php and mysql allowing successful login for emails with _ and other special characters -
hi can please help me. have login script , when set users username eric@email.com works fine if email eric_1@email.com , other special characters echoes out count error 1 says there 1 error in form.
how can allow script succesfully log in user _ in email or other special characters? im new php , mysql , greatful if show me how prepare this.
<?php if (logged_in()) { $_session['login_message']="<div class=\"login-overlay\"></div><div class=\"login-box\"><div class=\"loginframe2\"> <h1>login in securely </h1> <p> playtimeboys.com login in securely. please wait.<br/><br/> <div class=\"login-logo\"> <img src=\"assets/css/photobox/loading.gif\" width=\"24\" height=\"24\"><div class=\"login-text-logo\">login in. please wait</div></div> </div></div>"; header("location: {$_server['http_referer']}"); } include_once("includes/form_functions.php"); // start form processing if (isset($_post['submit'])) { // form has been submitted. $errors = array(); // perform validations on form info $required_fields = array('email', 'password'); $errors = array_merge($errors, check_required_fields($required_fields, $_post)); $fields_with_lengths = array('email' => 30, 'password' => 30); $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_post)); $email = trim(mysql_prep($_post['email'])); $password = trim(mysql_prep($_post['password'])); $hashed_password = md5($password); if ( empty($errors) ) { // check database see if email , hashed password exist there. $query = "select id, email, close_account "; $query .= "from ptb_users "; $query .= "where email = '{$email}' "; $query .= "and password = '{$hashed_password}' "; $query .= "and close_account = '0' "; $query .= "limit 1"; $result_set = mysql_query($query); confirm_query($result_set); if (mysql_num_rows($result_set) == 1) { // email/password authenticated // , 1 match $found_user = mysql_fetch_array($result_set); $_session['user_id'] = $found_user['id']; $_session['email'] = $found_user['email']; $_session['sub_expires'] = $found_user['subscription_expires']; $result = mysql_query("update ptb_users set user_online='online' id=".$_session['user_id']."") or die(mysql_error()); if($result) { $_session['login_message']="<div class=\"login-overlay\"></div><div class=\"login-box\"><div class=\"loginframe2\"> <h1>login in securely </h1> <p>login in securely. please wait.<br/><br/> <div class=\"login-logo\"> <img src=\"assets/css/photobox/loading.gif\" width=\"24\" height=\"24\"><div class=\"login-text-logo\">login in. please wait</div></div> </div></div>"; header("location: {$_server['http_referer']}"); } }else{ // email/password combo not found in database $message = "<div class=\"infobox_out\"><strong>email / password combination incorrect.</strong><br /> please create sure caps lock key off , seek again.</div>"; echo "<a href=\"#\"><div class=\"infobox-close2\"></div></a>"; } } else { if (count($errors) == 1) { $message = "<div class=\"infobox_out\">there 1 error in form.<div>"; } else { $message = "<div class=\"infobox_out\">there " . count($errors) . " errors in form.<div>"; } } } else { // form has not been submitted. if (isset($_get['logout']) && $_get['logout'] == 1) { $message = "<div class=\"infobox\">you logged out.</div>"; echo "<a href=\"#\"><div class=\"infobox-close3\"></div></a>"; } else { // form has not been submitted. if (isset($_get['logout']) && $_get['logout'] == 5) { $message = "<div class=\"infobox-noprofile2\"><strong>account banned -</strong> not log in because account's<br/> been banned. contact at: <a href=\"mailto:support@playtimeboys.com\">support@admin.com</a>.</div>"; echo "<a href=\"#\"><div class=\"infobox-close12\"></div></a>"; } else { // form has not been submitted. if (isset($_get['logout']) && $_get['logout'] == 6) { $message = "<div class=\"infobox-noprofile2\"><strong>account warning -</strong> violated status in our user policy. due receiving warning. if go on violate policy<br/> business relationship banned. <a href=\"terms.php\">review user policy</a> and<br/>login when ready.</div>"; echo "<a href=\"#\"><div class=\"infobox-close12\"></div></a>"; } else { // form has not been submitted. if (isset($_get['logout']) && $_get['logout'] == 2) { $message = "<div class=\"infobox_out\">sorry, we've had log out. session has expired.</div>"; echo "<a href=\"#\"><div class=\"infobox-close2\"></div></a>"; } else { // form has not been submitted. if (isset($_get['logout']) && $_get['logout'] == 1) { $message = "<div class=\"infobox\">you logged out.</div>"; echo "<a href=\"#\"><div class=\"infobox-close3\"></div></a>"; } } } } } $email = ""; $password = ""; } ?> <br/> <?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?> <form action="login.php" rel="shadowbox;height=300;width=500" method="post" > <div class="row email"> <input type="email" id="email" name="email" placeholder="email" value="<?php echo htmlentities($email); ?>" /> </div> <div class="row password"> <input type="password" id="password" name="password" placeholder="password" value="<?php echo htmlentities($email); ?>" /> </div> <input type="submit" name="submit" value="login >" /> </form> <?php if (!empty($errors)) { display_errors($errors); } ?>
i don't know if can find actual answer, can't see using escape string here, means code subject sql injection. if problem underscore beingness special character, should (you should doing anyway, really!)
$myescapedstring = escapestring($mystring) you should doing beingness passed database querying.
you'd implement this:
$email = escapestring(trim(mysql_prep($_post['email']))); $password = escapestring(trim(mysql_prep($_post['password']))); $hashed_password = md5($password); php mysql
No comments:
Post a Comment