Confused with if/else if

siabanie

Can someone help me please, I am bit lost here - I try to do a form validation which validate if:

Username is empty (username cannot be emptied)
Usersame is not valid (Not in D😎
Password is empty (username cannot be emptied)
Password is not match as in DB

then, show appropriate erorr msg:

But my code isn't running as I wanted, anyone can assist me please, thanks. (Pls, include comments as it would be helpful for me)

<?php
	require 'includes/applicatio.php';


if(isset($_POST['login'])){

	//Get data
	$username = $_POST['username'];
	$password = $_POST['password'];

//Form validation if the variables both has been enter do the following
	if ($username && $password) //if password and username are empty/not enter show error msg

	{
		if (isset($username) && isset($password)) //If enter but wrong username and password show error msg
		{ 
		//Get data from DB
		$login = mysql_query ("SELECT * FROM users WHERE username = '$username'");

		while ($row = mysql_fetch_array($login))
		{

		if ($username != $row['username'] && $username == "")  //if username are empty and not valid show error msg

			if ($db_password = $row['password']) 

					//Password cannot be empty and must match if not show error msg
					if (md5($password) == $db_password){ 
					//if ((md5($password) == $db_password)&& (!$password == ""))

							$loginOk = 1;
					}else 
						$loginOk = 0;
						$error_msg =  "Invalid Password";
				//Checking loginok if the variable successful or not
				if ($loginOk == 1)
				{
					if (isset($_POST['rememberme']) && $_POST['rememberme']  == "on") {
						setcookie("username", $username, time() + 7200); 

					}
					else  if($rememberme == "")
						$_SESSION['username']=$username; 
					header("Location: userarea.php");
					exit;
				}
				//else $error_msg = "Incorrect username and password combination";
		  }
    else 
    $error_msg = "Invalid username";
  } //End While

  }
  else
   	$error_msg = "Incorrect username and password";

	}
	else
		$error_msg = "Please fill a username and password";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>

<br />
<?php
	require 'header.php';
?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<div align="center">
	<table width="263" border="1">
	<?php
		// If $error_msg not equal to emtpy then display error message
		if(isset($error_msg)) echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> 


	<tr>
		<th width="93">User Name </th>
	  <td width="154" height="30"><input type="text" name="username" /></td>
	</tr>

	<tr>
		<th>Password </th>
		<td><input type="password" name="password" /> </td>
	</tr>

	<tr>
		<td colspan="2" height="45"><input type="checkbox" name="rememberme" />Remember me</td>
	</tr>

	<tr>
	  <td height="40" colspan="2" align="center"><input type="submit" name="login" value="Login"/></td>
	</tr>
  </table>
</div>
</form>
</body>
</html>

JVassie

Having some trouble trying to understand your logic I'm afraid.

Your first if statement, and second if statement appear to do the same thing (more or less in this case anyway).

Your third if statement looks for the case where the username doesnt match the database, however your fourth if statement looks for the case where the password does match the database, which seems confusing to me.

Your first line, is the require() linking to the correct page, did you mistype application perhaps?

Your fourth if statement, you use an assignment operator (=) rather than comparison (==).

if ((md5($password) == $db_password)&& (!$password == ""))

I would change this to:

if ((md5($password) == $db_password) && ($password != ""))

In general I think you need to take another look at your logic, seperate it into steps.

Check the form was submitted
Check the username and password fields are not blank
Check the username exists in the database and retrieve password if it does
Check password from form matches password retrieved from database
If all checks are ok, then log the user in, else display error(s).

Hope this helps
James