2 replies to this topic

[AtomSai]

Hi.

I'm really stressed right now, and need some help.
I've just embedded my style into my dologin.php, which checks if you have logged in successfully. If you made an error, such as wrong username, or wrong password, it will kill the rest of the page. If you logged in successfully, it will continue on, and start the session, thus unlocking some of the features of the site. In theory.

Here's an example of what I have so far (correctly corresponding to my current one):

<?php session_start(); ?>

<html>

<body>




<!-- Page Markup Content -->




<?php

$name = $_POST['name'];

$password = $_POST['password'];


if ($name&&$password)

{

$connect = mysql_connect("***", "****", "**********") or die("Couldn't connect");

mysql_select_db("****") or die("Couldn't connect");


$query = mysql_query("SELECT * FROM members WHERE name='$name'");


if ($name==$correctuser&&$password==$correctpassword)

{

echo "Success";

$_SESSION['session']=$session;

}

else

echo "Incorrect password";

}

else

die("That user doesn't exist");

}

else

die("Please enter a username or password");

?>




<!-- CONTINUING WITH THE PAGE CONTENT (Footers, etc) -->




</body>

</html>

Please disregard all the errors in that code, it was just something written up for an example of what I'm using

Now, if the user has correctly typed in their information, and it succeeds, it will display "success" and show the rest of the content.
If the information is wrong, it will die and kill everything.
Is there an alternative to where they can type in the wrong ****, and still have an error, but the rest of the page will show?

Edited by AtomSai, 06 October 2010 - 03:51 PM.

[Alexander]

Ideally you would implement errors into a session, a simplistic example:

$_SESSION['errors'][] = "Your password is incorrect";

Then redirect them to an error page (i.e. dologin.php?error=true) and display them, and then unset() $_SESSION['errors'] after use.

Is there any reason you are using die() though? It runs out of your IF scope, so the data afterwards is only your page footer, there is no need to kill it unless you do not want the message to be displayed down bottom.

[SoN9ne]

Or, you could simply make the page submit to itself and not need to worry about adding or removing session data.

Do the checks in the top of the file and have the page display any errors if an error is received by using switches or any other type of conditionals.

An example, although not a great one, is located here.

Nullw0rm is correct, that is one method to do what you want but I'd rather not mess with the session unless it is needed. Just remember to clear the session values after you use them.