开发者

check for several conditions when a user logs in

I would like to accomplish the following:

If a username or password field is null, notify the user. If user name already exists, do not insert into the database and notify user to create a different name. if the username is unique and password is not null, return the username to the user. As of now it always returns "Please enter a different user name." I believe the issue开发者_运维技巧 has to do with the database query but I am not sure. If anyone can have a look and see if I am making an error, I greatly appreciate it, thanks.

if ($userName or $userPassword = null)
{

  echo "Please enter a user name and password or return to the homepage.";

}

elseif (mysql_num_rows(mysql_query("SELECT count(userName) FROM logininfo WHERE userName = '$userName'")) ==1)

{

  echo "Please enter a different user name.";

}

elseif ($userName and $userPassword != null)

{

  echo "Your login name is: $userName";

}


if ($userName or $userPassword = null)

This checks if the $userName is true (equivalent to $userName == true), and you're assigning null to $userPassword. You want something like $userName == '' || $userPassword == ''.

"SELECT count(userName) FROM logininfo WHERE userName = '$userName'"

Risk of SQL injection. Use mysql_real_escape_string before plugging values into queries!

Also, mysql_num_rows will always return 1 row, hence this expression is always true. You need to look at the value of this one row.

elseif ($userName and $userPassword != null)

If this check was what you'd intend it to be, it'd be redundant with the first check.

Use something like this:

function validateUser($username, $password) {
    if ($username == '' || $password == '') {
        return 'Please enter a user name and password or return to the homepage.';
    }

    $query = sprintf("SELECT COUNT(*) as `count` FROM `logininfo` WHERE `userName` = '%s'",
                     mysql_real_escape_string($username));
    $result = mysql_query($query);
    if (!$result) {
        trigger_error(mysql_error());
        return false;
    }
    $result = mysql_fetch_assoc($result);
    if ($result['count'] > 0) {
        return 'Please enter a different user name.';
    }

    return "Username: $username";
}

$result = validateUser($username, $password);
if (!$result) {
    // something went wrong, deal with it
} else {
    echo htmlentities($result);
}

Note that this is still far from ideal code, but I hope you get the idea.


if ($userName or $userPassword = null)

should be

if (($userName == null) or ($userPassword == null))

However, I suspect you don't actually want to check if these are null. Assuming you're filling these variables from input fields, an empty text field is NOT null; it's an empty string. You can do !empty($userName) to check for an empty text field.

If you want to check two variable in single conditional, you have to write out each check separately - ($userName and $userPassword != null) won't work the way you expect it to, it should be ($userName != NULL and $userPassword != null).

Also, when you're checking if a variable is equal to something, you have to use the == operator. Otherwise, you're assigning the variable to that value, which is pretty much never what you want to do.


You might need the below. Very basic, though.

isset($_POST['username']) or die('username not given'); //#1
isset($_POST['password']) or die('password not given'); //#2

$escapedUsername = mysql_real_escape_string($_POST);
$result = mysql_fetch_array(mysql_query("SELECT count(userName) FROM logininfo WHERE     userName = '$escapedUsername'"))

if ($result){
    echo "Hello, $escapedUsername"; //#3
}else{
    echo "Invalid Password"; //#4
}

But may I suggest something different. Will require you to change some portions of your app though.

  • have this file as some login.php
  • Use this for login/password reset/register/etc..
  • have a GET to differentiate between these requests
  • Use AJAX.
  • In that case replace the following something like the below:
    • #1 : die('{"RESULT":"ERROR", "DESC" : "USERNAME NOT GIVEN"}');
    • #2 : die('{"RESULT":"ERROR", "DESC" : "PASSWORD NOT GIVEN"}');
    • #3 : die('{"RESULT":"ERROR", "DESC" : "INVALID USERNAME/PWD"}');
    • #4 : die('{"RESULT":"SUCCESS", "DESC" : "$escapedUsername"}'); // can also use json_encode($result) here.

These are just my suggestions. I have assumed mysql doesnt give you any problem. :-)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜