Reputation: 49
Use multiple name for an input type
This is the code line for user login in which user logs in through his user name. i want to edit it in such a way that it lets user login from both email id or user name. i think we will have to use two name but syntax won't be right then. tell a way to do so.
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-ZA-z0-9]#i', '',$_POST["user_login"]); //filter everything but numbers and letters
$password_login = preg_replace('#[^A-ZA-z0-9]#i', '',$_POST["password_login"]);//filter everything but number and letter
$password_login_md5 = md5($password_login);
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5'LIMIT 1");//query whether user exists
//Check for their existence
$userCount = mysql_num_rows($sql);//Count the number of rows entered
if ($userCount ==1){
while ($row =mysql_fetch_array($sql)) {
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
header("location: welcome.php");
exit();
}else {
echo 'Information is incorrect, try again';
exit();
}
}
?>
<div style="width: 800px; margin: 0px auto 0px auto;">
<table>
<tr>
<td width="60%" valign="top">
<form action="index.php" method="POST">
<input type="text" name="user_login" size="25" placeholder="Username"><br>
<input type="password" name="password_login" size="47" placeholder="Password"><br><br>
<input type="submit" name="login" value="Login">
</form>
</td>
Upvotes: 0
Views: 128
Answers (4)
Reputation: 1702
You can do a little bit check using filter_var function for email validation. If the function returns false, it is definitely not going to be a valid email. Based on this, you can modify your query a little bit like the following code:
function is_email($str) {
return filter_var($str, FILTER_VALIDATE_EMAIL);
}
if(is_email($user_login)) {
$sql = mysql_query("SELECT id FROM users WHERE email ='{$user_login}' AND password = '{$password_login_md5}' LIMIT 1");
} else {
$sql = mysql_query("SELECT id FROM users WHERE username = '{$user_login}' AND password = '{$password_login_md5}' LIMIT 1");
}
In order to avoid any confusion for you, I'm posting the whole code here just by changing few things in the existing code:
function is_email($str) {
return filter_var($str, FILTER_VALIDATE_EMAIL);
}
if(isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-ZA-z0-9]#i', '', $_POST["user_login"]); //filter everything but numbers and letters
$password_login = preg_replace('#[^A-ZA-z0-9]#i', '',$_POST["password_login"]); //filter everything but number and letter
$password_login_md5 = md5($password_login);
if(is_email($user_login)) {
$sql = mysql_query("SELECT id FROM users WHERE email ='{$user_login}' AND password = '{$password_login_md5}' LIMIT 1");
} else {
$sql = mysql_query("SELECT id FROM users WHERE username = '{$user_login}' AND password = '{$password_login_md5}' LIMIT 1");
}
$userCount = mysql_num_rows($sql); //Count the number of rows entered
if($userCount ==1) {
while ($row =mysql_fetch_array($sql)) {
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
header("location: welcome.php");
exit();
} else {
echo 'Information is incorrect, try again';
exit();
}
}
Also, I would like to bring few things into your attention about your code.
- Remove regular expression for
$user_loginbecause you're only allowing numbers and alphabets. This would not accept email format. You can also pass regular expression like#[^A-ZA-z0-9@_.]#ito accept few other characters like@,_,.and like so if you're going to restrict the input to only allowed characters. - Avoid using deprecated
mysqlextension. Either usemysqliorPDO. - Use prepared statements in
mysqliorPDOto avoid SQL injection attacks.
Hope it helps!
Upvotes: 0
Reputation: 1726
You'll want to change your SQL to something like this. It will compare both the email and username fields for a match.
$sql = "SELECT id FROM users WHERE (username='$user_login' OR email='$user_login') AND password='$password_login_md5' LIMIT 1";
You should also consider using PDO instead of the mysql_* functions, and consider hashing your passwords instead of using md5().
Upvotes: 0
Reputation: 425
you just need to create different query based on user input at username.
if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
// is email
$sql = mysql_query("SELECT id FROM users WHERE email='$user_login' AND password='$password_login_md5'LIMIT 1");//query whether user exists
} else {
// not email
$sql = mysql_query("SELECT id FROM users WHERE username ='$user_login' AND password='$password_login_md5'LIMIT 1");//query whether user exists
}
Upvotes: 0
Reputation: 1233
You really should be dealing with this type of checking on the backend/processing page.
A simple check, such as the below quasi example, is about as simple as it can get: (obviously requires additional security validations)
if(filter_var($_POST["user_login"], FILTER_VALIDATE_EMAIL)) {
$sql_prepare = 'SELECT id FROM users WHERE email = ? AND password = ? LIMIT 1';
}
else {
$sql_prepare = 'SELECT id FROM users WHERE username = ? AND password = ? LIMIT 1';
}
But yeah, this really is about as easy of a way as there is to resolve your case.
Upvotes: 2
Related Questions
- How do I post multiple inputs with same name and different values
- two values for one name in input
- Posting Multiple Input Text Value with Same (input)Name
- HTML Multidimensional input name for complex inputs
- input type name as $key value in php
- Submit form with multiple input with the same name
- Multiple input types with same name to be received via php
- How can I use several form inputs with the same name?
- One input field, multiple names
- Multiple inputs with array names