Same Error Message For Email Address

Hi,

I have a login script which compares a loginEmail and against an email in the database and logs the user in if they match (along with password).

However I am struggling to return a message to say that the email address is not in the database. What Im struggling to understand is that message appears when I enter a correct email address and a valid email address.

When I enter a correct email address but leave out the password it still displays the erorr message “Your email address is not registered.”

          <?php
              if(($loginEmail) != ($row['email'])) {
        $errors['falseemail1'] = "Your email address is not registered.";
    } 
    ?>    
           
          <?php if($errors['falseemail1']) print '<div class="invalid">' . $errors['falseemail1'] . ''; ?>  
 <?php
         if ($_SESSION['userLoggedIn'])
    
            session_start();
        $_SESSION['userLoggedIn'] = 0;
        $_SESSION['userEmail'] = '';
        $_SESSION['userID'] = '';
$_SESSION['userfirstname'] = '';
$_SESSION['usersurname'] = '';
$accounty = ('Y'); 

   
        // Reset errors and success messages
        $errors = array();
        $success = array();

    
    // Login attempt
    if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
    {
        $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
        $loginPassword    = trim($_POST['password']);

        
        if(count($errors) === 0)
        {
$loginPassword = md5($loginPassword);
$query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = "' . $loginPassword . '" AND accountconfirmed = "' . $accounty . '"LIMIT 1';
            $result = mysql_query($query);
           
            
            if(mysql_num_rows($result) === 1)
            {
                $row = mysql_fetch_assoc($result);
                $_SESSION['userLoggedIn'] = 1;
                $_SESSION['userEmail'] = $loginEmail;
                $_SESSION['userID'] = $row['id'];
                $_SESSION['userfirstname'] = $row['firstname'];
                $_SESSION['usersurname'] = $row['surname'];
                
                header('Location: /index1.php');
                exit;
            } 
        }
    }
    /*
      The rest of your login page code
    */ 

  // Reset errors and success messages  
    $errors = array();  
    $success = array();  
    // Login attempt  
    if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){  
        $loginEmail = trim($_POST['email']);  
        $loginPassword  = trim($_POST['password']);  

    }  
      
      
          if(!isset($loginEmail) || empty($loginEmail)) {   
        $errors['loginEmail'] = "Please enter your email address.";
    }      
      
    if(!isset($loginPassword) || empty($loginPassword)) { 
        $errors['loginPassword'] = "Please enter your password.";
    }
    

    ?>   
    
    

session_start() needs to be before any code that might need to access the $_SESSION array, preferably it should be the very first line after the initial <?php

if(($loginEmail) != ($row['email'])) {

echo the value for both of them to make sure they match up when you expect them to.

You should consider migrating from the mysql_* extension over to either the mysqli_* extension or PDO and use prepared statements. The mysql_* extension is depreciated as of php version 5.5

Many thanks,

This is for the login page so I dont have a session on this page. As soon as someone visits the page it kills the session. Should I keep the session code so that the login page doesn’t kill a session?

I have tried looking into PDO before. The first person who told me about it said it was just a different connection code but when I looked into it further it appears that much of the code is different. I spent alot of time trying to connect with PDO but couldn’t get the connection code to work so I just carried on with PHP.

Is there a basic PDO connection that I can use with PHP and then start using PDO fully once I am connecting.

http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

Have a look at the mysqli_* extension, you might find it easier to work with

Hi,

I have made a bit of progress. I can now query if the account has a Y (yes) in accountconfirmed column.

'" AND accountconfirmed = "' . $accounty . 

However this code runs whenever the page is visited. Is there a idiots guide to writing error messages?

For me this should only be displayed when someone tries log into an account which does have Y in accountconfirmed.

I can echo the Y from accounty but not the row but this comes after the query to attempt the log in.

	$accounty = ('Y');

    ?>
		
					 		  		  <?php
			  if(($accounty) != ($row['accountconfirmed'])) {
        $errors['confirmedaccount'] = "Your account has not yet been confirmed.  Please request a confirmation email.";
    }
    ?>
		
		  <?php if($errors['confirmedaccount']) print '<div class="invalid">' . $errors['confirmedaccount'] . ''; ?>