1

When a user clicks login, "Wrong Email Or Password" Is displayed for each user that is in Database Array. Could someone point me in the right direction to Only Display Error code once if user input wrong email/password? I'm Using Flintstone to store Users.

    if (isset($_POST['login'])) {
    $TempEmail = strtolower($_POST['email']);
    $TempPass = $_POST['password'];
    // Get Keys From DB;
    $keys = $users->getKeys();
    // Check If DB is Empty
    if (!empty($keys)) {
        foreach ($keys as $key) {
            $user = $users->get($key);
            $email = strtolower($user['Email']);
            $password = $user['Password'];
            $hash = password_verify($TempPass, $password);
            try {
                if (($TempEmail === $email) && ($hash === true))
                {
                    $_SESSION['use']=$email;
                    // On Successful Login redirects to home page
                    header("Location:/home/");
                }
                else
                {
                    echo "Wrong Email Or Password";
                    //break;
                }
            } catch (Exception $e) {
                return $e->getMessage();
            }
        }
    } else {
        echo "DB Is Empty";
        exit;
    }
}
Improve this question
4
  • @chris85 If I Uncomment //break, then it will only run on 1 user in the array and quit. Commented Sep 24, 2017 at 0:29
  • 1
    Use WHERE in your query to only fetch the user with that email. Commented Sep 24, 2017 at 0:30
  • Oh, yea. I was looking at this wrong. Assign it to a variable and echo the variable after execution. This should probably be done another way though. Commented Sep 24, 2017 at 0:30
  • @MagnusEriksson This is not SQL, I'm using xeweb.net/flintstone Commented Sep 24, 2017 at 0:31

3 Answers 3

Reset to default
1

Simply move echo "Wrong Email Or Password" right after the foreach-loop instead of inside it. If the email is found and the password matches, the user will still be redirected before the code reaches that point.

foreach ($keys as $key) {
    // Your current code, minus the echo.
}

// This is after the foreach and will only be executed if there were
// no match for the email and password.
echo "Wrong Email Or Password";

Just remember to add an exit; after your header('Location:....'); to stop PHP from executing anything more.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

How couldn't I think of this? Wow, Thank's So Much. Any Ideas How I could improve my code?
@Danik - No worries. It's easy to miss obvious solutions sometimes :-)
@Danik - To start with, you can remove your whole try/catch since it doesn't serve any purpose in that context. You don't have anything that could throw an Exception in that case.
0

The foreach loop goes through all the $keys, hence it echoes "Wrong Email Or Password" for every wrong key. Save the outcome of a successfull query in a variable i.e. $success = false. If the correct login was found, set it to true. After the foreach loop you can write

if(!$success){echo "Wrong password"};
Improve this answer

2 Comments

What is the best solution in this case?
Well, as Magnus Eriksson answered the best way would be to change the SQL query. If you can't do that, then a quick guess would be to save the outcome of a successfull query in a variable i.e. $success = false. If the correct login was found, set it to true. After the foreach loop you can put a if(!$success){echo "Wrong password"};
0

I think this is more user-friendly:

$login = false;
foreach ($keys as $key) {
    $user = $users->get($key);
    $email = strtolower($user['Email']);
    $password = $user['Password'];
    $hash = password_verify($TempPass, $password);
    try {
        if ($TempEmail === $email) {
            if ($hash === true) {
                $login = true;
                $_SESSION['use'] = $email;
                // On Successful Login redirects to home page
                header("Location:/home/");
            } else {
                break;
            }
        }
    } catch (Exception $e) {
        return $e->getMessage();
    }
}
if (!$login) {
    echo "Wrong Email Or Password";
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.