Solved

this login validation not working so nicely.

Posted on 2009-07-03
9
158 Views
Last Modified: 2013-12-13
ok, i know the code is probably a laugh. I've taken bits and pieces I've learnt over the last 2 days and tried to make something of this. I have a login whereby they can log in with a cellphone number or an email address.

this code below, what i want it to do is basically provide the correct feedback, so if i use the correct email but the password is wrong it tells me the password is wrong specifically rather than just saying login failed.
currently, the validation works, however if I log in correctly the first time, all good, BUT if I put the wrong password the first time, it tells me incorrect password, if i then correct the password and login again it still tells me incorrect password.

advice please.
<?php
session_start();
include 'config.php';
include 'opendb.php';
 
 
//This function will find and checks if your data is correct
function login(){
 
		//Collect your info from login form
		$loginType = $_REQUEST['loginType'];
		$cellnumber = $_REQUEST['cellphone'];
		$email = $_REQUEST['email'];
		$password = $_REQUEST['userPassword'];
	
 
			if ($loginType == "email") {
				$result = mysql_query("SELECT * FROM persons WHERE email='$email' AND password='$password'");
			} else {
				$result = mysql_query("SELECT * FROM persons WHERE cellphone ='$cellnumber' AND password='$password'");
			}
			$row = mysql_fetch_array($result);
			if ($row == null) {
				if ($loginType == "email") {
					$result2 = mysql_query("SELECT * FROM persons WHERE email='$email'");
					$row2 = mysql_fetch_array($result2);
						if ($row2 == null) {
							echo '<?xml version="1.0"?>';
						  	echo '<dataxml>';
							  echo '<row type="error">';
							  echo "<errorMsg>Email not found on system.</errorMsg>";
							   echo "</row>";
							  echo '</dataxml>';
							  die();
						} else {
							echo '<?xml version="1.0"?>';
						  	echo '<dataxml>';
							echo '<row type="error">';
							echo "<errorMsg>Incorrect Password.</errorMsg>";
							echo "</row>";
							echo '</dataxml>';
							die();
						}		
				} else if($loginType == "cellphone") {
				
					$result2 = mysql_query("SELECT * FROM persons WHERE cellphone='$cellnumber'");
					$row2 = mysql_fetch_array($result2);
							if ($row2 == null) {
							echo '<?xml version="1.0"?>';
						  	echo '<dataxml>';
							  echo '<row type="error">';
							  echo "<errorMsg>Can't find cell phone number on system.</errorMsg>";
							   echo "</row>";
							  echo '</dataxml>';
							  die();
						} else {
							echo '<?xml version="1.0"?>';
						  	echo '<dataxml>';
							echo '<row type="error">';
							echo "<errorMsg>Incorrect Password.</errorMsg>";
							echo "</row>";
							echo '</dataxml>';
							die();
						}		
				}		
			
			} else {
				
					$username = $row['firstName'];
					$id = $row['personID'];
					echo '<?xml version="1.0"?>';
                    echo '<dataxml>';
					echo '<row type="success">';
					echo "<firstname>".$row['firstName']."</firstname>";
					echo "<userID>".$row['personID']."</userID>";
					echo "</row>";
					echo '</dataxml>';
			}
					
}
 
 
login();
 
?>

Open in new window

0
Comment
Question by:blue-genie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 5

Expert Comment

by:yauhing
ID: 24770815
Please try the code, and find remark in below.
<?php
session_start();
include 'config.php';
include 'opendb.php';
  
//This function will find and checks if your data is correct
function login(){
 
                //Collect your info from login form
                $loginType = $_REQUEST['loginType'];
                $cellnumber = $_REQUEST['cellphone'];
                $email = $_REQUEST['email'];
                $password = $_REQUEST['userPassword'];
        
 
                        if ($loginType == "email") {
                        		// no need to check password now
                                $result = mysql_query("SELECT * FROM persons WHERE email='$email'");
                        } else {
                        		// no need to check password now
                                $result = mysql_query("SELECT * FROM persons WHERE cellphone ='$cellnumber'");
                        }
                        $row = mysql_fetch_array($result);
                        // mysql_fetch_array return false if no record but not null
                        if (!$row) {
                                if ($loginType == "email") {
                                	// no need to check the email again
                                	/*
                                        $result2 = mysql_query("SELECT * FROM persons WHERE email='$email'");
                                        $row2 = mysql_fetch_array($result2);
                                                if ($row2 == null) {
                                                */
                                                        echo '<?xml version="1.0"?>';
                                                        echo '<dataxml>';
                                                          echo '<row type="error">';
                                                          echo "<errorMsg>Email not found on system.</errorMsg>";
                                                           echo "</row>";
                                                          echo '</dataxml>';
                                                          die();
                                      /*
                                                }          */
                                } else if($loginType == "cellphone") {
                                		/*
                                        $result2 = mysql_query("SELECT * FROM persons WHERE cellphone='$cellnumber'");
                                        $row2 = mysql_fetch_array($result2);
                                                        if ($row2 == null) {
                                                        */
                                                        echo '<?xml version="1.0"?>';
                                                        echo '<dataxml>';
                                                          echo '<row type="error">';
                                                          echo "<errorMsg>Can't find cell phone number on system.</errorMsg>";
                                                           echo "</row>";
                                                          echo '</dataxml>';
                                                          die();
                                         /*
                                                }          */
                                }               
                        
                        } else {
                        		// check password now if record found
                                if($row['password'] == $password){
                                    $username = $row['firstName'];
                                    $id = $row['personID'];
                                    echo '<?xml version="1.0"?>';
                                    echo '<dataxml>';
                                    echo '<row type="success">';
                                    echo "<firstname>".$row['firstName']."</firstname>";
                                    echo "<userID>".$row['personID']."</userID>";
                                    echo "</row>";
                                    echo '</dataxml>';
                                } else {
                                	// show error if user found but password incorrect
	                                echo '<?xml version="1.0"?>';
                                    echo '<dataxml>';
                                    echo '<row type="error">';
                                    echo "<errorMsg>Incorrect Password.</errorMsg>";
                                    echo "</row>";
                                    echo '</dataxml>';
                                    die();
                                }
                        }
                                        
}
 
 
login();
 
?>

Open in new window

0
 
LVL 39

Author Comment

by:blue-genie
ID: 24771016
Hi yauhing.
thanks for that but it still does the same thing.
i log in with wrong password, says incorrect password.
i fix the password and login again - still says incorrect password.
0
 
LVL 5

Expert Comment

by:yauhing
ID: 24771105
I test code in my server without problem, please provide more details or links if any.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 39

Author Comment

by:blue-genie
ID: 24771145
unfortunately this is currently sitting on my test server, but i've copied and pasted your code as is.
did you test it with the wrong password, and immediately the correct password.
the form is in flash. so the browser doesn't get a refresh.
if i refresh the browser it's fine. otherwise not.
0
 
LVL 5

Accepted Solution

by:
yauhing earned 500 total points
ID: 24771146
Please make sure the content of first login page and second login page are the same. (All the fields name are the same ?)

Maybe you can try to print out the following fields to check all of them are exists and contain value:
// show error if user found but password incorrect
echo '<?xml version="1.0"?>';
echo '<dataxml>';
echo '<row type="error">';
echo "<errorMsg>Incorrect Password. loginType = $loginType | cellnumber = $cellnumber | email = $email | password = $password</errorMsg>";
echo "</row>";
echo '</dataxml>';
die();

Open in new window

0
 
LVL 39

Author Comment

by:blue-genie
ID: 24771403
oh that's interesting.
i've implemented the output that as above

if the first time i enter bob2 as password, then bob it outputs

 password = bob2 bob so it's not clearing the first value.

hmmm.
0
 
LVL 39

Author Comment

by:blue-genie
ID: 24771555
okay i've checked on the flash side, definately not caching previous entries, and then i've tried with the other field values, it's only the password that is doing this. any ideas.
0
 
LVL 39

Author Comment

by:blue-genie
ID: 24771793
okay i figured it out. mighty wierd,
but when the password is wrong, it's still in the textfield, but the carat has just changed so you can't see it.
but when doing an echo on load of the php and before calling the php on the flash side it doesnt' pick it up.

i'm done a work around for now as I don't want to spend too much time further on this as it's just a knock up prototype. I'm catching the error on flash side and emptying the textfield explicitly.
0
 
LVL 39

Author Closing Comment

by:blue-genie
ID: 31599487
thanks.
0

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question