Extending my login - not sure how to add my code block in
--0016364272102415f1048653fb06
Content-Type: text/plain; charset=ISO-8859-1
I have a login script that is great and I want to expand on this but not
sure where to place my new code I have written, I have placed it where I
thought but keep getting errors for else and others when attempting to add
this.
The code I am adding is not complete and will change, but I want to learn
where I should be placing this within this code, it will stand me in good
stead learning this as well. I thought by placing it after the if
($num_rows > 0) { section and it would perform the else request and execute
my new code, but I get syntax and } kind of errors.
[php]
<?php
// Include the connections script to make a database connection.
include("inc/connect.php");
$username = "";
$password = "";
$errorMessage = "";
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$username = $_POST['username'];
$password = $_POST['password'];
$username = htmlspecialchars($username);
$password = htmlspecialchars($password);
$db_found = mysql_select_db($db, $connection);
if ($db_found) {
$username = quote_smart($username, $connection);
$password = quote_smart($password, $connection);
$SQL = "SELECT * FROM taablea WHERE username = $username AND
password = '".md5($_POST['password'])."'";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
if ($result) {
if ($num_rows > 0) {
session_start();
$_SESSION['username'] = "$_POST[username]";
header ("Location: index.html");
}
else {
$errorMessage = "Please check your username and/or password is
correct";
}
}
else {
$errorMessage = "Please check your username and/or password is
correct";
}
mysql_close($connection);
}
else {
$errorMessage = "Please check your username and/or password is
correct";
}
}
?>
[/php]
This is my additional code that I am trying to get working so I can write it
better.
[php]
/* New Block*/
else {
session_start();
$_SESSION['attempts'] = "+1";
# setup SQL statement
$SQL = " INSERT INTO tablebtemp ";
$SQL = $SQL . " (sid, username, password, attempts,
ipaddress) VALUES ";
$SQL = $SQL . " ('$sid', '$username', '$password',
'$attempts', '$_SERVER[REMOTE_ADDR]') ";
#execute SQL statement
$result = mysql_db_query( *****,"$SQL",$connection );
# check for error
if (!$result) {
echo("ERROR: " . mysql_error() . "\n$SQL\n");
}
else {
# setup SQL statement 2
$SQL = "SELECT * FROM tablebtemp WHERE sid =
$sid";
$result = mysql_query($SQL);
if (mysql_num_rows($result) ==0) {
$errorMessage = "Please check
your username and/or password is correct";
}
else (mysql_num_rows($result) ==3) {
$errorMessage = "You are
blocked, please contact us to get unblocked.";
}
/* END */
[/php]
--0016364272102415f1048653fb06--
Re: Extending my login - not sure how to add my code block
On Tue, May 11, 2010 at 12:26 PM, Barry Zimmerman
<barryzimmo [at] googlemail.com> wrote:
> I have a login script that is great and I want to expand on this but not
> sure where to place my new code I have written, I have placed it where I
> thought but keep getting errors for else and others when attempting to ad=
d
> this.
>
> The code I am adding is not complete and will change, but I want to learn
> where I should be placing this within this code, it will stand me in good
> stead learning this as well. I thought by placing it after the =A0 =A0 =
=A0 =A0 =A0if
> ($num_rows > 0) { section and it would perform the else request and execu=
te
> my new code, but I get syntax and } kind of errors.
>
> [php]
> <?php
> // Include the connections script to make a database connection.
> =A0 =A0include("inc/connect.php");
>
> $username =3D "";
> $password =3D "";
> $errorMessage =3D "";
>
> function quote_smart($value, $handle) {
>
> =A0 if (get_magic_quotes_gpc()) {
> =A0 =A0 =A0 $value =3D stripslashes($value);
> =A0 }
>
> =A0 if (!is_numeric($value)) {
> =A0 =A0 =A0 $value =3D "'" . mysql_real_escape_string($value, $handle) . =
"'";
> =A0 }
> =A0 return $value;
> }
>
> if ($_SERVER['REQUEST_METHOD'] =3D=3D 'POST'){
> =A0 =A0$username =3D $_POST['username'];
> =A0 =A0$password =3D $_POST['password'];
>
> =A0 =A0$username =3D htmlspecialchars($username);
> =A0 =A0$password =3D htmlspecialchars($password);
>
>
> =A0 =A0$db_found =3D mysql_select_db($db, $connection);
>
> =A0 =A0if ($db_found) {
>
> =A0 =A0 =A0 =A0$username =3D quote_smart($username, $connection);
> =A0 =A0 =A0 =A0$password =3D quote_smart($password, $connection);
>
> =A0 =A0 =A0 =A0$SQL =3D "SELECT * FROM taablea WHERE username =3D $userna=
me AND
> password =3D '".md5($_POST['password'])."'";
> =A0 =A0 =A0 =A0$result =3D mysql_query($SQL);
> =A0 =A0 =A0 =A0$num_rows =3D mysql_num_rows($result);
>
>
> =A0 =A0 =A0 =A0if ($result) {
> =A0 =A0 =A0 =A0 =A0 =A0if ($num_rows > 0) {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0session_start();
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$_SESSION['username'] =3D "$_POST[username=
]";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0header ("Location: index.html");
> =A0 =A0 =A0 =A0 =A0 =A0}
>
> =A0 =A0 =A0 =A0 =A0 =A0else {
> =A0 =A0 =A0 =A0 =A0 =A0$errorMessage =3D "Please check your username and/=
or password is
> correct";
> =A0 =A0 =A0 =A0 =A0 =A0}
> =A0 =A0 =A0 =A0}
> =A0 =A0 =A0 =A0else {
> =A0 =A0 =A0 =A0 =A0 =A0$errorMessage =3D "Please check your username and/=
or password is
> correct";
> =A0 =A0 =A0 =A0}
>
> =A0 =A0mysql_close($connection);
>
> =A0 =A0}
>
> =A0 =A0else {
> =A0 =A0 =A0 =A0$errorMessage =3D "Please check your username and/or passw=
ord is
> correct";
> =A0 =A0}
>
> }
> ?>
> [/php]
>
> This is my additional code that I am trying to get working so I can write=
it
> better.
>
> [php]
>
> /* New Block*/
>
> =A0 =A0 =A0 =A0 =A0 =A0else {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0session_start();
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$_SESSION['attempts'] =3D "+1";
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0# setup SQL statement
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$SQL =3D " INSERT INTO tablebtemp ";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$SQL =3D $SQL . " (sid, username, password=
, attempts,
> ipaddress) VALUES ";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$SQL =3D $SQL . " ('$sid', '$username', '$=
password',
> '$attempts', '$_SERVER[REMOTE_ADDR]') ";
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0#execute SQL statement
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$result =3D mysql_db_query( *****,"$SQL",$=
connection );
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0# check for error
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if (!$result) {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0echo("ERROR: " . mysql_error() . "\n$SQL\n=
");
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0else {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0# setup SQL statem=
ent 2
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$SQL =3D "SELECT *=
FROM tablebtemp WHERE sid =3D
> $sid";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$result =3D mysql_=
query($SQL);
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if (mysql_=
num_rows($result) =3D=3D0) {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0$errorMessage =3D "Please check
> your username and/or password is correct";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0else (mysq=
l_num_rows($result) =3D=3D3) {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0$errorMessage =3D "You are
> blocked, please contact us to get unblocked.";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}
> /* END */
> [/php]
>
create it as a function and call that function where you need to. It
seems to be recording failures/logon attempts, so a call at else on
the checks of the initial logon would make sense.
--
Bastien
Cat, the other other white meat
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
