On Tue, May 11, 2010 at 12:26 PM, Barry Zimmerman
<barryzimmo@xxxxxxxxxxxxxx> wrote:
> I have a login script that is great and I want to expand on this but not
> sure where to place my new code I have written, I have placed it where I
> thought but keep getting errors for else and others when attempting to add
> this.
>
> The code I am adding is not complete and will change, but I want to learn
> where I should be placing this within this code, it will stand me in good
> stead learning this as well. I thought by placing it after the if
> ($num_rows > 0) { section and it would perform the else request and execute
> my new code, but I get syntax and } kind of errors.
>
> [php]
> <?php
> // Include the connections script to make a database connection.
> include("inc/connect.php");
>
> $username = "";
> $password = "";
> $errorMessage = "";
>
> function quote_smart($value, $handle) {
>
> if (get_magic_quotes_gpc()) {
> $value = stripslashes($value);
> }
>
> if (!is_numeric($value)) {
> $value = "'" . mysql_real_escape_string($value, $handle) . "'";
> }
> return $value;
> }
>
> if ($_SERVER['REQUEST_METHOD'] == 'POST'){
> $username = $_POST['username'];
> $password = $_POST['password'];
>
> $username = htmlspecialchars($username);
> $password = htmlspecialchars($password);
>
>
> $db_found = mysql_select_db($db, $connection);
>
> if ($db_found) {
>
> $username = quote_smart($username, $connection);
> $password = quote_smart($password, $connection);
>
> $SQL = "SELECT * FROM taablea WHERE username = $username AND
> password = '".md5($_POST['password'])."'";
> $result = mysql_query($SQL);
> $num_rows = mysql_num_rows($result);
>
>
> if ($result) {
> if ($num_rows > 0) {
> session_start();
> $_SESSION['username'] = "$_POST[username]";
> header ("Location: index.html");
> }
>
> else {
> $errorMessage = "Please check your username and/or password is
> correct";
> }
> }
> else {
> $errorMessage = "Please check your username and/or password is
> correct";
> }
>
> mysql_close($connection);
>
> }
>
> else {
> $errorMessage = "Please check your username and/or password is
> correct";
> }
>
> }
> ?>
> [/php]
>
> This is my additional code that I am trying to get working so I can write it
> better.
>
> [php]
>
> /* New Block*/
>
> else {
> session_start();
> $_SESSION['attempts'] = "+1";
>
> # setup SQL statement
> $SQL = " INSERT INTO tablebtemp ";
> $SQL = $SQL . " (sid, username, password, attempts,
> ipaddress) VALUES ";
> $SQL = $SQL . " ('$sid', '$username', '$password',
> '$attempts', '$_SERVER[REMOTE_ADDR]') ";
>
> #execute SQL statement
> $result = mysql_db_query( *****,"$SQL",$connection );
>
> # check for error
> if (!$result) {
> echo("ERROR: " . mysql_error() . "\n$SQL\n");
> }
> else {
> # setup SQL statement 2
> $SQL = "SELECT * FROM tablebtemp WHERE sid =
> $sid";
> $result = mysql_query($SQL);
>
> if (mysql_num_rows($result) ==0) {
> $errorMessage = "Please check
> your username and/or password is correct";
> }
> else (mysql_num_rows($result) ==3) {
> $errorMessage = "You are
> blocked, please contact us to get unblocked.";
> }
> /* END */
> [/php]
>
create it as a function and call that function where you need to. It
seems to be recording failures/logon attempts, so a call at else on
the checks of the initial logon would make sense.
--
Bastien
Cat, the other other white meat
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
