PHPDevil Posted November 9, 2012 Share Posted November 9, 2012 Hi guys, Im simply creating a login page for when people visit my website. Not up at the moment though. Issue I'm having is that authentication of the username and password works when you visit the page for the first time but doesn't when you press the login button. the php and sql i've used is: $page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : ''; $error_string = ''; if ($page_mode == 'Login') { $username = $_POST['username']; $password = $_POST['password']; if (trim($username) == '' || trim($password) == '') $error_string .= '<font color=red>You have left either the username or password field blank!</font><br />'; } else { $result = $mysqli->query("SELECT PlayerID, Username, Password FROM Persons WHERE Username='" . mysql_real_escape_string($username) . "'"); if (!($row = mysql_fetch_assoc($result)) || $row['password'] != sha1($password)) $error_string .= 'Please check your email address or password. Your details weren\'t correct <br />'; else { $error_string .= 'Site not ready'; } } and for my HTML echo " <div class='login'> <div align='right'> <img src='/outsideimage/toppart.png' /> </div> <div class='logincol'>"; echo $error_string; echo "<form method='post' action=''> <input type='hidden' name='page_mode' value='Login'> Username:<br /> <input type='text' name='username' size='30px' /><br /> Password:<br /> <input type='password' name='password' size='30px' /><br /><br /> <input type='submit' value='Login' title='Login' /> </div> <img src='/outsideimage/topbot.png' /> </div>"; I would like to point out that if either the username or password is blank the correct error message comes up. if there not nothing happens :( it simply won't check it against the databse when you press login but will when you type the url in O,o Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted November 10, 2012 Share Posted November 10, 2012 $page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : ''; $error_string = ''; if( $page_mode == 'Login' ) { $username = $_POST['username']; $password = $_POST['password']; if( trim($username) == '' || trim($password) == '' ) { $error_string .= '<font color=red>You have left either the username or password field blank!</font>'; } else { $result = $mysqli->query("SELECT PlayerID, Username, Password FROM Persons WHERE Username='" . mysql_real_escape_string($username) . "'"); if( ! ($row = mysql_fetch_assoc($result)) || $row['password'] != sha1($password)) { $error_string .= 'Please check your email address or password. Your details weren\'t correct '; } } } Give it a try, post back. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted November 10, 2012 Share Posted November 10, 2012 Just a question, as you use MySQLi (which is good) why don't you bind the parameters instead of passing them inside the query? Quote Link to comment Share on other sites More sharing options...
PHPDevil Posted November 10, 2012 Author Share Posted November 10, 2012 Thanks! I got it to work phew! But it still checks someones details before they even click submit. Anyway to prevent this? Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted November 11, 2012 Share Posted November 11, 2012 Your initial code run's a check against the DB if $_POST['page_mode'] is not set. Look at my code for reference. Quote Link to comment Share on other sites More sharing options...
PHPDevil Posted November 11, 2012 Author Share Posted November 11, 2012 Your initial code run's a check against the DB if $_POST['page_mode'] is not set. Look at my code for reference. ah ok i see what you did there :) Thanks so much for the help. Still new at all this web development :( Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.