Extending my login - not sure how to add my code block in
in [Databases]
|
From: Barry Zimmerman on 11 May 2010 12:26 I have a login script that is great and I want to expand on this but not sure where to place my new code I have written, I have placed it where I thought but keep getting errors for else and others when attempting to add this. The code I am adding is not complete and will change, but I want to learn where I should be placing this within this code, it will stand me in good stead learning this as well. I thought by placing it after the if ($num_rows > 0) { section and it would perform the else request and execute my new code, but I get syntax and } kind of errors. [php] <?php // Include the connections script to make a database connection. include("inc/connect.php"); $username = ""; $password = ""; $errorMessage = ""; function quote_smart($value, $handle) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value, $handle) . "'"; } return $value; } if ($_SERVER['REQUEST_METHOD'] == 'POST'){ $username = $_POST['username']; $password = $_POST['password']; $username = htmlspecialchars($username); $password = htmlspecialchars($password); $db_found = mysql_select_db($db, $connection); if ($db_found) { $username = quote_smart($username, $connection); $password = quote_smart($password, $connection); $SQL = "SELECT * FROM taablea WHERE username = $username AND password = '".md5($_POST['password'])."'"; $result = mysql_query($SQL); $num_rows = mysql_num_rows($result); if ($result) { if ($num_rows > 0) { session_start(); $_SESSION['username'] = "$_POST[username]"; header ("Location: index.html"); } else { $errorMessage = "Please check your username and/or password is correct"; } } else { $errorMessage = "Please check your username and/or password is correct"; } mysql_close($connection); } else { $errorMessage = "Please check your username and/or password is correct"; } } ?> [/php] This is my additional code that I am trying to get working so I can write it better. [php] /* New Block*/ else { session_start(); $_SESSION['attempts'] = "+1"; # setup SQL statement $SQL = " INSERT INTO tablebtemp "; $SQL = $SQL . " (sid, username, password, attempts, ipaddress) VALUES "; $SQL = $SQL . " ('$sid', '$username', '$password', '$attempts', '$_SERVER[REMOTE_ADDR]') "; #execute SQL statement $result = mysql_db_query( *****,"$SQL",$connection ); # check for error if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n"); } else { # setup SQL statement 2 $SQL = "SELECT * FROM tablebtemp WHERE sid = $sid"; $result = mysql_query($SQL); if (mysql_num_rows($result) ==0) { $errorMessage = "Please check your username and/or password is correct"; } else (mysql_num_rows($result) ==3) { $errorMessage = "You are blocked, please contact us to get unblocked."; } /* END */ [/php]
From: Bastien Koert on 11 May 2010 14:41 On Tue, May 11, 2010 at 12:26 PM, Barry Zimmerman <barryzimmo(a)googlemail.com> wrote: > I have a login script that is great and I want to expand on this but not > sure where to place my new code I have written, I have placed it where I > thought but keep getting errors for else and others when attempting to add > this. > > The code I am adding is not complete and will change, but I want to learn > where I should be placing this within this code, it will stand me in good > stead learning this as well. I thought by placing it after the if > ($num_rows > 0) { section and it would perform the else request and execute > my new code, but I get syntax and } kind of errors. > > [php] > <?php > // Include the connections script to make a database connection. > include("inc/connect.php"); > > $username = ""; > $password = ""; > $errorMessage = ""; > > function quote_smart($value, $handle) { > > if (get_magic_quotes_gpc()) { > $value = stripslashes($value); > } > > if (!is_numeric($value)) { > $value = "'" . mysql_real_escape_string($value, $handle) . "'"; > } > return $value; > } > > if ($_SERVER['REQUEST_METHOD'] == 'POST'){ > $username = $_POST['username']; > $password = $_POST['password']; > > $username = htmlspecialchars($username); > $password = htmlspecialchars($password); > > > $db_found = mysql_select_db($db, $connection); > > if ($db_found) { > > $username = quote_smart($username, $connection); > $password = quote_smart($password, $connection); > > $SQL = "SELECT * FROM taablea WHERE username = $username AND > password = '".md5($_POST['password'])."'"; > $result = mysql_query($SQL); > $num_rows = mysql_num_rows($result); > > > if ($result) { > if ($num_rows > 0) { > session_start(); > $_SESSION['username'] = "$_POST[username]"; > header ("Location: index.html"); > } > > else { > $errorMessage = "Please check your username and/or password is > correct"; > } > } > else { > $errorMessage = "Please check your username and/or password is > correct"; > } > > mysql_close($connection); > > } > > else { > $errorMessage = "Please check your username and/or password is > correct"; > } > > } > ?> > [/php] > > This is my additional code that I am trying to get working so I can write it > better. > > [php] > > /* New Block*/ > > else { > session_start(); > $_SESSION['attempts'] = "+1"; > > # setup SQL statement > $SQL = " INSERT INTO tablebtemp "; > $SQL = $SQL . " (sid, username, password, attempts, > ipaddress) VALUES "; > $SQL = $SQL . " ('$sid', '$username', '$password', > '$attempts', '$_SERVER[REMOTE_ADDR]') "; > > #execute SQL statement > $result = mysql_db_query( *****,"$SQL",$connection ); > > # check for error > if (!$result) { > echo("ERROR: " . mysql_error() . "\n$SQL\n"); > } > else { > # setup SQL statement 2 > $SQL = "SELECT * FROM tablebtemp WHERE sid = > $sid"; > $result = mysql_query($SQL); > > if (mysql_num_rows($result) ==0) { > $errorMessage = "Please check > your username and/or password is correct"; > } > else (mysql_num_rows($result) ==3) { > $errorMessage = "You are > blocked, please contact us to get unblocked."; > } > /* END */ > [/php] > create it as a function and call that function where you need to. It seems to be recording failures/logon attempts, so a call at else on the checks of the initial logon would make sense. -- Bastien Cat, the other other white meat
|
Pages: 1 Prev: PDO + The Role of PHP + SQLite - Am I missing something? Next: Major Cookie Problem |