Login Page Can't Return Error Message for Non Registered Email

[zent-lim]

Good Day Mike

BACKGROUND

(1) I was writing mobile responsive version of views/account/login.

(2) In current version of view, the app must return error message below if user tries to sign in using an email that is not in database: "Please check to make sure that your email address is correct or sign up for a new account with the "Create New Account" link above."

File: views/account/login.php

Line Number: 70

(3) The view file uses flag "does_email_exist" to know if the error message should be displayed.

The controller that processes the sign in request is: controllers/b function index().

PROBLEM

Reading the controller logic below, it seems that the error message can never be returned in the current version of the controller.

`

$data['does_email_exist'] = $this->Account_Model->doesEmailAccountExist($data);

if (isset($data['does_email_exist'])) {

$this->session->set_flashdata('data', $data);

redirect('account/login');

}

else {

echo "<script>

        alert('Either the email address or password you entered is incorrect. If you pasted your temporary password from an email, please enter it by typing it in instead.');

        window.location.href='/'; ///usbong_store/

</script>";

}

`

(2) The controller instead redirects to home page and shows a js alert "Either the email address or password you entered...".

(3) Therefore the line of code in view can not be hit:

` if (isset($data['does_email_exist'])) {

    echo '<div class="Register-error">Please check to make sure that your email address is correct or sign up for a new account with the "Create New Account" link above.</div>';

    echo '<input type="text" class="Login-input" placeholder="Email Address" name="emailAddressParam" value="'.$data['emailAddressParam'].'"required>';

}
`

HOW TO RECREATE

(1) Go to account/login.

  Url: https://store.usbong.ph/index.php/account/login/

(2) Try to sign in with an email that is not in database.

(3) Instead of showing the error below, the controller routes to home page with a js alert.

 ""Please check to make sure that your email address is correct or sign up for a new account with the "Create New Account" link above.""

QUESTION

Is the control logic correct?

(1) If yes, in the new view file I am writing, I shall remove error case: "Please check to make sure that your email address is correct or sign up for a new account with the "Create New Account" link above."

(2) If no, in the new view file I am writing, I shall retain the error case.

Thanks!

[masarapmabuhay]

Hi Zent, Thank you for notifying me of your observation, and asking me your question.

As it is, the control logic is correct, in that I am able to have the Usbong Store display the following line of code you indicated.

if (isset($data['does_email_exist'])) {
    echo '<div class="Register-error">Please check to make sure that your email address is correct or sign up for a new account with the "Create New Account" link above.</div>';

    echo '<input type="text" class="Login-input" placeholder="Email Address" name="emailAddressParam" value="'.$data['emailAddressParam'].'"required>';
}

Action Items: 1) Retain: the error case --> Owner: Zent

2) Add: strengthen web app security in Usbong's TODO/TO-DO list --> Owner: Mike

Thank you.

Peace, Mike

[zent-lim]

Hi Mike,

Could u inform me what scenario shows this error message? (I could not seem to make it appear)

Please check to make sure that your email address is correct or sign up for a new account with the "Create New Account" link above.

Thank you very much!

On Wed, Sep 12, 2018, 9:06 PM Masarap Mabuhay, notifications@github.com wrote:

Hi Zent, Thank you for notifying me of your observation, and asking me your question.

As it is, the control logic is correct, in that I am able to have the Usbong Store display the following line of code you indicated.

if (isset($data['does_email_exist'])) { echo '

Please check to make sure that your email address is correct or sign up for a new account with the "Create New Account" link above.

';

echo '<input type="text" class="Login-input" placeholder="Email Address" name="emailAddressParam" value="'.$data['emailAddressParam'].'"required>';

}

Action Items:

1.

Retain: the error case --> Owner: Zent 2.

Add: strengthen web app security in Usbong's TODO/TO-DO list --> Owner: Mike

Thank you.

Peace, Mike

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/usbong/UsbongStore/issues/115#issuecomment-420641035, or mute the thread https://github.com/notifications/unsubscribe-auth/AHplT44fxodsO9syrP_U1e4JbGTkkJNmks5uaQbfgaJpZM4Wkw5Z .

[masarapmabuhay]

Hi Zent, Thank you for the reply.

Here are the steps to show the error message on the login page: 1) Enter an email address that exists in the DB. 2) Enter an incorrect password for that email address.

Thank you.

Peace, Mike

[zent-lim]

Thanks for the instructions Mike!

(1) I was able to recreate it.

(2) For future reference though, kindly note that the wrong password scenario does not seem to match the error message Create Account First - "Please check to make sure that your email address is correct or sign up for a new account with the "Create New Account" link above.".

Thank you! :)

On Thu, Sep 13, 2018 at 8:36 PM Masarap Mabuhay notifications@github.com wrote:

Hi Zent, Thank you for the reply.

Here are the steps to show the error message on the login page:

1. Enter an email address that exists in the DB.
2. Enter an incorrect password for that email address.

Thank you.

Peace, Mike

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/usbong/UsbongStore/issues/115#issuecomment-420991137, or mute the thread https://github.com/notifications/unsubscribe-auth/AHplTz_Ecg-dTeKjkkPQ5dNl9oV2yp2Bks5ualFogaJpZM4Wkw5Z .