Need help with login page in PHP

[siroisv]

Im trying to create a simple login page. I need for both user and password fields to match to validate the user, but if only user or password is filled the user with still have access. Took some code from Advanced filemaker pro 6 Web Development book but still doesnt work. Here's my code for my result page.

<?php

include_once('FX/FX.php');

include_once('FX/server_data.php');

include_once('FX/FMErrors.php');

$search=new FX($serverIP,$webCompanionPort);

$search->SetDBData ("db.fp5","main");

$search->SetDBPassword ("123");

$search->AddDBParam('user',$_POST['user'], 'eq');

$search->AddDBParam('pass',$_POST['pass'], 'eq');

$searchResult=$search->FMFind();

if ($searchResult['foundCount']==1)

{

include ("loginres.php");

}

else

{

include ("loginerror.php");

}

?>

[siroisv]

Im trying to create a simple login page. I need for both user and password fields to match to validate the user, but if only user or password is filled the user with still have access. Took some code from Advanced filemaker pro 6 Web Development book but still doesnt work. Here's my code for my result page.

<?php

include_once('FX/FX.php');

include_once('FX/server_data.php');

include_once('FX/FMErrors.php');

$search=new FX($serverIP,$webCompanionPort);

$search->SetDBData ("db.fp5","main");

$search->SetDBPassword ("123");

$search->AddDBParam('user',$_POST['user'], 'eq');

$search->AddDBParam('pass',$_POST['pass'], 'eq');

$searchResult=$search->FMFind();

if ($searchResult['foundCount']==1)

{

include ("loginres.php");

}

else

{

include ("loginerror.php");

}

?>

[siroisv]

Im trying to create a simple login page. I need for both user and password fields to match to validate the user, but if only user or password is filled the user with still have access. Took some code from Advanced filemaker pro 6 Web Development book but still doesnt work. Here's my code for my result page.

<?php

include_once('FX/FX.php');

include_once('FX/server_data.php');

include_once('FX/FMErrors.php');

$search=new FX($serverIP,$webCompanionPort);

$search->SetDBData ("db.fp5","main");

$search->SetDBPassword ("123");

$search->AddDBParam('user',$_POST['user'], 'eq');

$search->AddDBParam('pass',$_POST['pass'], 'eq');

$searchResult=$search->FMFind();

if ($searchResult['foundCount']==1)

{

include ("loginres.php");

}

else

{

include ("loginerror.php");

}

?>

[Garry Claridge]

Here is one that works for me:

// handle a new login

$Query->AddDBParam("last_name", "==");

$Query->AddDBParam("last_name", $_POST["name"]);

$Query->AddDBParam("Password", "==");

$Query->AddDBParam("Password", $_POST["password"]);

Good Luck.

Garry

[Garry Claridge]

Here is one that works for me:

// handle a new login

$Query->AddDBParam("last_name", "==");

$Query->AddDBParam("last_name", $_POST["name"]);

$Query->AddDBParam("Password", "==");

$Query->AddDBParam("Password", $_POST["password"]);

Good Luck.

Garry

[Steve T.]

Hi, s! Gary's use of the "==" forces an EXACT SEARCH, which means that if someone submits a NULL or "" for either of the fields, then it will not match. You could also use JavaScript to check to make sure fields are not empty before submitting the form. I haven't really checked out FX.php yet, though.

--ST

[mlindal]

Using Java in the preposting page to check for empty fields is a more eligant way as Steve suggested.

I also prefer to capture the posting variables before the query. I have seen some circumstances where putting $_POST['variable'] directly into the AddDBParam crashes the code (dont ask me why).

$user=$_REQUEST['user'] //$_REQUEST works in replace of both $_POST, $_GET, etc

$pass=$_REQUEST['pass']

Then the code that Gary suggested. but you could add an if statement to check the fields first:

if($user!='' && $pass!='') {

$Query->AddDBParam("last_name", "==");

$Query->AddDBParam("last_name", $user);

$Query->AddDBParam("Password", "==");

$Query->AddDBParam("Password", $pass);

}