[Mister_Mac]

Hi everybody,

I have this php login script which I would like to use with an HTML login page my group mate created.

Now I know from previous post that login should be best handled with just a php script alone, however for the sake of keeping things civil and easy
for group-mate, I would like to know how can I use this php login form with the html form method = "post" action = "".

I am thinking that I should just remove the print '<form action="login.php".....> section of my code but, will that work and is there a better way (other than obviously just using the PHP form alone) to do this.?

I am enclosing my php form first and then my classmates html form second.

Thank you in advance for all your help!

M_M

 <?php
//login php 

//in theory:use the compare example from the passwords in the register.php file downloaded from the internet and the pull user, store them into two variables and see if the variables match if not, try again.

// connect to database

//basic variables: the database address, SQL username and password, and database name

$config['address'] = 'localhost';
$config['username'] = 'cmpt'; //Can be changed.
$config['password'] = 'ZuvRMpn38FzZcbzz'; //Can be changed If there is a password to the sql database or removed
$config['databasename'] = 'customers'; //can be changed.
$userNameVariable = mysql_query("SELECT uname FROM customers");
$userPasswordVariable = mysql_query("SELECT pword FROM customers");

mysql_connect($config['address'], $config['username'], $config['password']);
mysql_select_db($config['databasename']);

define ('TITLE', 'Login');

print '<h1>Login Form </h1>
		<p> Welcome to JAD Computing, please log in to experience the full site, thank you. </p>';
	// Check if the form has been submitted:
//try a for loop

//if (isset($_POST['email'])) && (!empty($_post['password'])) ) {
//	if ( (strtolower($_POST['email']) == mysql_query("SELECT * FROM customers WHERE username

if ( isset($_POST['submitted']))
{

//Handle the form
if ((!empty($_POST['email'])) && (!empty($_POST['password'])) ) {
if ( (strtolower($_POST['email']) == $userNameVariable ) && ($_POST['password'] == $userPassword)) { //if corect
//Do session stuff:
session_start();
$_SESSION['email'] = $_POST['email'];
$_Session['loggedin'] = time();
//Redirect the user to the welcome page!
ob_end_clean(); //destroy the buffer
header ('Location: welcome.php');
exist();

} else { // If incorrect!
	print '<p> The submitted email address and password do not match those on file! <br /> Go back and try again</p>';
	
	}
	
	} else { //Forgot a field.
	
	print '<p>Please make sure you enter both an email address and a password! <br /> Go back and try again.</p>';
	
	}
	} else { //Display the form for testing reasons.
	
print '<form action="login.php" method="post">
	<p>Email Address: <input type="text" name="email" size="20" /></p>
	<p>Password: <input type="password" name="password" size="20" /></p>
	<p><input type="submit" name="submit" value="Log In!" /></p>
	<input type="hidden" name="submitted" value="true" />
	</form>';
}

?> 

html form

 <?xml version = "1.0" encoding = "utf-8"?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"



   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">



<html xmlns = "http://www.w3.org/1999/xhtml">
	<head>
		<title> J.A.D. Computing Login Page </title>
		<!-- This page will serve as the login page for the website -->
		<!-- If a user has an account they will enter their login name and pass -->
		<!-- word, and if they don't they have the option to register for one -->
		<!-- It should be noted that only registered users can access the entire -->
		<!-- website. -->
		
	</head>
	
<style type="text/css">
.vert {background-image: url(computer.jpg); background-repeat: repeat-y;background-position: right;}
a:hover {background-color:pink}

</style>

	<body bgcolor = 'silver' class = "vert"> 
	
	<center>
		<h1> Welcome to JAD Computing </h1>
		<h4> Please Log in Below </h4>
		
	
		<form method = "post" action = " " >
	<p>
		User Name: <input type="text" name="UserName" onfocus="this.style.background='#ff0000'" onblur="this.style.background='#00ffff'" size=�25� id="UserName" />
		<br /> 

		Password: <input type = "password" name="password" onfocus="this.style.background='#FF0000'" onblur="this.style.background='#FF00FF'" size=�25� id="Password" />
		<br /> 

		<input type = "submit" value = "Submit" /> <input type = "reset" value = "Reset" />
		<br />
	</p>

	</center>
	
</form>
	


		<form method = "post" action = "delete.php " >
	<p>
		Last Name <input type="text" name="LastName" size=�25� id="LastName" />
	<br /> <input type = "submit" value = "Submit" /> <input type = "reset" value = "Reset" />
	
	</p>


<p>
<br />
	<br />
	</p>
	
</form>	  


<center> 

<h4>New Users, create account below </h4>

<form method="post" action="registration2.php" >

Firstname: <input type="text" name="firstname" /> <br />

Lastname: <input type="text" name="lastname" /> <br />

User Name: <input type="text" name="uname" /> <br />

Password: <input type="password" name="pword" /> <br />

Street Address: <input type="text" name="street" /> <br />

City: <input type="text" name="city" /> <br />

State: <input type="text" name="state" /> <br />

Zip Code: <input type="text" name="zip" /> <br />

<input type="submit" />

</form>



</center>


	</body>
	</html> 

[codeprada]

Why is line 17 and 18 after 15 and 16? You can't talk to someone on a phone before the phone company connects you . It's the same with databases.

You are also fetching data incorrectly.

$userNameVariable and $userPassword are RESULTS which are resources. No need for 2 queries. This will suffice

"SELECT COUNT(*) total FROM customers WHERE username = '$username' AND password = '$password'"

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$results = mysql_query("SELECT COUNT(*) total FROM customers WHERE username = '$username' AND password = '$password'");
$row = mysql_fetch_assoc($results);
if($row == 1)
{
	//user exists
}
else
{
	//invalid login
}

You have ob_end_clean() without a ob_start().

Line 42...unless you capture all the output using ob_start() your print function on Line 22 will cause your header() function to throw an error.

Instead of using PHP to print html to the screen you can easily just type it in...

<?php if(true) {
	?>
	<p>The if statement is true</p>
<?php } else { ?>
	<p>The if statement is false</p>
<?php } ?>

It's good practice to separate your HTML from PHP.

And finally...Don't make duplicate threads!!

This post has been edited by codeprada: 03 May 2011 - 11:25 AM

[Mister_Mac]

Thank you for your input codeprada,let me start off by explaining about the apparent duplicate post, I had a new question and thought it was appropriate to place that in a new post whereas it would be off-topic for my old post. If that was incorrect of me I apologize.

Quote

Why is line 17 and 18 after 15 and 16? You can't talk to someone on a phone before the phone company connects you . It's the same with databases.

I wasn't aware of that, I thought that like Java variables need to be defined at the top of the code.

Quote

You have ob_end_clean() without a ob_start().

I don't know how the "ob" function works, I just copied the rest of the code from my professors example as is.

Thank you for all the code recommendations, I will try to implement them.

M_M