p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   PHP Databases (http://p2p.wrox.com/forumdisplay.php?f=97)
-   -   Login form question (http://p2p.wrox.com/showthread.php?t=6834)

Jams30 December 3rd, 2003 10:07 AM

Login form question
 
Hi

I have created a login form for users to access a site. It checks the user name submitted in a form for a match in the database - on correct submission the user is then presented with 'Logged in as $user_name of $co_name, you have logged in $login_no times' - this all works fine. The login form and the welcome message are all in one page login.php.

My question is, how do I stop the user from refreshing the page and thus incrementing the value of $login_no? Here are my thoughts - 1) Create a separate page for the welcome message (plus other information from the database that will be appended to this message) from the login form OR 2)Use sessions - I haven't played around with sessions enough yet to know whether or not they would be any use in this situation.

This is the function that is called depending on the case of a switch statement:

function welcome()
{
$connection = sql_connect();
db_connect();
global $table_name, $user_name, $user_password, $agent_name;
if (empty($user_name))
{
echo "Please enter your User Name<BR>";
login();
exit();
}
elseif (chk_user_name($user_name))
{
echo "Your user name was not recognized! Please re-enter it!<BR>";
login();
exit();
}
elseif (empty($user_password))
{
echo "Please enter your password!<BR>";
login();
exit();
}
elseif (in_use($user_password))
{
echo "Your password is incorrect! Please re-enter it!<BR>";
login();
exit();
}
else
{
global $table_name;
$query = "SELECT * FROM $table_name WHERE user_name = '$user_name'";
$result = mysql_query($query);
$query_data = mysql_fetch_array($result);
extract ($query_data);
$login_no ++;
$query2 = "UPDATE $table_name SET login_no=$login_no WHERE user_name = '$user_name'";
$result = mysql_query($query2);
echo "Logged in as $agent_name of $co_name, you have logged in $login_no times<BR>";
}

}
Presumably, if I need to use sessions, I can add them to my code at a later point?
Note that the form action is set as <?php echo $PHP_SELF ?>.

Any advice would be appreciated

Many thanks

Jamal



richard.york December 4th, 2003 12:10 PM

Code:

<?php

function welcome()
{
    $connection = sql_connect();
    db_connect();

    global $table_name, $user_name, $user_password, $agent_name;

    if (empty($user_name))
    {
        echo "<span style='color: red; font-size: 10pt;'>Please enter your User Name</span><br />";
        login();
        exit();
    }

    else if (chk_user_name($user_name))
    {
        echo "<span style='color: red; font-size: 10pt;'>Your user name was not recognized! Please re-enter it!</span><br />";
        login();
        exit();
    }

    else if (empty($user_password))
    {
        echo "<span style='color: red; font-size: 10pt;'>Please enter your password!</span><br />";
        login();
        exit();
    }

    else if (in_use($user_password))
    {
        echo "<span style='color: red; font-size: 10pt;'>Your password is incorrect! Please re-enter it!</span><br />";
        login();
        exit();
    }

    else
    {
        global $table_name;

        $query                = "SELECT * FROM $table_name WHERE user_name = '$user_name'";
        $result                = mysql_query($query);
        $query_data            = mysql_fetch_array($result);
        extract($query_data);

        $_SESSION["logged_in"] = mysql_num_rows($result);

        if ($_SESSION["logged_in"] == 1 && !isset($_SESSION["login_count"]))
        {
            $login_no++;

            $query2                  = "UPDATE $table_name SET login_no=$login_no WHERE user_name = '$user_name'";
            $result                  = mysql_query($query2);

            $_SESSION["login_count"] = true;
        }

        if ($_SESSION["logged_in"] == 1)

            echo "<span style='color: red; font-size: 10pt;'>Logged in as $agent_name of $co_name, you have logged in $login_no times</span><br />";
    }

}

?>

Well it isn't too difficult to add sessions into the mix here. For sessions to work you must make a call to session_start() at the very beginning of whatever page needs to use session data. No whitespace, no output, no anything before the opening <?php delimiter. And you also need to pass the session id.. the server will pass that id via cookies by default or you can pass the session id via url embedded arguments, which IMO is best because then you aren't relying on the user having cookies enabled.

See this thread:
http://p2p.wrox.com/topic.asp?TOPIC_ID=7205

And it would be best to avoid using deprecated HTML tags, like and <br> here is a thread that discusses why:
http://p2p.wrox.com/topic.asp?TOPIC_ID=4028

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::


All times are GMT -4. The time now is 03:40 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.