check for several conditions when a user logs in
I would like to accomplish the following:
If a username or password field is null, notify the user. If user name already exists, do not insert into the database and notify user to create a different name. if the username is unique and password is not null, return the username to the user. As of now it always returns "Please enter a different user name." I believe the issue开发者_运维技巧 has to do with the database query but I am not sure. If anyone can have a look and see if I am making an error, I greatly appreciate it, thanks.
if ($userName or $userPassword = null)
{
echo "Please enter a user name and password or return to the homepage.";
}
elseif (mysql_num_rows(mysql_query("SELECT count(userName) FROM logininfo WHERE userName = '$userName'")) ==1)
{
echo "Please enter a different user name.";
}
elseif ($userName and $userPassword != null)
{
echo "Your login name is: $userName";
}
if ($userName or $userPassword = null)
This checks if the $userName
is true
(equivalent to $userName == true
), and you're assigning null
to $userPassword
. You want something like $userName == '' || $userPassword == ''
.
"SELECT count(userName) FROM logininfo WHERE userName = '$userName'"
Risk of SQL injection. Use mysql_real_escape_string
before plugging values into queries!
Also, mysql_num_rows
will always return 1 row, hence this expression is always true
. You need to look at the value of this one row.
elseif ($userName and $userPassword != null)
If this check was what you'd intend it to be, it'd be redundant with the first check.
Use something like this:
function validateUser($username, $password) {
if ($username == '' || $password == '') {
return 'Please enter a user name and password or return to the homepage.';
}
$query = sprintf("SELECT COUNT(*) as `count` FROM `logininfo` WHERE `userName` = '%s'",
mysql_real_escape_string($username));
$result = mysql_query($query);
if (!$result) {
trigger_error(mysql_error());
return false;
}
$result = mysql_fetch_assoc($result);
if ($result['count'] > 0) {
return 'Please enter a different user name.';
}
return "Username: $username";
}
$result = validateUser($username, $password);
if (!$result) {
// something went wrong, deal with it
} else {
echo htmlentities($result);
}
Note that this is still far from ideal code, but I hope you get the idea.
if ($userName or $userPassword = null)
should be
if (($userName == null) or ($userPassword == null))
However, I suspect you don't actually want to check if these are null. Assuming you're filling these variables from input fields, an empty text field is NOT null; it's an empty string. You can do !empty($userName)
to check for an empty text field.
If you want to check two variable in single conditional, you have to write out each check separately - ($userName and $userPassword != null)
won't work the way you expect it to, it should be ($userName != NULL and $userPassword != null)
.
Also, when you're checking if a variable is equal to something, you have to use the ==
operator. Otherwise, you're assigning the variable to that value, which is pretty much never what you want to do.
You might need the below. Very basic, though.
isset($_POST['username']) or die('username not given'); //#1
isset($_POST['password']) or die('password not given'); //#2
$escapedUsername = mysql_real_escape_string($_POST);
$result = mysql_fetch_array(mysql_query("SELECT count(userName) FROM logininfo WHERE userName = '$escapedUsername'"))
if ($result){
echo "Hello, $escapedUsername"; //#3
}else{
echo "Invalid Password"; //#4
}
But may I suggest something different. Will require you to change some portions of your app though.
- have this file as some login.php
- Use this for login/password reset/register/etc..
- have a GET to differentiate between these requests
- Use AJAX.
- In that case replace the following something like the below:
- #1 :
die('{"RESULT":"ERROR", "DESC" : "USERNAME NOT GIVEN"}');
- #2 :
die('{"RESULT":"ERROR", "DESC" : "PASSWORD NOT GIVEN"}');
- #3 :
die('{"RESULT":"ERROR", "DESC" : "INVALID USERNAME/PWD"}');
- #4 :
die('{"RESULT":"SUCCESS", "DESC" : "$escapedUsername"}'); // can also use json_encode($result) here.
- #1 :
These are just my suggestions. I have assumed mysql doesnt give you any problem. :-)
精彩评论