Can't Control Login Page Action on Login Error

Report · Oct 13, 2009

I'm trying to get my login page to simply display an error message and then remain open for the user to try again (used the DW server behavior generated login code). I've tried using a hidden field containing the message, and making it visible with the onclick of the submit button, and coded the login form name as the "failed" redirection page.

Here's the php script that does the login:

<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "UserLevel";
$MM_redirectLoginSuccess = "WOTCPg1.php";
$MM_redirectLoginFailed = "WOTCSignin.php";           // This is the name of this form, so on failure it redirects to itself
$MM_redirecttoReferrer = false;
mysql_select_db($database_login, $login);

$LoginRS__query=sprintf("SELECT * FROM authentication WHERE UserID=%s AND Password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

// UserID, Password, UserLevel, CustID

$LoginRS = mysql_query($LoginRS__query, $login) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);

if ($loginFoundUser) {

    $loginStrGroup = mysql_result($LoginRS,0,'UserLevel');
$custid   = mysql_result($LoginRS,0,'CustID');

    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
$_SESSION['MM_CustID']   = $custid;

if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
}
else {
    header("Location: ". $MM_redirectLoginFailed );
}
}
?>

Here's the code for the error message hidden field:


<p> <div id="error_msg" style="display: none; text-decoration: underline; color:#900; font-weight:bold; text-align: center">There was an error in your sign-in information</div>
</p>

And heres the javascript that gets executed when the submit button is pressed:

<script type="text/javascript">
function show_message() {
   var el = document.getElementById("error_msg");
       el.style.display = "block";
       return true;
}
</script>

The problem here is that, while the message does become visible, the form refreshes instantly, so the user doesn't have time to see what happened.

How can I make an error message appear and stay there while the user tries again? Then, after a certain number of failed tries, I would like to redirect to a dead-end page. Not sure how to do that, either.

Report · Oct 14, 2009

I believe that you are trying to check the username and password before the user can login. Am I right? I could suggest other method that could display the errors but it's not using javascript.

Report · Oct 15, 2009

I believe that you are trying to check the username and password before the user can login. Am I right?

Yup, I guess that's right. I'm using the DW's "Server Behavior" generated code for the user to log in, although I have modified it slightly to satisfy other needs.

I could suggest other method that could display the errors but it's not using javascript

Please, by all means, I appreciate any help I can get; I'm a newbie dinosaur (50 years as a progrmmer/analyst and 1 month into web programming). I only used javascript because I didn't know any other method. Php doesn't seem to have the capability to do those things, or if it does, I haven't been able to find out how, so any ideas you wish to share will be very much appreciated.

Report · Oct 15, 2009

This code is actually coming from David Power's book. Try use simple code below, you may add any other check as u want.

$error = array();

if(isset($_POST['username']) && empty($_POST['username'])) {

$error[] = 'Please insert username.';

}

if(isset($_POST['password']) && empty($_POST['password'])) {

$error[] = 'Please insert password.';

}

Then in html part, put this one

<?php

foreach($error as $alert) {

echo "$alert\n";

}

?>

Report · Oct 16, 2009

Thanks for the post. Maybe I should have bought his book instead of the one I did buy. Anyway, thank you, and I'll certainly try that.