mercredi 15 avril 2015

PHP Login (Password) Validation

I'm currently working on a project for my php course. The project involves making both a log-in and registration form, and to validate their information using an SQL query. I have most of it working, but the page will let you log in if you type an email address from the database and you put anything in the password field (regardless of it being correct). Here is the coding that I have, with the code to display the form first, named 'login.php':



<?php
ini_set("display_errors","on");
error_reporting(E_ALL | E_STRICT);
$labels = array("email" => "Email:",
"password" => "Password:");
$submit = "Submit";
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Login Form</title>
</head>

<body>
<h2>Login Form</h2>
<?php
echo "<form action='' method='POST'>";
foreach($labels as $field => $label)
{
    if($field != "password")
    {
        echo("<div class='field'><label for='$field'>$label</label>
            <input type='text' name='$field' id='$field' value='".@$$field."'></div>\n");
    }
    else
    {
        echo("<div class='field'><label for='$field'>$label</label>
            <input type='password' name='$field' id='$field' value='".@$$field."'></div>\n");
    }
}
echo"<div class='field'><input type='hidden' name='submitted' value='yes'>
    <input type='submit' name='submit' value='$submit'></div>";
?>
</body>
</html>


The following code is the validator:



<?php
ini_set("display_errors","on");
error_reporting(E_ALL | E_STRICT);
include("dbinfo2.inc");
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
</head>

<body>
<?php
if(isset($_POST['submitted']) and $_POST['submitted'] == "yes")
{
    foreach($_POST as $field => $value)
    {
        if(empty($value) or !empty($value))
        {
            $email_patt = "/^.+@.+\\..+$/";
            if(preg_match("/email/i",$field))
            {
                if(!preg_match($email_patt,$value))
                {
                    $error_array[] = $field;
                }
            }
            if(preg_match("/password/i",$field))
            {
                if(empty($value))
                {
                    $error_array[] = $field;
                }
            }
            $good_data[$field] = strip_tags(trim($value));
        }
    }
    if(@sizeof($error_array) > 0)
    {
        $message = "<p class='error'>Your login information is incorrect.</p>";
        echo $message;
        extract($good_data);
        include("login.php");
        exit();
    }
    else
    {
        $cxn = mysqli_connect($host,$user,$passwd,$dbname) or die("Couldn't connect to server.");
        foreach($good_data as $field => $value)
        {
            $clean_data[$field] = mysqli_real_escape_string($cxn,$value);
        }
        $sql = "select * from customerdata where email='$good_data[email]' and password='$good_data[password]'";
        $result = mysqli_query($cxn,$sql) or die("<p class='error'>Login information is invalid.</p>");
        include("success.php");
    }
}
else
{
    include("login.php");
}
?>
</body>
</html>


What do I need to change to make this function correctly?


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)