Got the code below for a login form to check that users dont miss a field and then to check wether or not the data user and pass fields match what is in the database but i cant seem to structure my if, elseif, else statements correctly

<?php
/**
 * Checks to see if the user has submitted his
 * username and password through the login form,
 * if so, checks authenticity in database and
 * creates session.
 */

if(isset($_POST['sublogin'])){
   
   $_POST['user'] = trim($_POST['user']);
	
   /* Check that all fields were typed in */
   if(!$_POST['user'] || !$_POST['pass']){
      echo "<p>Missed a field</p>";
   }
   
   elseif(strlen($_POST['user']) > 30){
      echo "<p>Sorry too long</p>";
   }  
   
/* Checks that username is in database and password is correct */
   $md5pass = md5($_POST['pass']);
   $result = confirmUser($_POST['user'], $md5pass);

   /* Check error codes */
   elseif($result == 1){
      die('That username doesn\'t exist in our database.');
   }
   elseif($result == 2){
      die('Incorrect password, please try again.');
   }

	else{
   /* Username and password correct, register session variables */
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;

   /**
    * This is the cool part: the user has requested that we remember that
    * he's logged in, so we set two cookies. One to hold his username,
    * and one to hold his md5 encrypted password. We set them both to
    * expire in 100 days. Now, next time he comes to our site, we will
    * log him in automatically.
    */
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }
	}

   /* Quick self-redirect to avoid resending data on refresh */
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;

}
/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>

Recommended Answers

All 2 Replies

Check if this works (I just rearranged some lines):

<?php
/**
 * Checks to see if the user has submitted his
 * username and password through the login form,
 * if so, checks authenticity in database and
 * creates session.
 */

if(isset($_POST['sublogin'])){
   
   $_POST['user'] = trim($_POST['user']);
   
   /* Checks that username is in database and password is correct */
   $md5pass = md5($_POST['pass']);
   $result = confirmUser($_POST['user'], $md5pass);
	
   /* Check that all fields were typed in */
   if(!$_POST['user'] || !$_POST['pass']){
      echo "<p>Missed a field</p>";
   }
   
   elseif(strlen($_POST['user']) > 30){
      echo "<p>Sorry too long</p>";
   }  
   
   /* Check error codes */
   elseif($result == 1){
      die('That username doesn\'t exist in our database.');
   }
   elseif($result == 2){
      die('Incorrect password, please try again.');
   }

	else{
   /* Username and password correct, register session variables */
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;

   /**
    * This is the cool part: the user has requested that we remember that
    * he's logged in, so we set two cookies. One to hold his username,
    * and one to hold his md5 encrypted password. We set them both to
    * expire in 100 days. Now, next time he comes to our site, we will
    * log him in automatically.
    */
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }
	}

   /* Quick self-redirect to avoid resending data on refresh */
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;

}
/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>

Thanks but ive sorted it now, got it going like this

if(isset($_POST['sublogin'])){
   
   $_POST['user'] = trim($_POST['user']);
	
   /* Check that all fields were typed in */
   if(!$_POST['user'] || !$_POST['pass']){
      echo "<p class='log_in'>Oops!</p>";
   }
   
   
   /* Checks that username is in database and password is correct */
   $md5pass = md5($_POST['pass']);
   $result = confirmUser($_POST['user'], $md5pass);

   /* Check error codes */
   if($result == 1){
      echo "<p class='log_in'>Username not existant!</p>";
   }
   else if($result == 2){
      echo "<p class='log_in'>Password not existant!</p>";
   }

   else{
   /* Username and password correct, register session variables */
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.