...

View Full Version : Login Code Help



graham23s
01-19-2010, 10:01 PM
Hi Guys,

I can't seem to figure this login code out, the errors display fine (if there is any) but it doesn't show any errros i don't get headered through tot he account.php page.

code:



<?php
ob_start();
session_start();
include("inc/inc-dbconnection.php");
include("inc/inc-online.php");
include("inc/inc-functions.php");
include("inc/inc-header.php");
?>
<div class="fcp-main-content-area">
<div class="fcp-breadcrumb">
<ul>
<li><a href="index.php">Home</a></li> >>
<li><a href="javascript:history.go(-1)">Previous Page</a></li> >>
<li>Login in to your account.</li>
</ul>
</div>
<?php
if (isset($_POST['submitLogin']))
{

// POST vars
$user = $_POST['user'];
$pass = $_POST['pass'];

// Errors array()
$errors = array();

// Potential errors
// Empty fields
if (empty($user) || empty($pass))
{
$errors[] = "You never filled in all the fields above.";
}

// Does user exist?
$qU = "SELECT * FROM `fso_users` WHERE `user_email`='$user' AND `user_password`='$pass' LIMIT 1";
$rU = mysql_query($qU);

if (mysql_num_rows($rU) < 1)
{
$errors[] = "We don't recognise those login details, have you typed them correctly?";
}

// Count the errors
if (count($errors > 0))
{
// Display the errors
print "<div id=\"error\">";

foreach($errors as $error)
{

print "<b>></b> $error<br />";

}

print "</div>";

} else {

// Update the login timer and redirect
$timer = mysql_query("UPDATE `fso_users` SET `user_last_login`=NOW() WHERE `user_email`='$user' AND `user_password`='$pass'");

// Array()
$aU = mysql_fetch_array($rU);

// $_SESSION[''];
$_SESSION['loggedIn'] = 1;
$_SESSION['user_id'] = $aU['user_id'];

// Lastly redirect to the account page
header("Location: account.php");
ob_clean();

}

}
?>
<div id="div-regForm">
<div class="form-title">Log In</div>
<div class="form-sub-title">Login & see your points score!</div>
<form id="regForm" action="login.php" method="post">
<table>
<tbody>
<tr>
<td><label for="fname">Email:</label></td>
<td><div class="input-container"><input name="user" id="user" type="text" /></div></td>
</tr>
<tr>
<td><label for="lname">Password:</label></td>
<td><div class="input-container"><input name="pass" id="pass" type="text" /></div></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" class="greenButton" name="submitLogin" value="Login" />
</td>
</tr>
</tbody>
</table>
</form>
</div>
<?php
include("inc/inc-footer.php");
?>


The logic *seems* ok i think lol

any help would be appreciated

thanks guys

Graham

angst
01-19-2010, 11:02 PM
this is wrong: if (count($errors > 0))
should be:


if (count($errors) > 0)



but alot of your code seems very odd to me, it seems like your doing alot more work then you need to, for example, right at the beginning you validate the user/pass, but instead of stopping when you see that they are empty, to just continue on.

angst
01-19-2010, 11:11 PM
re-write; this is more how I would do it:




if (isset($_POST['submitLogin']))
{

// POST vars
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);

// Errors array()
$errors = array();

// Potential errors
// Empty fields
if (empty($user) || empty($pass)) {
$errors[] = "You never filled in all the fields above.";
} else {

// Does user exist?
$result = mysql_query("SELECT `user_id` FROM `fso_users` WHERE `user_email`='$user' AND `user_password`='$pass' LIMIT 1");
if (mysql_num_rows($rU) == 0) {
$errors[] = "We don't recognise those login details, have you typed them correctly?";
} else {
// open row
$row = mysql_fetch_array($result);

// Update the login timer and redirect
mysql_query("UPDATE `fso_users` SET `user_last_login`=NOW() WHERE user_id = " . $row['user_id'] );

$_SESSION['loggedIn'] = 1;
$_SESSION['user_id'] = $row['user_id'];

// Lastly redirect to the account page
header("Location: account.php");
ob_clean();
}
}

// display errors if any exist
if (count($errors) > 0)
{
print "<div id=\"error\">";
foreach($errors as $error)
{
print "<b>></b> $error<br />";
}
print "</div>";
}
}

MattF
01-19-2010, 11:17 PM
but alot of your code seems very odd to me, it seems like your doing alot more work then you need to, for example, right at the beginning you validate the user/pass, but instead of stopping when you see that they are empty, to just continue on.

It looks like he's trying to provide an inline error notice type setup rather than stopping the form dead, but the process login code hasn't been enclosed within an else statement as it ought be. If something fails, (and I've just seen your updated code which adds the else), the errors will be displayed but the existing entries supplied will be pre-filled in the form. I think that's the intent, anyhows.

angst
01-19-2010, 11:20 PM
yes, I understand that, but if the fields are empty, then there is no point in continuing on and logging more errors. it's not a bad attempt, just needs some tweaking.

also, a few other things;
you were opening the row before you knew if you even had a result, you should wait till after you have found a record. also your sql update was using the user/pass combo instead of the readily available user_id which is faster and more accurate.

graham23s
01-20-2010, 01:08 AM
Hi Guys,

Thanks a lot for that, that's pretty much tidied up my login script :) i'll use the same template for the registration one me think :)

cheers guys

Graham



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum