My PHP login system

[Greyfish]

What do you think about this PHP login system I created? Any comments or suggestions?

PHP Code:

session_start();
if(!isset($_SESSION['forgotClient'])){
$_SESSION['forgotClient'] = 0;
}

if(!isset($_SESSION['forgotPassword'])){
$_SESSION['forgotPassword'] = 0;
}

require("databaseConnect.php");

if (isset($_POST['login'])){
    $success = 0;
    $empty = 0;
    
    $client = strtolower($_POST["client"]);
    $clientPassword = $_POST["password"];
    $password = md5($_POST["password"]);

if (!empty($client)) {
    $clientQuery = "SELECT * FROM Clients WHERE client='$client'";
    $clientResult = mysql_query($clientQuery);
    
        while ($clientCheck = mysql_fetch_array($clientResult)){
            if (in_array($client, $clientCheck)) {
                $success++;
                $clientValid = "true";
                $_SESSION['forgotClient'] = 0;
            }
        }
        if (isset($clientValid)) {
            $_SESSION['remeberClient'] = ucwords($client);
            $rememberClient = "true";
        }else{
            $_SESSION['loginMessage'] = "clientInvalid";
        }
}else{
    $_SESSION['loginMessage'] = "clientEmpty";
    $empty++;
    
}

if (!empty($clientPassword)) {
    $passwordQuery = "SELECT * FROM Clients WHERE password='$password'";
    $passwordResult = mysql_query($passwordQuery);
    
        while ($passwordCheck = mysql_fetch_array($passwordResult)){
            if (in_array($password, $passwordCheck)) {
                $success++;
                $passwordValid = "true";
                $_SESSION['forgotPassword'] = 0;
            }
        }
        if (isset($passwordValid)) {
            //Password Is Valid
        }else{
            $_SESSION['loginMessage'] = "passwordInvalid";
        }
}else{    
    $_SESSION['loginMessage'] = "passwordEmpty";
    $empty++;
}

if ($empty == 2) { 
    $_SESSION['loginMessage'] = "bothEmpty";
}

if ($empty == 1) {
    if (empty($clientPassword)) {
        if (isset($clientValid)) {
            $_SESSION['loginMessage'] = "clientValidPasswordEmpty";
            $_SESSION['remeberClient'] = ucwords($client);
            $rememberClient = "true";
            $_SESSION['forgotClient'] = 0;
        }else{
            $_SESSION['loginMessage'] = "clientInvalidPasswordEmpty";
        }
    }
    if (empty($client)) {
        if (isset($passwordValid)) {
            $_SESSION['loginMessage'] = "passwordValidClientEmpty";
            $_SESSION['forgotPassword'] = 0;
        }else{
            $_SESSION['loginMessage'] = "passwordInvalidClientEmpty";
        }
    }
}

if ($empty == 0) {
    $bothQuery = "SELECT * FROM Clients WHERE client='$client' AND password='$password'";
    $bothResult = mysql_query($bothQuery);
    $bothCheck = mysql_num_rows($bothResult);

        if ($bothCheck == 1){
            $success++;
        }

        if ($success == 0){
            $_SESSION['loginMessage'] = "bothInvalid";
        }

        if ($success == 3){
            $_SESSION['loginMessage'] = "none";
            $_SESSION['client'] = $client;
            header("location: clientPage.php");
        }
    }
}//Is set

switch ($_SESSION['loginMessage']){
    case "clientInvalid":
    $_SESSION['forgotClient']++;
    break;

    case "clientInvalidPasswordEmpty":
    $_SESSION['forgotClient']++;
    break;

    case "passwordInvalid":
    $_SESSION['forgotPassword']++;
    break;

    case "passwordInvalidClientEmpty":
    $_SESSION['forgotPassword']++;
    break;
}

if ($_SESSION['forgotClient'] >= 3) {
    $_SESSION['loginMessage'] = "clientForgot";
}

if ($_SESSION['forgotPassword'] >= 3) {
    $_SESSION['loginMessage'] = "passwordForgot";
}

if ($rememberClient == "true") {
    $clientValue = $_SESSION['remeberClient'];
    $clientField = "<input type=\"text\" name=\"client\" class=\"loginField\" value=\"$clientValue\"/>\n";
}else{
    $clientField = "<input type=\"text\" name=\"client\" class=\"loginField\"/>\n";
}

switch ($_SESSION['loginMessage']){
    case "notLogged":
    $displayMessage = "true";
    $loginMessage = "You are not logged in";
    break;

    case "clientInvalid":
    $displayMessage = "true";
    $loginMessage = "Invalid Client Name";
    break;

    case "passwordInvalid":
    $displayMessage = "true";
    $loginMessage = "Invalid Password";
    break;

    case "bothInvalid":
    $displayMessage = "true";
    $loginMessage = "Invalid Client and Password";
    break;

    case "clientEmpty":
    $displayMessage = "true";
    $loginMessage = "Please Enter Client Name";
    break;

    case "passwordEmpty":
    $displayMessage = "true";
    $loginMessage = "Please Enter Your Password";
    break;

    case "bothEmpty":
    $displayMessage = "true";
    $loginMessage = "You Didn't Type Anything";
    break;

    case "clientValidPasswordEmpty":
    $displayMessage = "true";
    $loginMessage = "Please Enter Your Password";
    break;

    case "clientInvalidPasswordEmpty":
    $displayMessage = "true";
    $loginMessage = "Invalid Client, Missing Password";
    break;

    case "passwordValidClientEmpty":
    $displayMessage = "true";
    $loginMessage = "Please Enter Client Name";
    break;

    case "passwordInvalidClientEmpty":
    $displayMessage = "true";
    $loginMessage = "Invalid Password, Missing Client";
    break;

    case "clientForgot":
    $displayMessage = "true";
    $loginMessage = "Forgot Client Name? <a href=\"http://www.greyfishcreative.com/forgot\">Click Here</a>";
    break;

    case "passwordForgot":
    $displayMessage = "true";
    $loginMessage = "Forgot Password? <a href=\"http://www.greyfishcreative.com/forgot\">Click Here</a>";
    break;

    case "bothForgot":
    $displayMessage = "true";
    $loginMessage = "Forget Everything? <a href=\"http://www.greyfishcreative.com/forgot\">Click Here</a>";
    break;

    default:
    $displayMessage = "false";
    break;
} 


[scragar]

I'd be carefull. a well chosen collection of characters could easily do some damage:

PHP Code:

    $clientQuery = "SELECT * FROM Clients WHERE client='$client'"; 


imagine $client is

Code:

'; DROP TABLE Clients WHERE ''='

this will result in the query:

Code:

SELECT * FROM Clients WHERE client=''; DROP TABLE Clients WHERE ''=''

which could be very dangerous for your information. Either check for bad data, or block it using mysql_real_escape_string

[Greyfish]

Could I use preg_match to check for characters A-Z and 0-9?

[roscor]

This example will validate/check for upper and lowercase plus numbers. If text field foo needs to include spaces add a space after the underscore like so [a-zA-Z0-9_ -]

PHP Code:

 if(preg_match('/^[a-zA-Z0-9_-]{4,}$/i', $_POST['foo'])){
        $foo = $_POST['foo'];     
    }
        else {
        $error1 .= "Required! min 4";
        $errcount++;  
         } 


[chazzy]

I'd be carefull. a well chosen collection of characters could easily do some damage:

PHP Code:

    $clientQuery = "SELECT * FROM Clients WHERE client='$client'"; 


imagine $client is

Code:

'; DROP TABLE Clients WHERE ''='

this will result in the query:

Code:

SELECT * FROM Clients WHERE client=''; DROP TABLE Clients WHERE ''=''

which could be very dangerous for your information. Either check for bad data, or block it using mysql_real_escape_string

Of course, that warning only applies if the user that the app is running as has the DROP TABLE privilege. If your user only has SELECT/INSERT/UPDATE/DELETE, you have no worries.

Also, there is no where clause in the drop table statement.

[Greyfish]

Thankyou everyone for your help!

[scragar]

Of course, that warning only applies if the user that the app is running as has the DROP TABLE privilege. If your user only has SELECT/INSERT/UPDATE/DELETE, you have no worries.

Also, there is no where clause in the drop table statement.

I know there is no where clause in DROP, but for some reason my test still deleted the table(although it threw an error as well, strange behvaiour).

The query was not an example to run (since the table name would have become lower case and no longer match), however it served to point out the very real dangers of not testing or validating inputs.