&quot;Post&quot; problem

"Post" problem

LeeD

I have a page that validates a user against a database. The first time in they enter a user id and a password in a form. The action of that form is to call the same page again.

At the top of the page, the script checks to see if a "$_POST" variable is set. If I do a write within the code (and therefore screw up the cookie writes and the redirect), it gets to that section of the code. If I don't do a write, the test for the post variable always fails. Here is the PHP code:

<?php
if ($POST[postaction] == "validateuser")
{
// page redisplayed with results of this code
$user = "me";
$pwrd = "mypassword";
$cont = "localhost";
$name_db = "mokenabarber";
$name_table = "UserID";
// form variables
$id = $POST["id"];
$pwd = $_POST["pwd"];
// set SQL session
$name_connect = mysql_connect($cont, $user, $pwrd) or die(mysql_error());
$db_connect = mysql_select_db($name_db, $name_connect) or die(mysql_error());
// set SQL call
$sql_code = "SELECT Password, Level FROM $name_table ";
$sql_code .= "WHERE ID = '$id'";
// testing only
// echo $sql_code . "<br><br>";
// check SQL output
$sql_result = mysql_query($sql_code,$name_connect) or die(mysql_error());
$output = mysql_fetch_array($sql_result);
// store database variables
$pwdSQL = $output["Password"];
$lvlSQL = $output["Level"];
// testing only
// echo "sql pwd: '" . $pwdSQL . "'<br>sql lvl: '" . $lvlSQL . "'<br>rows: '" . mysql_num_rows($sql_result) . "'<br>post pwd: '" . $pwd . "'<br>post id: '" . $id . "'<br>";
// set cookie time limit - 180 days
$hold = 60 60 24 * 180;
if ($pwdSQL == $pwd)
{
// validated user - write cookie and continue
setcookie("user", "$id", $hold);
setcookie("level", "$lvlSQL", $hold);
setcookie("authorized", "yes", $hold);
header("Location: http://www.mokenahickorycreek.com/SQL_Staff.php");
exit;
}
else
{
setcookie("user", "guest", $hold);
setcookie("level", "0", $hold);
setcookie("authorized", "no", $hold);
header("Location: http://www.mokenahickorycreek.com/index.php");
exit;
}
}
?>

The goofy lack of whitespace is due to the "manual" saying you can't have any prior to a cookie set. Of course, their example has it, but as it isn't working for me, I'll do it anyway they say.

TIA, LeeD

thorpe

you might want to wrap your post variable in quotes. so this...

if ($_POST[postaction] == "validateuser")

becomes;

if ($_POST['postaction'] == "validateuser")

other than that your going to need to explain your problem a little better. what is / isn't happening? and what do you meen by "when i do a write"?

ps: and please indent your code and wrap it in [php][/php] so we can read it.

halojoy

$POST[postaction] == "validateuser")
postaction should have Quotes around
$POST["postaction"]

bradgrafelman

(Laughs at the simeltaneous replies)

😃

LeeD

I've tried single and double quotes as well as no quotes. It is all so conflicting. The example in the book (PHP fast&easy web development) doesn't have quotes, while other places do have them. Sigh.

As you can see in the code, I should (second time on page after form recalls it) have a POST variable set and then do some stuff. But the variable isn't set and it just redisplays the same (not the redirected) page again. If I put an "else" condition on the main "if", it will get executed.

But if I uncomment the testing code so the echo happens, the required variables do display and therefore I had to have got into the code.

I don't know what you mean by wrapping the code in a php tag. Sorry, I'm a newbie.

halojoy

Originally posted by LeeD
I've tried single and double quotes as well as no quotes. It is all so conflicting. The example in the book (PHP fast&easy web development) doesn't have quotes, while other places do have them. Sigh.

As you can see in the code, I should (second time on page after form recalls it) have a POST variable set and then do some stuff. But the variable isn't set and it just redisplays the same (not the redirected) page again. If I put an "else" condition on the main "if", it will get executed.

But if I uncomment the testing code so the echo happens, the required variables do display and therefore I had to have got into the code.

I don't know what you mean by wrapping the code in a php tag. Sorry, I'm a newbie.

Well, I think you should use either single or double quotes for these variables.
I say this by my own experience.
Like you have:

// form variables  

$id = $_POST["id"];  

$pwd = $_POST["pwd"];

For your problem:
Can you post only the <form method=POST> ---your input stuff--- </form>,
because that could make it easier to see where problem is.
🙂

halojoy

🙂
For bug hunting, debugging, is very good to turn on all error_reporting in this page.
Only temporarily. Will display also Notices about variables.
Add this at top of your page:

<?php
error_reporting(E_ALL);   // Report all notices/errors
// Rest of page
?>

If E_ALL causes unwanted errors ( like 'headers already sent' )
Turn off Notices, using:

<?php
error_reporting(E_ALL & ~E_NOTICES);   // Report everything, but not notices
// Rest of page
?>

LeeD

Thanks. I'll try that in about 10 minutes (after I finish email checking). You learn something new every day.

LeeD

OK, tried it. Interesting as well. Here is what I found. PHP didn't like the reference to the POST variable so I added an "isset" test first. Then I eliminated the POSTs that appeared in the form that were there to echo what was typed in the first time.

I entered the valid stuff and nothing happened. the original validation form reappeared. So I tried entering invalid stuff and the redirect to the index page worked. Therefore, I was inside the POST code. no cookies were set (at least I couldn't find one when I looked in the cookie jar for the user).

Including notices, no errors were flashed to the screen.

BTW, I ran the code through the 3W validator site and it passed the scan. Since I couldn't get anything to appear, I figured I'd make sure there wasn't a HTML error. There were several and I fixed them all.