Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8

Thread: Form help

  1. #1
    New Coder
    Join Date
    Apr 2008
    Posts
    26
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Form help

    Im trying to validate a form, i have two field, one called MemberRef and the other is "Password". I have a code that validates the form if no values are entered, i need the form to check the MemberRef against the password, i have added a check for the username and password but it isnt correct. I also need to check that the user exists in the database when the submit button is selected, i have the code kind of working:

    PHP Code:
    <?php


    if (isset($_POST['submit'])) {  

        
    $error_stat 0;  
        
    $MemberRef_message ''
        
    $Password_message '';
        
    $Password2_message '';
        
    $User_message '';
        
    $Walk_message '';

        
    $MemberRef mysql_real_escape_string(stripslashes($_POST['MemberRef']));
        
    $Password mysql_real_escape_string(stripslashes($_POST['Password']));
        
    //Error checking  

    // MemberRef Check)  
    if (!$MemberRef) { 
    //Set the error_stat to 1, which means that an error has occurred 
        
    $error_stat 1

    //Set the message to tell the user to enter a MemberRef 
        
    $MemberRef_message '*Please enter MemberRef*'


    else if (!
    ctype_digit($MemberRef)) {  
       
    $error_stat 1;  
       
    $MemberRef_message .= '*MemberRef must be a number*';  


    if (!
    $Password) { 
    //Set the error_stat to 1, which means that an error has occurred 
        
    $error_stat 1

    //Set the message to tell the user to enter a password
        
    $Password_message '*Please enter a Password*'





     
    $account mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' &&  Password='$Password'");
     
     
     if (
    $Password != $MemberRef) {
      
       
    $error_stat 1;  
       
    $Password2_message .= '*Password incorrect*';  
    }
        else if(
    mysql_num_rows($account) == 0){
             
    $error_stat 1;
    //Set the message to tell the user MemberRef does not exist 
        
    $User_message '*MemberRef does not exist*';
            
    }
    }

    ?>


    <hr class="hr_blue"/></p><font face="Arial" size="3">Join Walk</font><form method="post" class="addwalkerform" action="">   
    </font>
    <fieldset>
    <label for="MemberRef">MemberRef:</label>  
    <input name="MemberRef" type="text" id="MemberRef" value="<?php echo $_POST['MemberRef']; ?>"/> 
    <span class="redboldtxt"><?php echo "$MemberRef_message";?></fieldset></span>  
    </fieldset>

    <fieldset>
    <label for="Password">Password:</label>  
    <input name="Password" type="text" id="Password" value="<?php echo $_POST['Password']; ?>"/> 
    <span class="redboldtxt"><?php echo "$Password_message";?></fieldset></span>
    <span class="redboldtxt"><?php echo "$Password2_message";?></fieldset></span>
    <p></p>
    <fieldset> 
    <p class="submit"><input type="submit" name="submit" value="Join Walk" />

    <span class="redboldtxt"><?php echo "$User_message";?></fieldset></span>

    <span class="redboldtxt"><?php echo "$Walk_message";?></fieldset></span>


    </fieldset>


    </fieldset>
    </form>

    <?php
    }
    ?>
    Last edited by Cyber; 04-09-2008 at 06:15 PM.

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    How is your current code behaving that isn't what you want?

  • #3
    New Coder
    Join Date
    Apr 2008
    Posts
    26
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fumigator View Post
    How is your current code behaving that isn't what you want?

    I have the code working up until the last query in the code, i need it to look up a table called "walker" which has the fields "WalkNo" and "MemberRef", i want to check that the member has not been added to the walk.

    The code is working fine up until the last query:

    PHP Code:
    if (isset($_POST['submit'])) {  

        $error_stat = 0;  
        $MemberRef_message = ''; 
        $Password_message = '';
        $Password2_message = '';
        $User_message = '';
        $Walk_message = '';

        $MemberRef = mysql_real_escape_string(stripslashes($_POST['MemberRef']));
        $Password = mysql_real_escape_string(stripslashes($_POST['Password']));
        
    //Error checking  

    // MemberRef Check)  
    if (!$MemberRef) { 
    //Set the error_stat to 1, which means that an error has occurred 
        $error_stat = 1; 

    //Set the message to tell the user to enter a username 
        $MemberRef_message = '*Please enter MemberRef*'; 


    else if (!ctype_digit($MemberRef)) {  
       $error_stat = 1;  
       $MemberRef_message .= '*MemberRef must be a number*';  


    if (!$Password) { 
    //Set the error_stat to 1, which means that an error has occurred 
        $error_stat = 1; 

    //Set the message to tell the user to enter a password 
        $Password_message = '*Please enter a Password*'; 

    }

    if (isset($_POST['submit']) && $error_stat == 0) {  


    $account = mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' &&  Password='$Password'");
     
    if(mysql_num_rows($account) == 0){
             $error_stat = 1;
    //Set the message to tell the user MemberRef does not exist 
        $User_message = '*Member does not exist*';
        
    if (isset($_POST['submit']) && $error_stat == 0) {  


    $account = mysql_query("SELECT * FROM walker WHERE MemberRef='$MemberRef' &&  WalkNo='$WalkNo'");
     
    if(mysql_num_rows($account) == 1){
             $error_stat = 1;
    //Set the message to tell the user they have already joined the walk
        $Walk_message = '*Member has already joined this walk*';

            
    }
    }
    }
    }
    }

    ?>


    <hr class="hr_blue"/></p><font face="Arial" size="3">Join Walk</font><form method="post" class="addwalkerform" action="">   
    </font>
    <fieldset>
    <label for="MemberRef">MemberRef:</label>  
    <input name="MemberRef" type="text" id="MemberRef" value="<?php echo $_POST['MemberRef']; ?>"/> 
    <span class="redboldtxt"><?php echo "$MemberRef_message";?></fieldset></span>  
    </fieldset>

    <fieldset>
    <label for="Password">Password:</label>  
    <input name="Password" type="text" id="Password" value="<?php echo $_POST['Password']; ?>"/> 
    <span class="redboldtxt"><?php echo "$Password_message";?></fieldset></span>
    <span class="redboldtxt"><?php echo "$Password2_message";?></fieldset></span>

    <fieldset> 
    <p class="submit"><input type="submit" name="submit" value="Join Walk" />

    <span class="redboldtxt"><?php echo "$User_message";?></fieldset></span>

    <span class="redboldtxt"><?php echo "$Walk_message";?></fieldset></span>


    </fieldset>


    </fieldset>
    </form>

    <?php
    }
    ?>
    Last edited by Cyber; 04-09-2008 at 06:15 PM.

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You aren't doing any error checking and I think you need to use AND rather than &&
    PHP Code:
    $account mysql_query("SELECT * FROM walker WHERE MemberRef='$MemberRef' AND WalkNo='$WalkNo'") or die(mysql_error()); 
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #5
    New Coder
    Join Date
    Apr 2008
    Posts
    26
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    You aren't doing any error checking and I think you need to use AND rather than &&
    PHP Code:
    $account mysql_query("SELECT * FROM walker WHERE MemberRef='$MemberRef' AND WalkNo='$WalkNo'") or die(mysql_error()); 
    Hi, i have changed the code to check the MemberRef and password are correct, im having a problem now when i enter an existing username and an incorrect password, the code is outputting that the username does not exist, is there anyway i can fix this?

    PHP Code:
    if (isset($_POST['submit'])) {  

         
    $error_stat 0;  
        
    $MemberRef_message ''
        
    $Password_message '';
        
    $Password2_message '';
        
    $User_message '';
        
    $Walk_message '';

        
    $MemberRef mysql_real_escape_string(stripslashes($_POST['MemberRef']));
        
    $Password mysql_real_escape_string(stripslashes($_POST['Password']));
        
    //Error checking  

    // MemberRef Check)  
    if (!$MemberRef) { 
    //Set the error_stat to 1, which means that an error has occurred 
        
    $error_stat 1

    //Set the message to tell the user to enter a username 
        
    $MemberRef_message '*Please enter MemberRef*'


    else if (!
    ctype_digit($MemberRef)) {  
       
    $error_stat 1;  
       
    $MemberRef_message .= '*MemberRef must be a number*';  


    if (!
    $Password) { 
    //Set the error_stat to 1, which means that an error has occurred 
        
    $error_stat 1

    //Set the message to tell the user to enter a username 
        
    $Password_message '*Please enter a Password*'

    }
        

    if (isset(
    $_POST['submit']) && $error_stat == 0) {  

    $account mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND  Password='$Password'");
    $numrows mysql_num_rows($account); //get rows returned

    if(mysql_num_rows($account) == 0){ 
             
    $error_stat 1
    //Set the message to tell the user MemberRef does not exist  
        
    $User_message '*Member does not exist*'
         
    }

    else if (
    $numrows 1)// if more than 0 its in database, if not throw new error message

    $row mysql_fetch_assoc($result);
    $dbpassword $row['Password']; //get the password from the database
    if ($dbpassword != $Password) { // check it agains the inputted password, if not the same
     
        
    $error_stat 1

    //Set the message to tell the user to enter a username 
        
    $Password2_message '*Incorrect Password*'

    }
    }
     
    }
    }



    ?> 

  • #6
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Split the query into two queries, but it's usually a good idea to not be all that specific with that sort of thing; if someone's trying to hack in by guessing usernames and passwords, the last thing you want to do is let them know they've stumbled upon a valid username and just the password is wrong. So I'd just change the error to "username or password incorrect".

  • #7
    New Coder
    Join Date
    Apr 2008
    Posts
    26
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fumigator View Post
    Split the query into two queries, but it's usually a good idea to not be all that specific with that sort of thing; if someone's trying to hack in by guessing usernames and passwords, the last thing you want to do is let them know they've stumbled upon a valid username and just the password is wrong. So I'd just change the error to "username or password incorrect".
    Can u help me with this, im lost now?

  • #8
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    Quote Originally Posted by Cyber View Post
    Can u help me with this, im lost now?
    What he's saying is don't check for EITHER username OR password individually; Check for BOTH, and output a general error like "Username and/or Password are invalid" if either one is incorrect. For example:
    PHP Code:
    $account mysql_query("SELECT * FROM members WHERE MemberRef='$MemberRef' AND  Password='$Password'");
    $numrows mysql_num_rows($account); //get rows returned

    if($numrows == 0)

        
    $error_stat 1
        
    $User_message 'Username and/or Password are invalid'



  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •