Don't get error message if login name is wrong, just blank div, but I can detect wrong password if username is correct
Hey guys, I have a problem. I don't get error message if login name is wrong, just blank div, but I can detect wrong password if username is correct.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en" >
<head>
<title>Login | JM Today </title>
<link href="Mainstyles.css" type="text/css" rel="stylesheet" />
</head>
<body>
<div class="container">
<?php include("header.php"); ?>
<?php include("navbar.php"); ?>
<?php include("clea开发者_如何转开发nquery.php") ?>
<div id="wrap">
<?php
$conn=mysql_connect("localhost", "***", "***") or die(mysql_error());
mysql_select_db('jmtdy', $conn) or die(mysql_error());
$check=checklogin();
if($check == true){
confirmcookie($_SESSION['username'], $_SESSION['password']);
}
function checklogin() {
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
return true;
}
elseif(isset($_POST['sublogin'])){
if((strlen($_POST['user']) > 0) && (strlen($_POST['pass']) > 0)){
$user= mysql_real_escape_string($_POST['user']);
$pass= mysql_real_escape_string($_POST['pass']);
$result=mysql_query("select password from users where username='$user' and active='1'");
$dbArray=mysql_fetch_array(mysql_query("select username from users where username='$user' and active='1'")) or die(mysql_error());
$dbArray['username']= mysql_real_escape_string($dbArray['username']);
if($dbArray['username'] != $user){
$msg='<p class="statusmsg">The username you entered is incorrect, or you haven\'t yet activated your account. Please try again.</p><br/>';
$status="NOTOK";
}
}
else{
$msg=$msg.'<p class="statusmsg">You didn\'t fill in the required fields.</p><br/>';
$status="NOTOK";
}
if($status != "NOTOK"){
$dbArray=mysql_fetch_array($result) or die(mysql_error());
$dbArray['password']=mysql_real_escape_string($dbArray['password']);
if($dbArray['password'] == $pass){
$_SESSION['username']=$user;
$_SESSION['password']=$password;
}
else{
$msg=$msg.'<p class="statusmsg">The password you entered is incorrect.</p>';
$status="NOTOK";
}
if(isset($_POST['remember']) && $status!="NOTOK"){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}
}
if($status=="NOTOK"){
echo $msg . '<input type="button" value="Retry" onClick="location.href='."'login.php'\">";
}
else{
echo '<p class="statusmsg"> You have succesfully logged in! </p>';
}
}
else{
echo '<p class="statusmsg"> You came here by mistake, didn\'t you? </p>';
}
}
function confirmcookie($username, $password){
$result = mysql_query("select password from users where username = '$username'");
if(!$result || (mysql_num_rows($result) < 1)){
unset($_SESSION['username']);
unset($_SESSION['password']);
$msg=$msg.'<p class="statusmsg">The username you entered is incorrect or you have set an incorrect cookie</p>';
$status="NOTOK";
}
$dbarray = mysql_fetch_array($result) or die(mysql_error());
$dbarray['password'] = cleanQuery($dbarray['password']);
$password = cleanQuery($password);
if($password!=$dbarray['password']){
unset($_SESSION['username']);
unset($_SESSION['password']);
$msg=$msg.'<p class="statusmsg">The password you entered is incorrect or you have set an incorrect cookie.</p>';
$status="NOTOK";
}
if($status == "NOTOK" ){
echo $msg;
}
else{
header('Refresh: 5; URL="homepage.php"');
}
}
?>
</div>
<br/>
<br/>
<?php include("footer.php") ?>
</div>
</body>
</html>
You assume that you always get a resultset for
select password from users where username='$user' and active='1'
there is no branch if it doesn't.
Leave the whole thing if
mysql_num_rows($result)
returns 0
精彩评论