Simple Question

crkian

Ive just started to do php and for my first project Im trying something to big I think.

I can get my html and php to work on their own, yet if I mix them so the login is within the html I get a blank page. Why is this. It shows nothing when I do view source either.

After they login and I want to check for peoples sessions, do I put the session string right at the start of the page.

Added some code below,

Html is here

<?php

  session_start();                                       

  include("ravinh.inc");                                 

  switch (@$_GET['do'])                                 

  {
    case "login":                                      

      $connection = mysql_connect($host, $user,$password) 
               or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
               or die ("Couldn't select database.");      

  $sql = "SELECT loginName FROM Member 
          WHERE loginName='$_POST[fusername]'";      
  $result = mysql_query($sql)
              or die("Couldn't execute query.");    
  $num = mysql_num_rows($result);                     
  if ($num == 1)  // login name was found            
  {
     $sql = "SELECT loginName FROM Member 
             WHERE loginName='$_POST[fusername]'
             AND password=password('$_POST[fpassword]')";
     $result2 = mysql_query($sql)
               or die("Couldn't execute query 2.");   
     $num2 = mysql_num_rows($result2);
     if ($num2 > 0)  // password is correct           
     {
       $_SESSION['auth']="yes";                       
       $logname=$_POST['fusername']; 
       $_SESSION['logname'] = $logname;               
       $today = date("Y-m-d h:i:s");                  
       $sql = "INSERT INTO Login (loginName,loginTime)
               VALUES ('$logname','$today')";
       mysql_query($sql) or die("Can't execute query.");
       header("Location: Member_page.php");          
     }
     else    // password is not correct               
     {
       unset($_GET['do']);                            
       $message="The Login Name, '$_POST[fusername]' 
                 exists, but you have not entered the 
                 correct password! Please try again.<br>";
       include("login_form.inc");                   
     } 
  }                                                   
  elseif ($num == 0)  // login name not found       
  {   
     unset($_GET['do']);                            
     $message = "The Login Name you entered does not 
                 exist! Please try again.<br>";
     include("login_form.inc");
  }
break; 
?>

html is here

Installer

Some ideas that may help you along:

You say you get a blank page when you mix the HTML and PHP. Do you have error reporting and display turned on? You should while you're developing. And leave out the "@" signs. While you're working on your code you want to see all messages, and when it's in production you want them logged. And in fact the one before "$_GET['do']" may be causing the blank page if the element isn't set; an error message would otherwise tell you that.

Do you have output in "ravinh.inc"? If you do, your session assignment and redirection won't work (and with error display off, you wouldn't know why).

I don't see why two select queries are neccesary. Just select the password (instead of "loginName") in the first one, then check it for a match with the posted one. You might also want to store passwords in the database "encrypted" (e.g. with md5) and compare them to encrypted input (like: if $db_pw == md5($input_pw)).

You use "$_POST['fusername']" twice before you assign it to another variable, then immediately assign that to the session element (and don't use either again). That's not major, but it is kind of senseless.

Using "include" to load the login form seems awkward to me, and even so "include_once" would probably work better; I'm not real sure. Try loading the same script, after unsetting all your request arrays, using something like "if (isset($_POST['submit']))" to execute the appropriate part of the script, or load an entirely different script for the login.

Houdini

This code is meant to be called via a URL from a form and that form should have an action like this

<form action = "NameOfYourProcessing.php?do=login" method="post">

By itself the program will do nothing because it is looking for a $_GET varaible namely $do and in this case it must have a value of 'login'. I take it that revish,inc is your database connection parameters. So as it stands right now with the exception of any HTML you might have this code will do nothing. Also there is no need for a switch statement since you are just looking for one value namely 'login' so this code could be altered or just left alone (it will work but the switch is usually for two or more values, not one). Could you show the form code , or at least the <form action='something" method='post'> part?

crkian

Thanks I shall work through what you have both said and sort it out.

crkian

Form code is as follows

    [code=php]<form action="Login.php?do=login" method="POST">[/code]

It just seems strange they both work seperately, index.php without the login bit and the login.php without being in the layout

Rodney_H_

Parse error: You are missing the closing curly brace at the end of your swicth statement.

Try adding a closing curly after "break;"

      }
    break;
}
?>

html is here

However, you don't really need a switch case conditional statement according to your code as is.

Instead of this:

  switch ($_GET['do'])                                 

  {

I suggest this, (as the others have said)..

  if(isset($_GET['do']) && $_GET['do'] == 'login')
  {