Hi,
I have a login page which I have added a number of error messages. However there is one set which I just cant get to work. The set at the bottom of the post provide when the button is pressed however they do not compare the what is being entered against what is in the database.
I’m trying to check if the email address in the database, the password matches and if the character ‘Y’ is in the “accountconfirmed” column.
Can anyone advise how I can finish these error messages off or why the are displayed as soon as the page is viewed?
<?php
if ($_SESSION['userLoggedIn'])
session_start();
$_SESSION['userLoggedIn'] = 0;
$_SESSION['userEmail'] = '';
$_SESSION['userID'] = '';
$_SESSION['userfirstname'] = '';
$_SESSION['usersurname'] = '';
// Reset errors and success messages
$errors = array();
$success = array();
if(($password) ==($row['password'])) {
$errors['incorrectpassword'] = "Your password is incorrect.";
}
if($email != ($row['email']))
$errors['incorrectpassword'] = 'Your passwords did not match.';
// Login attempt
if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
{
$loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
$loginPassword = trim($_POST['password']);
$accounty = ('y');
if(count($errors) === 0)
{
$loginPassword = md5($loginPassword);
$query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = "' . $loginPassword . '" AND accountconfirmed = "' . $accounty . '"LIMIT 1';
$result = mysql_query($query);
if (!$result)
{
die('Invalid query: ' . mysql_error());
}
if(mysql_num_rows($result) === 1)
{
$row = mysql_fetch_assoc($result);
$_SESSION['userLoggedIn'] = 1;
$_SESSION['userEmail'] = $loginEmail;
$_SESSION['userID'] = $row['id'];
$_SESSION['userfirstname'] = $row['firstname'];
$_SESSION['usersurname'] = $row['surname'];
header('Location: /index1.php');
exit;
} else {
$errors['login'] = 'No user was found with the details provided.1.';
}
}
}
/*
The rest of your login page code
*/
// Reset errors and success messages
$errors = array();
$success = array();
// Login attempt
if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){
$loginEmail = trim($_POST['email']);
$loginPassword = trim($_POST['password']);
}
if(!isset($loginEmail) || empty($loginEmail)) {
$errors['loginEmail'] = "Please enter your email.";
}
if(!isset($loginPassword) || empty($loginPassword)) {
$errors['loginPassword'] = "Please enter your password.";
}
$accounty = ('Y');
if(($email) != ($row['email'])) {
$errors['incorrectemail'] = "Your email is incorrect.";
}
if(($accounty) != ($row['accountconfirmed'])) {
$errors['confirmedaccount'] = "Your account has not yet been confirmed. Please request a confirmation email.";
}
if(($password) != ($row['password'])) {
$errors['incorrectpassword'] = "Your password is incorrect.";
}
?>
<?php if($errors['incorrectemail']) print '<div class="invalid">' . $errors['incorrectemail'] . ''; ?>
<?php if($errors['confirmedaccount']) print '<div class="invalid">' . $errors['confirmedaccount'] . ''; ?>
<?php if($errors['incorrectpassword']) print '<div class="invalid">' . $errors['incorrectpassword'] . ''; ?>