-3

Im new to PHP, login.php make you use your username instead of your email. How do you make it where I can have user's login just via email, an password instead of them using there username an password.

Login.php

<?php
session_start();
// Header file
require_once "views/template/header.php"; 

if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
die("You need to provide your e-mail and password.");
}

// Create query
$q = "SELECT * FROM `users` "
."WHERE `username`='".$_POST["username"]."' "
."AND `password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);

if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: members.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
}
else
{
 //If all went right the Web form appears and users can log in
 echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
echo "Don't have account <a href='register.php'>create account now!</a>";
}
require_once "views/template/footer.php";
?>

Register.php

     <?php
    // dbConfig.php is a file that contains your
    // database connection information. This
    // tutorial assumes a connection is made from
    // this existing file.
        require_once "views/template/header.php"; 

        //Input vaildation and the dbase code
    if ( $_GET["op"] == "reg" )
        {
        $bInputFlag = false;
        foreach ( $_POST as $field )
        {
        if ($field == "")
      {
      $bInputFlag = false;
      }
        else
      {
      $bInputFlag = true;
      }
        }
    // If we had problems with the input, exit with error
    if ($bInputFlag == false)
        {
        die( "Problem with your registration info. "
      ."Please go back and try again.");
        }
      $profile=$_POST['profilename'];
      $password=$_POST['password'];
      $email=$_POST['email'];
      $fname=$_POST['firstname'];
      $lname=$_POST['lastname'];
    // Fields are clear, add user to database
    //  Setup query
    $q = "INSERT INTO users (`profilename`,`password`,`email`,`firstname`,`lastname`) 
          VALUES ('$profile','$password','$email','$fname','$lname')";
    //  Run query
    $r = mysql_query($q);

    // Make sure query inserted user successfully
    if ( !mysql_insert_id() )
        {
        die("Error: User not added to database.");
        }
    else
        {
        // Redirect to thank you page.
        Header("Location: register.php?op=thanks");
        }
    } // end if


     //The thank you page
    elseif ( $_GET["op"] == "thanks" )
    {
    echo "<h2>Thanks for registering!</h2>";
    }

    //The web form for input ability
    else
    {
    echo "<form action=\"?op=reg\" method=\"POST\">\n";
    echo "Profile Name: <input name=\"profilename\" MAXLENGTH=\"16\"><br />\n";
    echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"><br />\n";
    echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"><br />\n";
    echo "First Name: <input name=\"firstname\" MAXLENGTH=\"25\"><br />\n";
    echo "Last Name: <input name=\"lastname\" MAXLENGTH=\"25\"><br />\n";
    echo "<input value='Submit' type=\"submit\">\n";
    echo "</form>\n";
    }
    // EOF
    require_once "views/template/footer.php";
?>
user3390502
  • 1
  • 4
    change `Header("Location: members.php");` to `Header("Location: http://www.php.net");` – Paul Dessert Mar 06 '14 at 23:54
  • You require both GET and POST information to be set in your first two if-conditions which not possible. If there is no GET-information, you will see the form, if there is GET-information, `!$_POST['username']` will evaluate to true and die() is executed. – Bernhard Frick Mar 07 '14 at 00:05
  • @baerbjoern, while it's not RESTfully correct, you can simply put `?yourgetvariable=value` onto the end of a **post** form method. – scrowler Mar 07 '14 at 00:33
  • @baerbjoern: you can have GET and POST operational at the same time. – halfer Mar 07 '14 at 00:38

1 Answers1

1

Just look for the email instead of the username:

// Create query
$q = "SELECT * FROM `users` "
."WHERE `email`='".$_POST["username"]."' "
."AND `password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";

And change your form label:

echo "Email: <input name=\"username\" size=\"15\"><br />";

That's the quickest fix. Obviously to be more thorough you'll want to replace all instances of "Username" or $_POST['username'] in your login script with email, and you should stop using the mysql_* library since it's deprecated and soon to be removed.

Community
  • 1
  • 1
scrowler
  • 24,273
  • 9
  • 60
  • 92