User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Code Snippets
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 401,961 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,841 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 414 | Replies: 4
Reply
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 170
Reputation: lordx78 is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Help Error Checking Validation

  #1  
Mar 7th, 2008
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. <?php
  2. // auth.php
  3.  
  4. // start session
  5. session_start(); 
  6.  
  7. // convert username and password from _POST or _SESSION
  8. if($_POST){
  9.   $_SESSION['username']=$_POST["username"];
  10.   $_SESSION['password']=$_POST["password"];  
  11. }
  12.  
  13. // query for a user/pass match
  14. $result=mysql_query("select * from users 
  15.   where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
  16.  
  17. // retrieve number of rows resulted
  18. $num=mysql_num_rows($result); 
  19.  
  20. // print login form and exit if failed.
  21. if($num < 1){
  22.   echo "You are not authenticated.  Please login.<br><br>
  23.  
  24.   <form method=POST action=admin.php>
  25.   username: <input type=text name=\"username\">
  26.   password: <input type=password name=\"password\">
  27.   <input type=submit>
  28.   </form>";
  29.  
  30.   exit;
  31. }
  32. ?>

This code prompt out username and password if there is no session found, but if u entered a wrong username, password or even leave in blank, it will just do nothing. How to do user input error checking, like empty username/password, imvalid password.

Please advise.
"I might not be the BEST but I'm not like the REST!"
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Nov 2007
Location: Arkansas
Posts: 367
Reputation: buddylee17 will become famous soon enough buddylee17 will become famous soon enough 
Rep Power: 2
Solved Threads: 70
buddylee17's Avatar
buddylee17 buddylee17 is offline Offline
Posting Whiz

Re: Error Checking Validation

  #2  
Mar 7th, 2008
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. if(empty($_POST['username'])){
  2. echo"Please enter username";
  3. }
  4. if(empty($_POST['password'])){
  5. echo"Please enter password";
  6. }
Obviously, you could do a lot of other checks like verifying the number of characters in each field with strlen. I just listed what you asked. I would recommend that you take some basic actions against SQL injection. The function mysql_real_escape_string does a pretty good job. It should be put in after a connection to mysql has been established and before or during the query. Here is a link to the function's documentation.
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. mysql_real_escape_string(htmlspecialchars($_SESSION['username']));
  2. mysql_real_escape_string(htmlspecialchars($_SESSION['password']));
If you don't do this, a user could put ' OR ''=' in the password field and the query would let a person login without a password.
Last edited by buddylee17 : Mar 7th, 2008 at 9:44 am.
Reply With Quote  
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 170
Reputation: lordx78 is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Re: Error Checking Validation

  #3  
Mar 7th, 2008
Thanks buddylee17, the thing is, I'm calling this auth.php in every page, I've already tried the method you mentioned above, after you logged in successfully, The echo statements will be on every page that includes auth.php. Any other suggestions?
"I might not be the BEST but I'm not like the REST!"
Reply With Quote  
Join Date: Nov 2007
Location: Arkansas
Posts: 367
Reputation: buddylee17 will become famous soon enough buddylee17 will become famous soon enough 
Rep Power: 2
Solved Threads: 70
buddylee17's Avatar
buddylee17 buddylee17 is offline Offline
Posting Whiz

Re: Error Checking Validation

  #4  
Mar 7th, 2008
Not sure I understand your situation. How about a redirect to the login if the session isn't valid?
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. if(empty($_SESSION['username']) || empty($_SESSION['password'])){
  2. header ('Location:login.php?please_login');
  3. }
Reply With Quote  
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 170
Reputation: lordx78 is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 2
lordx78's Avatar
lordx78 lordx78 is offline Offline
Junior Poster

Re: Error Checking Validation

  #5  
Mar 7th, 2008
Situation:

The auth.ph was placed on every single page of my except the index.html and logout.php. I want to access direct to an admin type page (e.g. localhost/cycle/addlist.php) it would prompt a login message. If I place the
Help with Code Tags
php Syntax (Toggle Plain Text) 
  1. if(empty($_POST['username'])){
  2. echo"Please enter username";
  3. }
even after I logged in with correct username and password, the echo will be displayed on addlist.php.
"I might not be the BEST but I'm not like the REST!"
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

Register
DaniWeb PHP Marketplace
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

Thread Tools Display Modes
Linear Mode Linear Mode

algos fortitude hope struggle trial-and-error victory
Similar Threads
Other Threads in the PHP Forum

Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 6:18 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC