Greg Greg - 7 months ago 10
HTML Question

How to login with both a name/email and a password/lastname

I am trying to have my login page let users login using either their firstname/email or password/lastname.

So far, it will only allow users to login using email/firstname in the first block & in the second block only password, but not lastname.?

here is what i have so far as php-->

<?php
ob_start();
session_start();
define("_APP_RUN", true);
require '../AppINIT.php';
$footerTxt = appconfig('footerTxt');
$theme= appconfig('theme');

if (isset($_POST['login']))
{
$username=_post('username');
$password=_post('password');
$login_type=_post('login_type');

if($username==''){
conf('login.php','e','Please Enter Your Username');
}

if($password==''){
conf('login.php','e','Please Enter Your Password');
}

$password = md5($secret . $password);

$lastlogin=date("Y-m-d H:i:s");





//added name,lname on 4-30-2016--to be able to login with name
$stmt = $dbh->prepare("SELECT `id`, `email`, `name`, `lname`, `password`
FROM `accounts`
WHERE
(
`email` = :email AND `password` = :password
)
OR
(
`name` = :first_name AND `lname` = :last_name
)
AND `status` = 'Active'
");

$stmt->execute(array(':email'=>$username; ':password'=>$password; ':first_name'=>$username; ':last_name'=>$password));


//$stmt->bindParam(':user_id', $username, PDO::PARAM_STR, 12);
//$stmt->bindParam(':password', $password, PDO::PARAM_STR, 30);
$stmt->execute();
$result = $stmt->fetchAll();
if ($stmt->rowCount() == "1") {
foreach ($result as $value) {
$cmd=$value['id'];
$_SESSION['cid'] = $value['id'];
$lid = md5(uniqid(rand(), TRUE));
$_SESSION['lid'] = $lid;
setcookie("_lid", "$lid", time() + 86400);
$login=ORM::for_table('accounts')->find_one($cmd);
$login->online='1';
$login->lastlogin=$lastlogin;
$login->save();

conf('index.php');

}
} else {
conf('login.php', 'e', 'For Security Reasons We Can Not Tell You What Was Entered Wrong!');
}

}
require ("views/$theme/login.tpl.php");

?>


and here is what i have in html for calling it--->

<form action="login.php" method="post">
<fieldset>
<label>
<span class="block input-icon input-icon-right">
<input type="text" class="span12" placeholder="Email Or First Name" name="username"/>
<i class="icon-envelope"></i>
</span>
</label>

<label>
<span class="block input-icon input-icon-right">
<input type="password" class="span12" placeholder="<?php echo $Lan['Password']; ?> Or Last Name" name="password" />
<i class="icon-lock"></i>
</span>
</label>

<div class="space"></div>

<div class="clearfix">




 Read Me First!



<button class="width-35 pull-right btn btn-small btn-primary" type="submit" name="login">
<i class="icon-key"></i>
<?php echo $Lan['login']; ?>
</button>
</div>

Answer

Greg,

Use the following HTML Form:

<form action="login.php" method="post">
        <fieldset>
            <label>
                <span class="block input-icon input-icon-right">
                    <input type="text" class="span12" placeholder="Email Or First Name" name="username"/>
                </span>
            </label>

            <label>
                <span class="block input-icon input-icon-right">
                    <input type="text" class="span12" placeholder="Password or Last Name" name="password"/>
                </span>
            </label>
        </fieldset>
        <input type="submit" name="Login">
    </form>

Use this in your login.php file:

<?php
        session_start();
        require "path/to/db/file.php";

        $username   =   $_POST['username'];
        $last_name  =   $_POST['password'];
        $password   =   $_POST['password'];

        $password = md5($secret . $password);

        $stmt = $dbh->prepare("SELECT `id`, `email`, `name`, `lname`, `password`
                            FROM `accounts`
                            WHERE 
                                (
                                    `email` = :email AND `password` = :password
                                )
                            OR
                                (
                                    `name` = :first_name AND `lname` = :last_name
                                )
                            AND `status` = 'Active'
                            ");

        $stmt->execute(array(':email'=>$username; ':password'=>$password; ':first_name'=>$username; ':last_name'=>$last_name));

        $records_count  =   $stmt->rowCount();

        if($records_count   == 1){
            //One of the conditions of the $stmt was evaluated as TRUE and query was successful

            echo 'Logged in';

        }
        else{

            var_dump($stmt);

        }
    ?>

If the conditions are met, you should log in successfully. Otherwise, the $stmt will be "dumped" which will help you evaluate your input.

In your original code, you are hashing the password field. The last name is being hashed and that is why the authentication fails when you use last name.