custom error message based on login

kilbey1

I am not sure I'm doing this correctly. I am attempting to create a 'wrong username' or 'wrong password' based on the info a user submits on the login screen. I can get it working like the below code, but then it ALWAYS returns the word "empty" upon initial login.

$query = "select * from authenticate where username = '" . $_POST['username'] . "' and password = '" . $_POST['password'] . "';";
$result = mysql_query($query) or die(mysql_error());

function login_body() { 
?>
<table valign="top"><tr><td width="250" valign="top"><BR>

<?

if (mysql_num_rows($result) == 0)
{
	$message = "empty";
} 
echo $message;
?>

So I revised it, but it doesn't appear to be working correctly; can someone set me straight?

	$query = "select * from authenticate where username = '" . $_POST['username'] . "' and password = '" . $_POST['password'] . "';";
	$result = mysql_query($query) or die(mysql_error());

function login_body() { 
?>
<table valign="top"><tr><td width="250" valign="top"><BR>

<?

if (mysql_num_rows($result) == 0)
{
	$message = "empty";
} elseif (mysql_num_rows($result) == 0 AND username !=  $_POST['username']) {
	$message = "Wrong username.";
} elseif (mysql_num_rows($result) == 0 AND password != $_POST['password']) {
	$message = "Wrong password.";
}



echo $message;
?>

parawizard

first of all try this

$query = "select username, password from authenticate where username = '" . $_POST['username'] . "' ";

instead of grabbing where using name and password just say wut row to grab username and password from by grabbing the row that = username 🙂 this was your main problem! because if the username and password werent found in the same row it wouldnt take anything from the database always giving you a EMPTY! do you understand this?

your other problem is right here

 

if (mysql_num_rows($result) == 0) 
{ 
    $message = "empty"; 
} elseif (mysql_num_rows($result) == 0 AND username !=  $_POST['username']) { 
    $message = "Wrong username."; 
} elseif (mysql_num_rows($result) == 0 AND password != $_POST['password']) { 
    $message = "Wrong password."; 
}

well the whole thing should be coded a bit differently ! heres all of the code


$query = "select username, password from authenticate where username = '" . $_POST['username'] . "' ";
$result = mysql_query($query) or die(mysql_error());

$info =  mysql_fetch_row($result);

$usernamedb = $info[0];
$passworddb = $info[1];

function login_body() { 
?> 
<table valign="top"><tr><td width="250" valign="top"><BR> 

<? 

if ($usernamebd!=$_POST['username']) 
{ 
    $message = "invalid username";
    echo $message;   
} 
if($passworddb!=$_POST['password'])
{
    $message = "invalid password";
    echo $message;
}


?>

kilbey1

Well, this does work... no question. But I want my message to appear in a certain area, and I have it set up in a switch statement. Here's the code; why doesn't this work? $message never shows up.

<? 
function login_body() { 
?>
<table valign="top"><tr><td width="250" valign="top"><BR>
      <table width="100%" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td>
<?
echo $message;
?>
          </td>
        </tr>
      </table>
      <form name="login" method="post" action="index.php?login=yes"> 
  <table width="250" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td>Username: </td>
      <td>
        <input type="text" name="username">
      </td>
    </tr>
    <tr>
      <td>Password: </td>
      <td>
        <input type="password" name="password">
      </td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td> 
        <div align="right"><BR>
          <input type="image" src="/smcp_external/images/gifs/login.jpg" height="18" width="55" border="0" alt="Login" value="Login" name="image">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
        </div>
      </td>
    </tr>
  </table>
  </form>


<BR><BR>

<center><table width="90%">
	 <font size="1">If you require assistance, you may contact Universal Smartcomp at: 
	 <BR><BR>
	 601 Technology Drive<BR>
	 Ste 310 Southpointe<BR>
	 Canonsburg, PA 15317<BR>
     Phone: 1-724-745-5611<BR>
	 Fax: 1-724-745-8744</font>
</table>
</center>

</td>
	<td valign="top"> 
      <P><BR>
        <BR>

  <div align=justify>
    <table width="100" border="0" cellspacing="3" cellpadding="3" align="right">
      <tr> 
        <td><img src="/smcp_external/images/new/woman_typing.jpg" width="97" height="98" align="right"></td>
      </tr>
      <tr> 
        <td><b><img src="/smcp_external/images/new/rehab.jpg" width="96" height="98" align="right"></b></td>
      </tr>
    </table>
    <b>SmartComp Information:</b><br>
    <BR>
    Universal SmartComp specializes in the medical coordination and cost containment 
    of workers\' compensation injuries. Universal SmartComp\'s current client 
    base consists of insurance carriers, employers (fully insured and self-insured), 
    national managed care companies and agents/brokers. Universal SmartComp\'s 
    clients have saved an average of 37-52% on rehabilitation costs utilizing 
    our network services. 
    <p><br>
      <b>Universal SmartComp provides its clients with:</b>
  </div>
 <br>

  <li>
Development of functional, quality provider panels 
          with state-mandated requirements and forms. Universal SmartComp also 
          customizes panels to meet the specific needs of our clients. 

  <li>Access to the most comprehensive, discounted physical therapy provider network available.
<li>Access to a comprehensive, discounted diagnostic provider network.
<li>Toll Free number for the scheduling of all panel provider specialty appointments.
      <li>Acute case coordination of all injuries reported and scheduled through 
        Universal SmartComp. 
      <li>Medical Bill Review and Repricing consulting and auditing services. 
    </td><td width=20></td>

</tr></table>
<?
}	

switch($login){
case "yes":
	//$query = "select * from authenticate where username = '" . $_POST['username'] . "' and password = '" . $_POST['password'] . "';";
	$query = "select username, password from authenticate where username = '" . $_POST['username'] . "' ";
	$result = mysql_query($query) or die(mysql_error());

$info =  mysql_fetch_row($result); 

$usernamedb = $info[0]; 
$passworddb = $info[1]; 

if ($usernamedb!=$_POST['username'])  
{  
    $message = "&nbsp;&nbsp;&nbsp;<font color=red>Invalid Username.</font><BR>";  
	login_body();
}  
elseif($passworddb!=$_POST['password']) 
{ 
    $message = "&nbsp;&nbsp;&nbsp;<font color=red>Invalid Password.</font><BR>"; 
	login_body();
} 

if (mysql_num_rows($result) == 1 AND $usernamedb==$_POST['username'] AND $passworddb==$_POST['password'])
{
	//session_start();  // Modified By CT
	//$_SESSION['logged'] = 1;
	include "include/body_auth.inc.php";
	//while($row=mysql_fetch_array($result, MYSQL_ASSOC)) {
	//	$fullname = "$row[Firstname] $row[Lastname]";
		//echo '<input type="hidden" name="username" value="'.$fullname.'">';
	//	$_SESSION['fullname'] = $fullname; 
	//}
}

break;
default:
	$message = "";
	login_body();
}
?>

parawizard

the ifs that set wut $message = have to be run before $message is outputted hehe 🙂

so the login_body function has to come after the code the determines wut $message=

<?php
switch($login){ 
case "yes": 
    //$query = "select * from authenticate where username = '" . $_POST['username'] . "' and password = '" . $_POST['password'] . "';"; 
    $query = "select username, password from authenticate where username = '" . $_POST['username'] . "' "; 
    $result = mysql_query($query) or die(mysql_error()); 

$info =  mysql_fetch_row($result);  

$usernamedb = $info[0];  

$passworddb = $info[1];  

if ($usernamedb!=$_POST['username'])   
{   
    $message = "&nbsp;&nbsp;&nbsp;<font color=red>Invalid Username.</font><BR>";   
    login_body(); 
}   
elseif($passworddb!=$_POST['password'])  
{  
    $message = "&nbsp;&nbsp;&nbsp;<font color=red>Invalid Password.</font><BR>";  
    login_body(); 
}  

if (mysql_num_rows($result) == 1 AND $usernamedb==$_POST['username'] AND $passworddb==$_POST['password']) 
{ 
    //session_start();  // Modified By CT 
    //$_SESSION['logged'] = 1; 
    include "include/body_auth.inc.php"; 
    //while($row=mysql_fetch_array($result, MYSQL_ASSOC)) { 
    //    $fullname = "$row[Firstname] $row[Lastname]"; 
        //echo '<input type="hidden" name="username" value="'.$fullname.'">'; 
    //    $_SESSION['fullname'] = $fullname; 
    //} 
} 

break; 
default: 
    $message = ""; 
    login_body(); 
} 
?> 


<?  

function login_body() {  

?> 
<table valign="top"><tr><td width="250" valign="top"><BR> 
      <table width="100%" border="0" cellspacing="0" cellpadding="0"> 
        <tr> 
          <td> 
<? 
echo $message; 
?> 
          </td> 
        </tr> 
      </table> 
      <form name="login" method="post" action="index.php?login=yes"> 
  <table width="250" border="0" cellspacing="0" cellpadding="0"> 
    <tr> 
      <td>Username: </td> 
      <td> 
        <input type="text" name="username"> 
      </td> 
    </tr> 
    <tr> 
      <td>Password: </td> 
      <td> 
        <input type="password" name="password"> 
      </td> 
    </tr> 
    <tr> 
      <td>&nbsp;</td> 
      <td> 
        <div align="right"><BR> 
          <input type="image" src="/smcp_external/images/gifs/login.jpg" height="18" width="55" border="0" alt="Login" value="Login" name="image">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
        </div> 
      </td> 
    </tr> 
  </table> 
  </form> 


<BR><BR> 

<center><table width="90%"> 
     <font size="1">If you require assistance, you may contact Universal Smartcomp at: 
     <BR><BR> 
     601 Technology Drive<BR> 
     Ste 310 Southpointe<BR> 
     Canonsburg, PA 15317<BR> 
     Phone: 1-724-745-5611<BR> 
     Fax: 1-724-745-8744</font> 
</table> 
</center> 

</td> 
    <td valign="top"> 
      <P><BR> 
        <BR> 

  <div align=justify> 
    <table width="100" border="0" cellspacing="3" cellpadding="3" align="right"> 
      <tr> 
        <td><img src="/smcp_external/images/new/woman_typing.jpg" width="97" height="98" align="right"></td> 
      </tr> 
      <tr> 
        <td><b><img src="/smcp_external/images/new/rehab.jpg" width="96" height="98" align="right"></b></td> 
      </tr> 
    </table> 
    <b>SmartComp Information:</b><br> 
    <BR> 
    Universal SmartComp specializes in the medical coordination and cost containment 
    of workers' compensation injuries. Universal SmartComp's current client 
    base consists of insurance carriers, employers (fully insured and self-insured), 
    national managed care companies and agents/brokers. Universal SmartComp's 
    clients have saved an average of 37-52% on rehabilitation costs utilizing 
    our network services. 
    <p><br> 
      <b>Universal SmartComp provides its clients with:</b> 
  </div> 
 <br> 

  <li> 
Development of functional, quality provider panels 
          with state-mandated requirements and forms. Universal SmartComp also 
          customizes panels to meet the specific needs of our clients. 

  <li>Access to the most comprehensive, discounted physical therapy provider network available. 
<li>Access to a comprehensive, discounted diagnostic provider network. 
<li>Toll Free number for the scheduling of all panel provider specialty appointments. 
      <li>Acute case coordination of all injuries reported and scheduled through 
        Universal SmartComp. 
      <li>Medical Bill Review and Repricing consulting and auditing services. 
    </td><td width=20></td> 

</tr></table> 
<? 
}
?>

looks like it should work fine now 🙂

kilbey1

Didn't work. 🙁 $message still wasn't output; not to mention that it never found my 'include' whenever I successfully logged in. 🙂

parawizard

look man y dont u make a access control page>?

i have one i can give you for free if u want>?

i have a MYSQL version and a MS access ODBC version

i coded it myself it has login output that u can customize and then you can change all the code to access ur database 🙂

or add me to msn or something unless you want to code your own i can point you in the right direction

parawizard

ok this is how you do it!

you have a file called

accesscontrol.php

in it you have main things like

1) start sessions

2) check for username and password in SESSION variables and POST variables (post to see if just logged in) then put ether one in $username and $password

3) SELECT username, password WHERE username = '$username' in the
database

dont do anything if it matchs just make if statments to detect no comparisons. do a if for username and password


if($username !=$db_username)
{
login("Username is invalid");
}

5) login function basically the same as the one you have right there! except to do this login("Username is invalid"); you have to make the function like this

function login($message)
{
code here

echo message somewhere
}

so basically

it starts a session or uses existing one then checks for variables username and password from $SESSION and $POST. sets them into variables $username and $password. then it checks them with ones in the database for a matching row WHERE username = '$username'. then you check the username and password in if statements!

thats the main jist of it! hope that helps basically wut u do then is lets say you have members.php and u want to make that a login restricted page! then u just include 'accescontrol.php'!

works great 🙂

good luck give me a shout on my email or pm me theres a good tutorial for it

hope that helps you 🙂