close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Create user-login validation

Thread began 8/03/2009 2:47 pm by Paul | Last modified 9/02/2009 8:43 am by Jason Byrnes | 3667 views | 7 replies |

PaulBeta Tester

Create user-login validation

I have a login page, requiring a username and password.

Currently if either or both are entered incorrectly, the PWEmail page is displayed inviting the user to request a forgotten password.

Is there any functionality across any of the current WA applications that will validate the user and password entry against the sql table entry and display the error message (if not validated) in the login page?

Thanks, Paul.

Sign in to reply to this post

Jason ByrnesWebAssist

You would have to create two records sets, one to lookup the entered username, and another to lookup the entered password. Then you could use a show if Recordset not empty behavior for each recordset to show the correct error message and set the error message for the password recordset to include a link to the for emailPW page.

Sign in to reply to this post

DarylBeta Tester

I am having a go at this but I can't get it to work.

I have created a recordset "un"
The DB column is "un"
The text field is "username"

SELECT un
FROM users
WHERE un = colname



Colname is;
Name: colname
Type: Test
Default Value: -1
Runtime Value: $_POST['username']

I have then created a "show if recordset not empty" as follows

php:
<?php if ($totalRows_un 0) { // Show if recordset not empty ?>

   Username not recognised
<?php // Show if recordset not empty ?>



But when I submit the form with an incorrect username nothing happens.
If I change it to "show if recordset is empty" the message shows when the page loads.

Sign in to reply to this post

Jason ByrnesWebAssist

You want to use the show if recordset is empty:
<?php if ($totalRows_un > 0) { // Show if recordset not empty ?>
Username not recognised
<?php } // Show if recordset not empty ?>





but you also need to check whether the form was posted:
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { ?>
<?php if ($totalRows_un > 0) { // Show if recordset not empty ?>
Username not recognised
<?php } // Show if recordset is empty ?>
<?php } ?>

Sign in to reply to this post

DarylBeta Tester

Sorry Jason, still cant get it to work. The error message is not visible now, but is not showing with an incorrect entry

I have posted most of the page code below;

php:
<?php

if (!isset($_SESSION)) {
  
session_start();
}
?>
<?php 
require_once('../Connections/lsdogs.php');?>
<?php 
require_once( "../WA_SecurityAssist/Helper_PHP.php" ); ?><?php
if ((((isset($_POST["autologinoption"]))?$_POST["autologinoption"]:"") != ""))     {
  
setcookie("AutoLoginPWD""".((isset($_POST["userpassword"]))?$_POST["userpassword"]:"")  .""time()+(60*60*24*30), "/"""0);
}
?><?php
if ((((isset($_POST["autologinoption"]))?$_POST["autologinoption"]:"") != ""))     {
  
setcookie("AutoLoginUN""".((isset($_POST["username"]))?$_POST["username"]:"")  .""time()+(60*60*24*30), "/"""0);
}
?><?php
if ((((isset($_POST["remembermeoption"]))?$_POST["remembermeoption"]:"") != ""))     {
  
setcookie("RememberMePWD""".((isset($_POST["userpassword"]))?$_POST["userpassword"]:"")  .""time()+(60*60*24*30), "/"""0);
}
?><?php
if ((((isset($_POST["remembermeoption"]))?$_POST["remembermeoption"]:"") != ""))     {
  
setcookie("RememberMeUN""".((isset($_POST["username"]))?$_POST["username"]:"")  .""time()+(60*60*24*30), "/"""0);
}
?><?php
if (isset($_POST["LogIn_x"]) && !isset($_POST["remembermeoption"]))     {
  
setcookie("RememberMePWD"""time()+(60*60*24*30), "/"""0);
}
?><?php
if (isset($_POST["LogIn_x"]) && !isset($_POST["remembermeoption"]))     {
  
setcookie("RememberMeUN"""time()+(60*60*24*30), "/"""0);
}
?>
<?php
if(isset($_POST["LogIn_x"])){
    
$WA_Auth_Parameter = array(
    
"connection" => $lsdogs,
    
"database" => $database_lsdogs,
    
"tableName" => "users",
    
"columns" => explode($WA_Auth_Separator,"un".$WA_Auth_Separator."pw"),
    
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["username"]))?$_POST["username"]:"")  ."".$WA_Auth_Separator."".((isset($_POST["userpassword"]))?$_POST["userpassword"]:"")  .""),
    
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
    
"sessionColumns" => explode($WA_Auth_Separator,"id".$WA_Auth_Separator."f_name".$WA_Auth_Separator."s_name".$WA_Auth_Separator."unit".$WA_Auth_Separator."auth".$WA_Auth_Separator."web_admin".$WA_Auth_Separator."position".$WA_Auth_Separator."lsdogs_sec".$WA_Auth_Separator."unit_admin".$WA_Auth_Separator."a_co".$WA_Auth_Separator."assessor".$WA_Auth_Separator."lsdogs_chair".$WA_Auth_Separator."lsdogs_tre".$WA_Auth_Separator."un".$WA_Auth_Separator."pw"),
    
"sessionNames" => explode($WA_Auth_Separator,"id".$WA_Auth_Separator."f_name".$WA_Auth_Separator."s_name".$WA_Auth_Separator."unit".$WA_Auth_Separator."auth".$WA_Auth_Separator."web_admin".$WA_Auth_Separator."position".$WA_Auth_Separator."lsdogs_sec".$WA_Auth_Separator."unit_admin".$WA_Auth_Separator."a_co".$WA_Auth_Separator."assessor".$WA_Auth_Separator."lsdogs_chair".$WA_Auth_Separator."lsdogs_tre".$WA_Auth_Separator."un".$WA_Auth_Separator."pw"),
    
"successRedirect" => "index.php",
    
"failRedirect" => "Log_In.php",
    
"gotoPreviousURL" => TRUE,
    
"keepQueryString" => TRUE
    
);
    
    
WA_AuthenticateUser($WA_Auth_Parameter);
}
?>
<?php
if((((isset($_SESSION["id"]) && $_SESSION["id"] != "")?"LoggedIn":"") == "")&&(((isset($_COOKIE["AutoLoginUN"]))?$_COOKIE["AutoLoginUN"]:"") != "")&&(((isset($_COOKIE["AutoLoginPWD"]))?$_COOKIE["AutoLoginPWD"]:"") != "")){
    
$WA_Auth_Parameter = array(
    
"connection" => $lsdogs,
    
"database" => $database_lsdogs,
    
"tableName" => "users",
    
"columns" => explode($WA_Auth_Separator,"un".$WA_Auth_Separator."pw"),
    
"columnValues" => explode($WA_Auth_Separator,"".((isset($_COOKIE["AutoLoginUN"]))?$_COOKIE["AutoLoginUN"]:"")  ."".$WA_Auth_Separator."".((isset($_COOKIE["AutoLoginPWD"]))?$_COOKIE["AutoLoginPWD"]:"")  .""),
    
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
    
"sessionColumns" => explode($WA_Auth_Separator,"id".$WA_Auth_Separator."f_name".$WA_Auth_Separator."s_name".$WA_Auth_Separator."unit".$WA_Auth_Separator."position".$WA_Auth_Separator."auth".$WA_Auth_Separator."web_admin".$WA_Auth_Separator."lsdogs_sec".$WA_Auth_Separator."unit_admin".$WA_Auth_Separator."a_co".$WA_Auth_Separator."assessor".$WA_Auth_Separator."lsdogs_chair".$WA_Auth_Separator."lsdogs_tre".$WA_Auth_Separator."un".$WA_Auth_Separator."pw"),
    
"sessionNames" => explode($WA_Auth_Separator,"id".$WA_Auth_Separator."f_name".$WA_Auth_Separator."s_name".$WA_Auth_Separator."unit".$WA_Auth_Separator."position".$WA_Auth_Separator."auth".$WA_Auth_Separator."web_admin".$WA_Auth_Separator."lsdogs_sec".$WA_Auth_Separator."unit_admin".$WA_Auth_Separator."a_co".$WA_Auth_Separator."assessor".$WA_Auth_Separator."lsdogs_chair".$WA_Auth_Separator."lsdogs_tre".$WA_Auth_Separator."un".$WA_Auth_Separator."pw"),
    
"successRedirect" => "index.php",
    
"failRedirect" => "Log_In.php",
    
"gotoPreviousURL" => TRUE,
    
"keepQueryString" => TRUE
    
);
    
    
WA_AuthenticateUser($WA_Auth_Parameter);
}

if (!
function_exists("GetSQLValueString")) {
function 
GetSQLValueString($theValue$theType$theDefinedValue ""$theNotDefinedValue ""
{
  
$theValue get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  
$theValue function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch (
$theType) {
    case 
"text":
      
$theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
      break;    
    case 
"long":
    case 
"int":
      
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case 
"double":
      
$theValue = ($theValue != "") ? "'" doubleval($theValue) . "'" "NULL";
      break;
    case 
"date":
      
$theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
      break;
    case 
"defined":
      
$theValue = ($theValue != "") ? $theDefinedValue $theNotDefinedValue;
      break;
  }
  return 
$theValue;
}
}

$colname_un "-1";
if (isset(
$_POST['username'])) {
  
$colname_un = (get_magic_quotes_gpc()) ? $_POST['username'] : addslashes($_POST['username']);
}
mysql_select_db($database_lsdogs$lsdogs);
$query_un sprintf("SELECT un FROM users WHERE un = %s"GetSQLValueString($colname_un"text"));
$un mysql_query($query_un$lsdogs) or die(mysql_error());
$row_un mysql_fetch_assoc($un);
$totalRows_un mysql_num_rows($un);

$colname_pw "-1";
if (isset(
$_POST['userpassword'])) {
  
$colname_pw = (get_magic_quotes_gpc()) ? $_POST['userpassword'] : addslashes($_POST['userpassword']);
}
mysql_select_db($database_lsdogs$lsdogs);
$query_pw sprintf("SELECT pw FROM users WHERE pw = %s"GetSQLValueString($colname_pw"text"));
$pw mysql_query($query_pw$lsdogs) or die(mysql_error());
$row_pw mysql_fetch_assoc($pw);
$totalRows_pw mysql_num_rows($pw);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
<head> Code Deleted</head>
<body>
<>Menu and Header Deleted<> 
    <div id="LogInContainer" class="WAATK">
      <form  action="<?php echo ($_SERVER["PHP_SELF"].(isset($_SERVER["QUERY_STRING"])?"?".htmlentities($_SERVER["QUERY_STRING"]):""));?>" method="post" name="WAATKLogInForm" id="WAATKLogInForm">
        <h1>Log In</h1>
        <table class="WAATKDataTable" cellpadding="0" cellspacing="0" border="0">
          <tr>
            <th>User name</th>
            <td><input type="text" class="WAATKTextField" name="username" value="<?php echo((isset($_COOKIE["RememberMeUN"]) && isset($_COOKIE["RememberMePWD"]))?$_COOKIE["RememberMeUN"]:""?>"/>  
            <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { ?>
            <?php if ($totalRows_un 0) { // Show if recordset not empty ?>
                <span class="style1">Username not recognised</span>
              <?php // Show if recordset not empty ?>
            <?php ?> 
</td>
          </tr>
          <tr>
            <th>Password</th>
            <td><input type="password" class="WAATKTextField" name="userpassword" value="<?php echo((isset($_COOKIE["RememberMePWD"]))?$_COOKIE["RememberMePWD"]:""?>" />
            <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { ?>    
            <?php if ($totalRows_pw 0) { // Show if recordset not empty ?>
              <span class="style1">Password not recognised</span>
              <?php // Show if recordset not empty ?>
            <?php ?>
 </td>
          </tr>
          <tr>
            <th class="WAATKDataTableHeader"><input type="checkbox" name="remembermeoption" <?php echo((isset($_COOKIE["RememberMeUN"]))?"checked":""?> value="1" /></th>
            <td class="WAATKDataTableCell">Remember me</td>
          </tr>
          <tr>
            <th class="WAATKDataTableHeader"><input type="checkbox" name="autologinoption"  value="1" /></th>
            <td class="WAATKDataTableCell">Auto log in</td>
          </tr>
          <tr>
            <th class="WAATKDataTableHeader">&nbsp;</th>
            <td class="WAATKDataTableCell">
            <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { ?>
            <?php if ($totalRows_pw 0) { // Show if recordset not empty ?>
            <a href="Email_PW.php"> Forgotten Password </a>
            <?php // Show if recordset not empty ?>
            <?php ?>
</td>
          </tr>
        </table>
        
        <div class="WAATKButtonRow">
          <input type="image" hspace="0" vspace="0" border="0" name="LogIn" id="LogIn" value="Log In" alt="Log In"  src="../WA_SecurityAssist/images/Pacifica/Refined_login.png"  />
        </div>
      </form>
    </div>
    <!-- InstanceEndEditable --></div>
  </div>
  <div id="footer"></div>
</body>
<!-- InstanceEnd --></html>
<?php
mysql_free_result
($un);

mysql_free_result($pw);
?>
Sign in to reply to this post

Jason ByrnesWebAssist

Two problems:

2) the failed redirect for the login is set to Log_In.php, this kills the postted information and redirects back to the login page.
"failRedirect" => "Log_In.php",


change that to be blank:
"failRedirect" => "",


2) You are using show If recordset is not empty, you should be using Show If recordset is empty. Sorry, I got that backwards in my initial reply.

Sign in to reply to this post

DarylBeta Tester

Thank you very much for your persistence.

I think my main problem was the redirect as I had tried the other show if behaviour.

Thanks again!!!

Sign in to reply to this post

Jason ByrnesWebAssist

No Worries.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...