I am trying to figure out just what's wrong with a login script provided by my instructor. There's a case where it will return a message about a blank username and password, but that never seems to happen if the logic for a nonexistent username and password is left intact!

Here's the relevant code:

$uname = $POST['em'];
$pw = $POST['pw'];

if (($uname == "") || ($pw == ""))
{
myRedirect("myLogin1.php?msg=3");
}

.. set up a connection and query the db

if(mysql_num_rows($result) > 0) // they're in the db
{//valid user, create session vars, redirect!
$row = mysql_fetch_array($result);
$sCustomerID = trim($row["CustomerID"]);
$sFirstName = trim($row["FirstName"]);
$sLogged = "zhy5688fty"; //unique string in case of multiple customers on server
session_start();
session_register("sCustomerID","sFirstName","sLogged");
myRedirect("myTarget1.php");
}

if(mysql_num_rows($result) == 0)
{
myRedirect("myLogin1.php?msg=2");
}

This last part was originally just an else from the good login if, as you'd expect. However, if that's in place, you never get the redirect for the first condition of the username and password being blank. With the last check disabled, it behaves like you'd expect (though of course nothing happens if the username and pw are wrong.)

I have no idea what's going on. The thing does work, but I don't understand why it goes past the first redirection for the blank case.

Derek

    Try this

    $uname = $_POST['em']; 
$pw = $_POST['pw'];

if ((isset($uname)) && (isset($pw)) {
\\ .. set up a connection and query the db 
if(mysql_num_rows($result) > 0) // they're in the db 
{//valid user, create session vars, redirect! 
$row = mysql_fetch_array($result); 
$sCustomerID = trim($row["CustomerID"]); 
$sFirstName = trim($row["FirstName"]); 
$sLogged = "zhy5688fty"; //unique string in case of multiple customers on server 
session_start(); 
session_register("sCustomerID","sFirstName","sLogged"); 
myRedirect("myTarget1.php"); 
} 
if(mysql_num_rows($result) == 0) 
{ 
myRedirect("myLogin1.php?msg=2"); 
} 
} else {
myRedirect("myLogin1.php?msg=3"); 
}

      The instructor's code originally had isset to test the two variables and that didn't work. Then I switched it to checking for empty strings.

      Derek

        Instead of checking If $pw is == "", try to see they are null

        if ($pw == NULL) {

          I got it to work by doing this:

          if ( isset($POST['em']) && isset($POST['pw']) && ($POST['em'] != "") && ($POST['pw'] != "") )
          {

          do connection, good & bad cases

          }
          else
          {
          redirect for blank case
          }

          Seems like a lot of work. Only took all afternoon.

            Thanks for the null suggestion. Just doing that test works.

            I actually thought about using null a long time ago, but I thought you couldn't do that with GET or POST variables, for some reason.

              Just woundering if you did this

              $uname = $_POST[em];
$pw = $_POST[pw];

              If you don't have this befor the If satement you may get bad results, I had this same problem some time ago intill I did this, but mine $_GET[]

                Maybe you can't use null with $GET and $POST but with php, thing that you should be able to do you can't and likewise

                  The reason null will not work is because the value is set into another variable

                  $uname = $POST[em];
                  $pw = $                  POST[pw];

                  Now $_POST would return Array. null is not a good option to use all the time however it will work.

                  why not try this

                  if ( isset($_POST['em']) && isset($_POST['pw']) && !empty($_POST['em']) && !empty($_POST['pw']))
                    Write a Reply...