matleeds Posted November 22, 2011 Share Posted November 22, 2011 Hi, I've inherited some html/php code (lucky me) and it's been years since i've played with it so I'm quite rusty. Anyway, I have a fairly bog standard login process and wish to simply display some text on the login page if the login detail is invalid and possibly log the error to a log file too. here's the index.php file...the login stuff is at the bottom <?php $dir = dirname(__FILE__); require_once "$dir/ot/ot.php"; ot::include_view('header', array('account' => null)) ?> <html> <head> <title>Welcome to ....</title> </head> <body style="font-size: 14pt; font-family=verdana;"> <div><img src="OTLogo1.bmp"/><h1> Welcome to ...</h1> </div> <?php if (!empty($account)): ?> <div style="border-bottom: 1px dotted #AAA; padding-bottom: 2px; margin-bottom: 10px;"> <div style="float: left"> <?php $mtime = (int)@file_get_contents(otDB_DIR."/updated"); $date = date("d/m/Y", $mtime); $time = date("G:i", $mtime); if ($mtime > 0) { echo "Last Updated $date at $time"; } ?> </div> <div style="float: right">Welcome, <?php echo $account->email;?> - <a href="?page=home">Home</a> - <?php ot::include_view('logout_link')?></div> <div style="clear: both"></div> </div> <?php if (ot::is_admin()) { ot::include_view('admin_page'); } else { ot::include_view('user_page'); } ?> <?php else: ?> <p>Please login below.</p> <?php ot::include_view('login_form')?> <?php endif; ?> </body> </html> here's login_form.php <form action='<?php echo $_SERVER['REQUEST_URI']?>' method='post' > <fieldset> <legend>Login</legend> <p>Email:<br/><input type='text' name='email' /></p> <p>Password:<br/><input type='password' name='pwd' /></p> <!-- <p><input type='submit' name='do_login' value='Login' /> <input type='submit' name='do_reset_password' value='Reset Password' /></p> --> <p><input type='submit' name='do_login' value='Login'/> </p> </fieldset> </form> and here's the function do_login (contained in ot.php..a php function file) public static function do_login(&$err="") { $adb = ot::db('account'); $e = self::post('email'); $p = self::post('pwd', '', false); if (self::post('do_login') && $e && $p) { $ao = self::account_from('email', $e); if ($ao) { if (self::validate_login($e, $p, $ao)) { $_SESSION['id'] = $ao->id; return $ao; } } $err = "Invalid email or password"; return false; } } I'm unclear if the do_login fails as to how that ($err) is fed back to the web pages. Any assistance would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
requinix Posted November 22, 2011 Share Posted November 22, 2011 Use the function like $message = null; $success = ot::do_login($message); If $success then all's good and if !$success then $message will contain the error message (which, as it stands now, will always be "Invalid email or password"). The &$err in the do_login declaration means that $err is passed by-reference. If you give the function a variable (has to be a variable) then do_login can modify it. If $err was passed by-value (ie, just $err) then do_login would only be modifying its copy of the variable - not the original one you passed in. Quote Link to comment Share on other sites More sharing options...
matleeds Posted November 22, 2011 Author Share Posted November 22, 2011 Hi there, I follow the logic in what your says but I'm unsure where I'd put that code? In index.php, somewhere round <?php else: ?> <p>Please login below.</p> <?php ot::include_view('login_form')?> <?php endif; ?> or the login_form.php <p><input type='submit' name='do_login' value='Login'/> </p> Quote Link to comment Share on other sites More sharing options...
requinix Posted November 22, 2011 Share Posted November 22, 2011 Somewhere is code that calls do_login(). That's the first change. The second is getting the error message back into the form, but how depends on where that code was. Quote Link to comment Share on other sites More sharing options...
matleeds Posted November 22, 2011 Author Share Posted November 22, 2011 the function do_login() is taken from the form <input> tag <p><input type='submit' name='do_login' value='Login'/> </p> and the file ot.php which holds it is included in index.php (see the top part of that code) which is called on the form submit, the $_server['request_uri'] equating to index.php <form action='<?php echo $_SERVER['REQUEST_URI']?>' method='post' > as i mentioned, i inherited this code, so the previous coder was either very good at php or has created a spagatti monster ( coder's rule no. 3 - blame the previous coder where ever possible so, i'm still stumped. Quote Link to comment Share on other sites More sharing options...
requinix Posted November 22, 2011 Share Posted November 22, 2011 Unless you're telling me that submit button's name determines which function gets called, that button is completely separate from the code. Some PHP code is calling the do_login() function. That's what needs to change. Quote Link to comment Share on other sites More sharing options...
matleeds Posted November 23, 2011 Author Share Posted November 23, 2011 yes I am saying that the submit button name element is stating the name of the do_login function. Quote Link to comment Share on other sites More sharing options...
requinix Posted November 23, 2011 Share Posted November 23, 2011 Okay. Then somewhere there is code that looks at $_POST and figures out what function to call. Find that code. Quote Link to comment Share on other sites More sharing options...
matleeds Posted November 24, 2011 Author Share Posted November 24, 2011 I've got it sorted thanks. In the do_login fucntion I've add a 'error' variable to the SESSION and pick up on this when the focus returns to the index/form. In short, I've learned that using the SESSION to handle messages fed back to the user/web pages is good practice. thanks fo ryou help tho. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.