easy form error..

brcolow

Hey, alright in a chunk of my script it has this...


echo "<form method=post action=\"articletest.php\">";
echo "<table>";
echo "<tr><td>Username:</td>";
echo "<td><input type=text name=username></td></tr>";
echo "<tr><td>Password:</td>";
echo "<td><input type=password name=password></td></tr>";
echo "<tr><td colspan=2 align=center>";
echo "<input type=submit value=\"Log in\"></td></tr>";
echo "</table></form>";

That provides a login to the script... The problem is when they hit submit it just reloads the page "articletest.php" and i dont no why. It says in my book i is supposed to go to the top where the scrpt is to check the username and password and then start a session, can someone help me?

bernouli

give us your articletest.php

brcolow

<?
session_start();

if ($username && $password)
{

@ $db = mysql_pconnect("localhost", "mike", "notshown");
if (!$db)

{

echo "<b>Could not connect to database, try again later.</b>";

exit;

}

mysql_select_db("news");
$sql = "select * from "
	."where name='$username' "
	." and pass='$password";
$result = mysql_query($sql);
if (mysql_num_rows($sql) >0 )
{
$valid_user = $username;
session_register("valid_user");
}
}
?>
<html>
<body>
<b>Login</b>
<?

if (session_is_registered("valid_user"))
{
	echo "You are logged in as: $valid_user <br>";
	echo "<a href=\:logout.php\">Log Out</a><br>";
}
else
{
	if (isset($username))
{
echo "Sorry, we could not log you in please go back and try again";
}
else
{
echo "You are not logged in.<br>";
}

echo "<form method=post action=\"articletest.php\">";
echo "<table>";
echo "<tr><td>Username:</td>";
echo "<td><input type=text name=username></td></tr>";
echo "<tr><td>Password:</td>";
echo "<td><input type=password name=password></td></tr>";
echo "<tr><td colspan=2 align=center>";
echo "<input type=submit value=\"Log in\"></td></tr>";
echo "</table></form>";
}
?>

There ya go

bernouli

$sql = "select * from "
    ."where name='$username' "
    ." and pass='$password";

do you have to chose a table?

brcolow

yeah thats it, doh! But how do i slect a certain table?

brcolow

ok i i got it working....


mysql_select_db("news");
$sql = "select * from artusers "
	."where name='$username' "
	." and pass='$password";
$result = mysql_query($sql);

But it still does the same thing, at the top it says this
Notice: Undefined variable: username in D:\www[url]www.flashstand.com\articles\articletest.php[/url] on line 4
which is pretty obvious because it doesnt define it untill after the form is filled out, but still when i hit login it just reloads the page when it should read the username and password and reload with the correct page and my session started, what should i do?

brcolow

bump, to put in my values for the username and password i did this...

<?
@ $db = mysql_pconnect("localhost", "mike", "notshown");
if (!$db)

{

echo "<b>Could not connect to database, try again later.</b>";

exit;

}

mysql_select_db("news");

$sql ="INSERT INTO artusers (name, pass) VALUES ( 'notshown', 'notshown')";

$result = mysql_query($sql) or die (mysql_error());;
if ($result)
	echo"It worked!";
?>

It said it worked but im not sure if it put the correct values into the correct coulmns

jeremuck

when inserting, it should insert values in the same order you listed the fields.

INSERT INTO table (name, pass) VALUES ("this goes into name" , "this goes into pass");

I always list all the field names and all values. If I don't want to insert a value into a field, I leave it blank "".

brcolow

ok well i did that right, so why is it just reloading and not logging in!?

jeremuck

$result = mysql_query($sql);
if (mysql_num_rows($sql) >0 )
{
$valid_user = $username;
session_register("valid_user");
}

// should be:

if(mysql_num_rows($result) > 0)

Also, I don't know what your system specs are, but I always use HTTP_POST_VARS to check my posted variables. (In fact, on my windows machine I don't have a choice.)

$HTTP_POST_VARS['username'] might yield the correct result.

Having mismatched HTML tags can have disastrous results, as well. Make sure all your tags are correctly matched. (I once spent 3 hours wondering why my variables weren't being posted only to find out I had a mismatched <table> somewhere.)

brcolow

ok, so that whole thing should be replaced by
if(mysql_num_rows($result) > 0)
?
And then i am running a windows machine so what do i need to add an where, thanks for the help
-Brcolow

brcolow

bump, i dont get what u said above...

Edit: Ok i understand the first part, but where should my HTTP_POST_VARS be? at the top?

jeremuck

HTTP_POST_VARS is an array of all the values that were posted to the page.

It is populated using the form from the previous page.

In php, when you name an input on a form, in the next page is shows up as a variable with the same name. However, it is also in the HTTP_POST_VARS array with that name as the index.

So, if you are trying to post a variable called username, instead of $username, you can access it by $HTTP_POST_VARS['username']. The name is its index in the array.

So to answer your question, ANYWHERE you are using $username, try using $HTTP_POST_VARS['username'] .

same thing with the other variables.

instead of just trying to access $password, try using $HTTP_POST_VARS['password'] everywhere you would normally use $password.

Hope this helps... I'm not sure how clearly I explained it. If it's not clear, look it up in the manual on php.net or on this site.

brcolow

i understand u 100 percent, but i can use HTTP_POST_VARS on the same page as the form, because this whole thing is with cookies and i need it to be... do u no what im saying? Like when they fill in the form it reloadsthe page they were just on and it says u are logged in continue to write the article, so i can use HTTP_POST_VARS on the same page as the login page, right?

jeremuck

Try this:

<?


// leave the password out... it is possible there is no password
if ($HTTP_POST_VARS['username'] != "")
{

 @ $db = mysql_pconnect("localhost", "mike", "notshown");
 if (!$db)
 {

 echo "<b>Could not connect to database, try again later.</b>";

 exit;

 }

 // you need the tablename also!
 mysql_select_db("news");
 $sql = "select * from `artusers` "
     ."where `name`='" . $HTTP_POST_VARS['username'] . "' "
     ."and `pass`='" . $password . "'";

 if ( $result = mysql_query($sql) )
 {
  session_start();
  session_register("valid_user");
  $valid_user = $HTTP_POST_VARS['username'];
 }
}
?>
<html>
<body>
<b>Login</b>
<?

if (session_is_registered("valid_user"))
{
    echo "You are logged in as: $valid_user <br>";
    echo "<a href=\"logout.php\">Log Out</a><br>";
}
else
{
  if (isset($HTTP_POST_VARS['username']))
  {
    echo "Sorry, we could not log you in please go back and try again";
  }
else
{
  echo "You are not logged in.<br>";
}

echo "<form method=POST action=\"" . $_SERVER['PHP_SELF'] . "\">";
echo "<table>";
echo "<tr><td>Username:</td>";
echo "<td><input type=text name=\"username\"></td></tr>";
echo "<tr><td>Password:</td>";
echo "<td><input type=password name=\"password\"></td></tr>";
echo "<tr><td colspan=2 align=center>";
echo "<input type=submit value=\"Log in\"></td></tr>";
echo "</table></form>";
}
?>

brcolow

Well... with that script it works except... anyone can login with any username and password? why? And for the session varible, $valid_user i think it need like an http vars thing, but im not sure... so why can anyone login with that script?

brcolow

bump, help please

jeremuck


 $sql = "select * from `artusers` "
     ."where `name`='" . $HTTP_POST_VARS['username'] . "' "
     ."and `pass`='" . $password . "'";


 $sql = "select * from `artusers` "
     ."where `name`='" . $HTTP_POST_VARS['username'] . "' "
     ."and `pass`='" . $HTTP_POST_VARS['password'] . "'";

and

 if ( $result = mysql_query($sql) )
 {
  session_start();
  session_register("valid_user");
  $valid_user = $HTTP_POST_VARS['username'];
 }

 if ( $result = mysql_query($sql) )
 {
  if(mysql_num_rows() == 1  && mysql_error() == "")
  {
    session_start();
    session_register("valid_user");
    $valid_user = $HTTP_POST_VARS['username'];
  }
 }

now I've probably already helped too much. If you have book, I suggest consulting it. If not, I like "Core PHP Programming" by Leon Atkinson published by Prentice Hall. ISBN 0-13-089398-6.

I believe there are lots of articles on the internet about logging in a user. There's probably even ready made source code for it at sourceforge.com or phpclasses.com or some other code repository.
Also, try evolt.org, they have nice articles with source code.

Try breaking down your script into its core elements, and accomplish doing each of them separately, before putting them together.

You want to:
retrieve info from a database. Try doing JUST that .
Use a form to post data to the next page.
Use a form to post data to the same page.
Use sessions to retain data across all pages.
Do error checking on your database query.
Display different content based on variables.

Make a test for each little thing you want to do. Only once you completely understand each part proceed to put them together.

When I first started with PHP, I made over a dozen tests to see how arrays worked. Once I saw how things worked, I was able to use it. I also did a script for exactly what you want to do, and I made tests for each little part before I put the whole thing together.

A good test for these things is probably 2 or 3 or 4 lines of code.
For example, to test sessions, try starting a session and registering a variable on the first page. Provide a link to a second page. On the second page, try printing the variable. You could probably do all that with about 5 lines of code, total.

brcolow

ok i swear, i searched and i searched but i couldnt find anything that helped me with this error...

Warning: Wrong parameter count for mysql_num_rows() in D:\www[url]www.flashstand.com\articles\article.php[/url] on line 26

Please just help me out with that, please and thnaks for the help already

brcolow

hah, i just fixed that, ok this is the last thing and i promise i have this line to validate the session..

	if (session_is_registered("valid_user"))

obviously because this is a windows machine it says undefined varbile, so should it be

	if (session_is_registered("$HTTP_POST_VARS['vaild_user]'))

?
Thanks,
Brcolow