Hi,
I have a login script which compares a loginEmail and against an email in the database and logs the user in if they match (along with password).
However I am struggling to return a message to say that the email address is not in the database. What Im struggling to understand is that message appears when I enter a correct email address and a valid email address.
When I enter a correct email address but leave out the password it still displays the erorr message “Your email address is not registered.”
<?php
if(($loginEmail) != ($row['email'])) {
$errors['falseemail1'] = "Your email address is not registered.";
}
?>
<?php if($errors['falseemail1']) print '<div class="invalid">' . $errors['falseemail1'] . ''; ?>
<?php
if ($_SESSION['userLoggedIn'])
session_start();
$_SESSION['userLoggedIn'] = 0;
$_SESSION['userEmail'] = '';
$_SESSION['userID'] = '';
$_SESSION['userfirstname'] = '';
$_SESSION['usersurname'] = '';
$accounty = ('Y');
// Reset errors and success messages
$errors = array();
$success = array();
// Login attempt
if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
{
$loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
$loginPassword = trim($_POST['password']);
if(count($errors) === 0)
{
$loginPassword = md5($loginPassword);
$query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = "' . $loginPassword . '" AND accountconfirmed = "' . $accounty . '"LIMIT 1';
$result = mysql_query($query);
if(mysql_num_rows($result) === 1)
{
$row = mysql_fetch_assoc($result);
$_SESSION['userLoggedIn'] = 1;
$_SESSION['userEmail'] = $loginEmail;
$_SESSION['userID'] = $row['id'];
$_SESSION['userfirstname'] = $row['firstname'];
$_SESSION['usersurname'] = $row['surname'];
header('Location: /index1.php');
exit;
}
}
}
/*
The rest of your login page code
*/
// Reset errors and success messages
$errors = array();
$success = array();
// Login attempt
if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){
$loginEmail = trim($_POST['email']);
$loginPassword = trim($_POST['password']);
}
if(!isset($loginEmail) || empty($loginEmail)) {
$errors['loginEmail'] = "Please enter your email address.";
}
if(!isset($loginPassword) || empty($loginPassword)) {
$errors['loginPassword'] = "Please enter your password.";
}
?>