PDA

Click to See Complete Forum and Search --> : Displaying Login errors?

IliketheWeb
07-09-2006, 04:14 PM
Hey here is my script Im using to log in my clients, I know it isnt very secure and they're are some things that could be apporved upon but for now Im just trying to get the basics down. I was wanting to know how to display the errors created for the certain situation. Right now all it does it display the error in a plain white page, how can I get it to display inside the html on the page that is already showing?

<?php

// Connects to your Database
mysql_connect("localhost", "USER_NAME", "PASSWORD") or die(mysql_error());mysql_select_db("DATABASE_NAME") or die(mysql_error());


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database.');
}


while($info = mysql_fetch_array( $check ))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: client.php");
}

}

} else {

// if they are not logged in
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
#background {
position:absolute;
left:0px;
top:0px;
width:854px;
height:640px;
z-index:0;
background-image: url(images/background.jpg);
}
#clientform {
position:absolute;
left:691px;
top:534px;
width:117px;
height:95px;
z-index:2;
}
#navbg {
position:absolute;
left:607px;
top:199px;
width:228px;
height:440px;
z-index:1;
background-image: url(images/nav_bg.png);
}
#navigation {
position:absolute;
left:613px;
top:198px;
width:217px;
height:301px;
z-index:3;
}
body {
background-image: url(images/canvas.jpg);
}
#wrapper {
position:relative;
margin:0 auto;
width:854px;
height:640px;
z-index:0;
}
-->
</style>
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script type="text/JavaScript">
<!--
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
//-->
</script>
</head>

<body>
<div id="background" onload="MM_preloadImages('login/images/background.jpg')"></div>
<div id="clientform">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table width="120" border="0" cellspacing="8" cellpadding="0">
<tr>
<td><label>
<input type="text" name="username" size="15" />
</label></td>
</tr>
<tr>
<td><label>
<input type="password" name="pass" size="15" />
</label></td>
</tr>
<tr align=right>
<td><label>
<input type="submit" name="submit" value="Login" />
</label></td>
</tr>
</table>
</form>
</div>
<div id="navbg"></div>
<div id="navigation">
<script type="text/javascript">
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0','width','217','height','301','src','flash/nav','quality','high','pluginspage','http://www.macromedia.com/go/getflashplayer','wmode','transparent','movie','flash/nav' ); //end AC code
</script><noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="217" height="301">
<param name="movie" value="flash/nav.swf" />
<param name="quality" value="high" />
<param name="wmode" value="transparent" />
<embed src="flash/nav.swf" width="217" height="301" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" wmode="transparent"></embed>
</object>
</noscript></div>
</body>
</html>

<?php
}


?>
NogDog
07-09-2006, 05:06 PM
What I do is write any error messages to a variable (such as $loginError). Then at the desired point in my page where I want the message to apper if there is one, I'll do something like:

<?php
if(isset($loginError) and $loginError !== "")
{
echo "<p class='error'>$loginError</p>\n";
}
?>

Then in your stylesheet or <style> block you can define class .error to have whatever special appearance you want.
IliketheWeb
07-09-2006, 05:48 PM
Thanks for the reply, Could you tell me how to apply this to my script?
NogDog
07-09-2006, 07:27 PM
I had to rearrange things a bit, due to the original script's use of die() as a quick-and-dirty way of handling errors. However, this is untested, so save your existing script to a backup file before trying this. Also, I couldn't resist streamlining the login/password validation.)

<?php

// Connects to your Database
mysql_connect("localhost", "USER_NAME", "PASSWORD") or die(mysql_error());
mysql_select_db("DATABASE_NAME") or die(mysql_error());

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
{
// makes sure they filled it in
if($_POST['username'] and $_POST['pass'])
{
// sanitize inputs:
foreach($_POST as $key => $val)
{
if(get_magic_quotes_gpc())
{
$_POST[$key] = stripslashes($val);
}
$_POST[$key] = mysql_real_escape_string(trim($val));
}
// let's do everything in one step:
$query = "SELECT * FROM users WHERE username='".$_POST['username']."' ".
"AND `password`='" . md5($_POST['pass']) . "'";
$check = mysql_query($query)or die(mysql_error());

if(mysql_num_rows($check) == 1)
{
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: client.php");
exit; // <-- exit this script completely here
}
else
{
$error = "Invalid user name and/or password";
}
}
else
{
$error = 'You did not fill in a required field.'; // <--
}
}
// don't really need an else here, due to exit after header() above

// if they are not logged in
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
#background {
position:absolute;
left:0px;
top:0px;
width:854px;
height:640px;
z-index:0;
background-image: url(images/background.jpg);
}
#clientform {
position:absolute;
left:691px;
top:534px;
width:117px;
height:95px;
z-index:2;
}
#navbg {
position:absolute;
left:607px;
top:199px;
width:228px;
height:440px;
z-index:1;
background-image: url(images/nav_bg.png);
}
#navigation {
position:absolute;
left:613px;
top:198px;
width:217px;
height:301px;
z-index:3;
}
body {
background-image: url(images/canvas.jpg);
}
#wrapper {
position:relative;
margin:0 auto;
width:854px;
height:640px;
z-index:0;
}
.error { /* style for error message */
font-size: 110%;
font-weight: bold;
font-color: #cc0000;
}
-->
</style>
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script type="text/JavaScript">
<!--
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
//-->
</script>
</head>

<body>
<div id="background" onload="MM_preloadImages('login/images/background.jpg')"></div>
<div id="clientform">
<?php
// output error message if there is one:
if(isset($error) and $error !== "")
{
echo " <p class='error'>$error</p>\n";
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table width="120" border="0" cellspacing="8" cellpadding="0">
<!-- rest form and HTML here -->
</body>
</html>
<!-- note that the closing "}" is no longer needed, so no php code at end -->
IliketheWeb
07-09-2006, 07:37 PM
haha, thankyou very much for your help.
IliketheWeb
07-09-2006, 07:53 PM
im getting this error now

Parse error: parse error, unexpected $ in /home/spaodesi/public_html/index.php on line 164