I have a login script that is great and I want to expand on this but not sure where to place my new code I have written, I have placed it where I thought but keep getting errors for else and others when attempting to add this.
The code I am adding is not complete and will change, but I want to learn where I should be placing this within this code, it will stand me in good stead learning this as well. I thought by placing it after the if ($num_rows > 0) { section and it would perform the else request and execute my new code, but I get syntax and } kind of errors.
[code=php]
<?php
// Include the connections script to make a database connection.
include(“inc/connect.php”);
$username = “”;
$password = “”;
$errorMessage = “”;
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = “‘” . mysql_real_escape_string($value, $handle) . “‘”;
}
return $value;
}
if ($_SERVER[‘REQUEST_METHOD’] == ‘POST’){
$username = $_POST[‘username’];
$password = $_POST[‘password’];
$username = htmlspecialchars($username);
$password = htmlspecialchars($password);
$db_found = mysql_select_db($db, $connection);
if ($db_found) {
$username = quote_smart($username, $connection);
$password = quote_smart($password, $connection);
$SQL = “SELECT * FROM taablea WHERE username = $username AND password = ‘”.md5($_POST[‘password’]).”‘”;
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
if ($result) {
if ($num_rows > 0) {
session_start();
$_SESSION[‘username’] = “$_POST[username]”;
header (“Location: index.html”);
}
else {
$errorMessage = “Please check your username and/or password is correct”;
}
}
else {
$errorMessage = “Please check your username and/or password is correct”;
}
mysql_close($connection);
}
else {
$errorMessage = “Please check your username and/or password is correct”;
}
}
?>
This is my additional code that I am trying to get working so I can write it better.
[code=php]
/* New Block*/
else {
session_start();
$_SESSION[‘attempts’] = “+1”;
# setup SQL statement
$SQL = ” INSERT INTO tablebtemp “;
$SQL = $SQL . ” (sid, username, password, attempts, ipaddress) VALUES “;
$SQL = $SQL . ” (‘$sid’, ‘$username’, ‘$password’, ‘$attempts’, ‘$_SERVER[REMOTE_ADDR]’) “;
#execute SQL statement
$result = mysql_db_query( *****,”$SQL”,$connection );
# check for error
if (!$result) {
echo(“ERROR: ” . mysql_error() . “n$SQLn”);
}
else {
# setup SQL statement 2
$SQL = “SELECT * FROM tablebtemp WHERE sid = $sid”;
$result = mysql_query($SQL);
if (mysql_num_rows($result) ==0) {
$errorMessage = “Please check your username and/or password is correct”;
}
else (mysql_num_rows($result) ==3) {
$errorMessage = “You are blocked, please contact us to get unblocked.”;
}
/* END */