FormHandler - Forum Index / General / Login screen and POST

Forum Index / General / Login screen and POST

[ This topic is solved ]

	haste	16 February 10 / 22:51
Hi, I've imported information into a database and want to use FH to let customers edit and update their info. Before they can access the form, I want them to fill in their account number and an automaticly generated password that they receive from me. I was thinking of creating a login form and use the POST method to check the account number and password. But FH only uses the GET method to edit forms. What kind of possibilities are there to change this?

	Johan Wiegel ^(Admin)	17 February 10 / 07:39
The easiest way is to set the get var yourself after checking the login. That way it's also in possible for a customer to change the var in the url

haste

17 February 10 / 22:12

Changed at 17 February 10 / 22:14
I used this script to check the login/password:
http://www.formhandler.net/topic/1080/Doorgaan_naar_nieuw_form_na_goede_invoer.html

I'm also checking for the uid, but when I want to use this for retrieving the data in the next form, I'm getting a blank screen.

What am I doing wrong?

<?php

// wat moet er gebeuren als de login correct was?
function doLogin($data) {

global $form;

   // check de database...
   $query=
   "SELECT acc_num, password, uid FROM accpac ".
   "WHERE acc_num = '".trim(mysql_real_escape_string($form->Value("login")))."' ".
   "AND password = '".trim(mysql_real_escape_string($form->value("password")))."' ";
   $result = mysql_query( $query ) or die( mysql_error() );

        // zijn er records gevonden?
    if( mysql_result( $result, 0 ) == 0 ) {
    return "Login incorrect";
      } else {

    // haal de uid op en gebruik deze om de rest op te halen.
    $row = (mysql_fetch_assoc($result)); {

    $url = "accpac.php?uid=".$row['uid']."";
    "<script language='javascript'>\n".
    "document.location.href='".$url."';\n".
    "</script>\n";
            }
        }
    }

?>

	Johan Wiegel ^(Admin)	17 February 10 / 23:10
I think you don't have a database connection available within the function

haste

17 February 10 / 23:17

I do have a db connection.
Sorry, didn't showed the whole script:

<?php

include("FH3_v1.2.10/class.dbFormHandler.php");
require_once('config.php');

$form = new dbFormHandler();

// database informatie
$form->DBInfo     ($database, "accpac", "mysql");
$form->dbConnect ($hostname, $username, $password);

$form->textField("Login naam", "login", FH_STRING,10,10);
$form->PassField("Wachtwoord", "password", FH_PASSWORD,10,10);

// 2 fields per row
$form->setMask(
  "  <tr>\n".
  "    <td> </td>\n".
  "    <td> </td>\n".
  "    <td>%field% %field%</td>\n".
  "  </tr>\n",
  false
);

// submitbutton
$form->submitButton("Log in");
$form->cancelButton("Annuleren", "home.php");

// set the handler
$form->onCorrect("doLogin");

// flush it
$form->flush();

// wat moet er gebeuren als de login correct was?
function doLogin($data) {

global $form;

   // check de database...
   $query=
   "SELECT acc_num, password, uid FROM accpac ".
   "WHERE acc_num = '".trim(mysql_real_escape_string($form->Value("login")))."' ".
   "AND password = '".trim(mysql_real_escape_string($form->value("password")))."' ";
   $result = mysql_query( $query ) or die( mysql_error() );

        // zijn er records gevonden?
    if( mysql_result( $result, 0 ) == 0 ) {
    return "Login incorrect";
      } else {

    // haal de uid op en gebruik deze om de rest op te halen.
    $row = (mysql_fetch_assoc($result)); {

    $url = "accpac.php?uid=".$row['uid']."";
    "<script language='javascript'>\n".
    "document.location.href='".$url."';\n".
    "</script>\n";
            }
        }
    }

?>

	Johan Wiegel ^(Admin)	18 February 10 / 08:29
what if you do a print_r of $row is uid filled?

haste

18 February 10 / 09:33

I'm receiving a blank on print_r.
Changed the function to:

<?php

function doRun($data) {
        global $form;
        global $database;

        // check de database...
        mysql_select_db($database);

        $query = mysql_query(
        "SELECT acc_num, password, uid FROM accpac ".
        "WHERE acc_num = '".trim(mysql_real_escape_string($form->Value("login")))."' ".
        "AND password = '".trim(mysql_real_escape_string($form->Value("password")))."' ");

         // zijn er records gevonden?
        if (mysql_result( $query, 0 ) == 0) {
        return "Login incorrect"; } else {

        print_r(mysql_fetch_assoc($query));
        exit;

        $url = "accpac.php?uid=".$result['uid']."";
        echo
        "<script language='javascript'>\n".
        "document.location.href='".$url."';\n".
        "</script>\n";

    }
}

?>

Now I'm still receiving a blank, but when I put the print_r right after the query, then I do receive data. So like:

<?php
        $query = mysql_query(
        "SELECT acc_num, password, uid FROM accpac ".
        "WHERE acc_num = '".trim(mysql_real_escape_string($form->Value("login")))."' ".
        "AND password = '".trim(mysql_real_escape_string($form->Value("password")))."' ");

        print_r(mysql_fetch_assoc($query));
        exit;

         // zijn er records gevonden?
        if (mysql_result( $query, 0 ) == 0) {
        return "Login incorrect"; } else {

?>

Do you know why this is? It will still load the redirect page, but not with the uid.

Johan Wiegel ^(Admin)

18 February 10 / 09:46

Try this (not tested)

<?php
        $query = mysql_query(
        "SELECT acc_num, password, uid FROM accpac ".
        "WHERE acc_num = '".trim(mysql_real_escape_string($form->Value("login")))."' ".
        "AND password = '".trim(mysql_real_escape_string($form->Value("password")))."' ");

         // zijn er records gevonden?
        if( mysql_num_rows( $query ) == 0)
        {
            return "Login incorrect";
        }
        else
        {
             $result = mysql_fetch_assoc($query);
             echo $result['uid'];
             exit;
        }
?>

	haste	18 February 10 / 09:58
Thanks Johan! This does the trick. So it has got to do with the mysql_result part that made the code fail.

Top