass = '$password'";

$result = mysql_query($sqlquery);

$numrows = mysql_num_rows($result);

 

if(mysql_num_rows($result)!=1){

 

echo "Username or password incorrect.";

 

exit;

 

}

 

else{

 

//set session variables accordingly

 

$row = mysql_fetch_array($result);

extract($row);

 

$_SESSION['username'] = $user;

 

$_SESSION['names'] = $names;

 

$_SESSION['status'] = $status;

 

$_SESSION['auth'] = yes;

 

}

 

?>

 

<script LANGUAGE="JavaScript">window.location="pages/index2.php";</script>

 

</body>

</html>

 

I've re-ordered things many times and tried different things but now my brain is fried. Suggestions will be much appreciated.

 

Thanks,

[teng84]

<?php
session_start();
require_once("scripts/config.php");
require_once("scripts/functions.php");
require_once("scripts/connect.php");
?>

<html>
<head>
<title><?php echo $title ?></title>
</head>
<body>

<?php
if(isset($_POST['submit'])){/// put here the submit button name<---------------------------------see this line
LoginForm();

//check both fields were entered

if (!$_POST['username'] or !$_POST['password']){

echo "Please enter both a username and password.";

exit;

}

//connect to mysql and authenticate

$username = $_POST['username'];
$password = $_POST['password'];
$sqlquery = "SELECT * from USERS where user = '$username' and pass = '$password'";
$result = mysql_query($sqlquery);
$numrows = mysql_num_rows($result);

if(mysql_num_rows($result)!=1){

echo "Username or password incorrect.";

exit;

}

else{

//set session variables accordingly

$row = mysql_fetch_array($result);
extract($row);

$_SESSION['username'] = $user;

$_SESSION['names'] = $names;

$_SESSION['status'] = $status;

$_SESSION['auth'] = yes;

}
}
?>

<script LANGUAGE="JavaScript">window.location="pages/index2.php";</script>

</body>
</html>

 

use  isset

[cooldude832]

I handle my errors/no errors via 2 session variables and make sure I populate them pre any output

i.e

<?php
session_start();
if($error == 1){
$_SESSION['Errors'][] = "There was a problem cause you typed it wrogn";
}
else{
$_SESSION['No_Errors'][] = "There was no Error.";
}

#then on output
if(!empty($_SESSION['Errors'])){
echo "<ul>";
foreach($_SESSION['Errors'] as $value){
echo "<li>".$value."</li>";
echo </ul>";
}
if(!empty($_SESSION['No_Errors'])){
echo "<ul>";
foreach($_SESSION['NoErrors'] as $value){
echo "<li>".$value."</li>";
echo </ul>";
}
#then to flush the page
$_SESSION['Errors'] =  array();
$_SESSION['No_Errors'] = array();
?>

You can populate a million errors if u want add css to good errors no errors etc.

 

Carry errors across pages eetc.

[teng84]

hmm using session to handle errors? hmmm I don't use that technique hehe

I use classes to store all those errors in an array I hate using session that much( IMO)

[robriley]

Thanks very much for the help folks. I'll try these techniques later on