[RESOLVED] Testing field values against database values (i.e. user name and password)

frootloops

What I am trying to do is create a very simple script to test whether or not a user is in the database, nothing fancy or secure (yet).
The script I have thus far displays a username and password field that they fill out and submit.

Below is the latest build of the code which results in a syntax error. All I want to know is am I on the right track?

THANKS!!

<?php 
ini_set("display_errors","on"); 
error_reporting(E_ALL | E_STRICT); 
ini_set("include_path","./includes");
include("reginfo.inc");
if(isset($_POST['submitted']) and $_POST['submitted'] == "yes") 
{ 
  foreach($_POST as $field => $value)         

  { 
    if(empty($value)) 
    { 
         $blank_array[] = $field; 
      } 
    { 
      $good_data[$field] = strip_tags(trim($value)); 
    } 
  }
  if(@sizeof($blank_array) > 0) 
  {
  /*Display error message if information is not entered*/ 
    $message = "<p style='color: red; margin-bottom: 0; 
                 font-weight: bold'> 
                 You didn't fill in one or more required fields. 
                 You must enter: 
                 <ul style='color: red; margin-top: 0; 
                 list-style: none' >";
    foreach($blank_array as $value) 
    { 
       $message .= "<li>$value</li>"; 
    } 
    $message .= "</ul>"; 
    echo $message; 
    extract($good_data); 
    include("logininfo.inc"); 
    exit();    

  } 
  foreach($_POST as $field => $value) 
{ 
  if(!empty($value)) 
  { 
    $user_patt = "/^[A-Za-z0-9_]{5,20}$/";
	$pass_patt = "/(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{4,8})$/";
	if(preg_match("/user/i",$field)) 
    { 
      if(!preg_match($user_patt,$value)) 
      { 
        $error_array[] = "$value is not a valid name"; 
      } //end of username check
	}
	if(!preg_match("/pass/i",$field)) 
    { 
      if(preg_match($pass_patt,$value)) 
      { 
        $error_array[] = "Please enter a password that is between 4 to 8 characters and contains at least an letter and number"; 
      } //end of password check
	}
  } 
  $clean_data[$field] = strip_tags(trim($value)); 
} 
if(@sizeof($error_array) > 0) 
{ 
  $message = "<ul style='color: red; list-style: none' >"; 
  foreach($error_array as $value) 
  { 
    $message .= "<li>$value</li>"; 
  } 
  $message .= "</ul>"; 
  echo $message; 
  extract($clean_data); 
  include("logininfo.inc"); 
  exit(); 
} 
else 
{ 
$cxn = mysqli_connect($host,$user,$passwd,$dbname) 
             or die("Couldn't connect to server"); 
foreach($clean_data as $field => $value) 
{ 
  $clean_data[$field] = mysqli_real_escape_string($cxn,$value); 
} 
$user_nameFromForm =$_POST['user_name']; 
$passwordFromForm =$_POST['password'];
$cxn = mysqli_connect($host,$user,$passwd,$dbname) 
       or die("Can't connect"); 
$query = "SELECT * from Registration 
                   WHERE user_name='$user_nameFromForm' 
                   AND password = '$passwordFromForm'"; 
$result = mysqli_query($cxn,$query) or die("Can't Execute query"); 
$nrows = mysqli_num_rows($result); 
if($nrows > 0) 
{ 
  echo "Login is okay"; 
} 
else 
{ 
  echo "Login is invalid"; 
}
?>

CoderDan

the actual syntax error would make helping you a lot quicker and easier 🙂

frootloops

CoderDan;10917162 wrote:
the actual syntax error would make helping you a lot quicker and easier 🙂

Parse error: syntax error, unexpected $end in login_form5.php on line 104

CoderDan

you are missing a closing }
I suggest you format your code indentation all the way through, and it should become apparent where it is missing from

frootloops

Got everything working just peachy.