[RESOLVED] Where is the mistake?

probvam

I wonder where is the mistake in this script.
<?
if(!($POST['submit']))
echo'<div>
<form action="" method="post">
<p align="left">
<b>Име:</b><br />
<input type="text" name="user" size="30" />
<br /><b>Парола:</b><br />
<input type="password" name="pass" size="30" />
<br /><input type="submit" value="Вход" name="submit" />
</form>
<br />
Нямаш акаунт? <a href="register.php">Регистрирай се сега!</a>
</div>';
if (empty($POST['user'])) {
echo "Въведете потребител";}
if (empty($_POST['pass'])) {
echo "Въведете пarola";
echo "<a href=\"index.php\">back</a>"; // връща обратно

}else {

$user=$POST['user'];
$password=$POST['pass'];
include ('config.php');
mysql_connect ($dbhost, $dbusername, $dbuserpass) or die('Няма връзка с mySQL!');
mysql_select_db('*********') or die('Няма връзка с базата данни!');
$query="SELECT user FROM users WHERE password='$password'";
$query1=mysql_query($query);
while($row=mysql_fetch_array($query1))
$pass=$row["password"];
$usera=$row['user'];
if (($pass==$password) && ($usera==$user))
echo "<meta http-equiv=\"refresh\" content=\"1; url=users.php\">";//аз съм избрал да прехвърля към страница с всички регистрирани потребители
else echo'Грешна парола!<a href="javascript:history.back()">Назад</a>';
}

planetsim

Please use [php][/php] tags around your code as no one will help you. Also be more specific about the issue.

probvam

10x for the advice. The problem is in the login.

<?
if(!($POST['submit']))
echo'<div>
<form action="" method="post">
<p align="left">
<b>Име:</b><br />
<input type="text" name="user" size="30" />
<br /><b>Парола:</b><br />
<input type="password" name="pass" size="30" />
<br /><input type="submit" value="Вход" name="submit" />
</form>
<br />
Нямаш акаунт? <a href="register.php">Регистрирай се сега!</a>
</div>';
if (empty($POST['user'])) {
echo "Въведете потребител";}
if (empty($_POST['pass'])) {
echo "Въведете пarola";
echo "<a href=\"index.php\">back</a>"; // връща обратно

}else {

$user=$POST['user'];
$password=$POST['pass'];
include ('config.php');
mysql_connect ($dbhost, $dbusername, $dbuserpass) or die('Няма връзка с mySQL!');
mysql_select_db('********') or die('Няма връзка с базата данни!');
$query="SELECT user, password FROM users WHERE password='$password'";
$query1=mysql_query($query);
while($row=mysql_fetch_array($query1))
$pass=$row["password"];
$usera=$row['user'];
if (($pass==$password) && ($usera==$user))
echo "<meta http-equiv=\"refresh\" content=\"1; url=users.php\">";//аз съм избрал да прехвърля към страница с всички регистрирани потребители
else echo'Грешна парола!<a href="javascript:history.back()">Назад</a>';
}
?>

When I try to log with a true nick and password it shows that i haven't entered a valid password. I don't know where the mistake can be. I am sorry for my english i know it is not very good. 🙂

benracer

TRY,

<?
if(!isset($_POST['submit']))
echo'<div>
<form action="{$_SERVER['REQUEST_URI']}" method="post">
<p align="left">
<b>&#1048;&#1084;&#1077;:</b><br />
<input type="text" name="user" size="30" />
<br /><b>&#1055;&#1072;&#1088;&#1086;&#1083;&#1072;:</b><br />
<input type="password" name="pass" size="30" />
<br /><input type="submit" value="&#1042;&#1093;&#1086;&#1076;" name="submit" />
</form>
<br />
&#1053;&#1103;&#1084;&#1072;&#1096; &#1072;&#1082;&#1072;&#1091;&#1085;&#1090;? <a href="register.php">&#1056;&#1077;&#1075;&#1080;&#1089;&#1090;&#1088;&#1080;&#1088;&#1072;&#1081; &#1089;&#1077; &#1089;&#1077;&#1075;&#1072;!</a>
</div>';
if (!empty($_POST['user'])) {
echo "&#1042;&#1098;&#1074;&#1077;&#1076;&#1077;&#1090;&#1077; &#1087;&#1086;&#1090;&#1088;&#1077;&#1073;&#1080;&#1090;&#1077;&#1083;";}
if (empty($_POST['pass'])) {
echo "&#1042;&#1098;&#1074;&#1077;&#1076;&#1077;&#1090;&#1077; &#1087;arola";
echo "<a href=\"index.php\">back</a>"; // &#1074;&#1088;&#1098;&#1097;&#1072; &#1086;&#1073;&#1088;&#1072;&#1090;&#1085;&#1086;

}else {

$user=$_POST['user'];
$password=$_POST['pass'];
include ('config.php');
mysql_connect ($dbhost, $dbusername, $dbuserpass) or die('&#1053;&#1103;&#1084;&#1072; &#1074;&#1088;&#1098;&#1079;&#1082;&#1072; &#1089; mySQL!');
mysql_select_db('********') or die('&#1053;&#1103;&#1084;&#1072; &#1074;&#1088;&#1098;&#1079;&#1082;&#1072; &#1089; &#1073;&#1072;&#1079;&#1072;&#1090;&#1072; &#1076;&#1072;&#1085;&#1085;&#1080;!');
$query="SELECT * FROM users WHERE user='$user' AND password='$password'";
$query1=mysql_query($query);
while($row=mysql_fetch_array($query1))
$pass=$row["password"];
$usera=$row['user'];
if (($pass==$password) && ($usera==$user))
echo "<meta http-equiv=\"refresh\" content=\"1; url=users.php\">";//&#1072;&#1079; &#1089;&#1098;&#1084; &#1080;&#1079;&#1073;&#1088;&#1072;&#1083; &#1076;&#1072; &#1087;&#1088;&#1077;&#1093;&#1074;&#1098;&#1088;&#1083;&#1103; &#1082;&#1098;&#1084; &#1089;&#1090;&#1088;&#1072;&#1085;&#1080;&#1094;&#1072; &#1089; &#1074;&#1089;&#1080;&#1095;&#1082;&#1080; &#1088;&#1077;&#1075;&#1080;&#1089;&#1090;&#1088;&#1080;&#1088;&#1072;&#1085;&#1080; &#1087;&#1086;&#1090;&#1088;&#1077;&#1073;&#1080;&#1090;&#1077;&#1083;&#1080;
else echo'&#1043;&#1088;&#1077;&#1096;&#1085;&#1072; &#1087;&#1072;&#1088;&#1086;&#1083;&#1072;!<a href="javascript:history.back()">&#1053;&#1072;&#1079;&#1072;&#1076;</a>';
}
?>

bpat1434

You happen to have a syntax error on line 4 around the {$_SERVER['REQUEST_URI']} variable. You need to use double-quotes around the array key, or use contcatentation:

// Like this:
echo'<div>
<form action="{$_SERVER["REQUEST_URI"]}" method="post">
...
...';

// Or this:
echo'<div>
<form action="'.$_SERVER['REQUEST_URI'].'" method="post">
...
...';

probvam

10x for the help. I have fixed the problem. I want to ask something else.

<?php
if(!($_POST['submit']))
echo'<div>
<form action="" method="post">
<p align="left">
<b>&#1048;&#1084;&#1077;:</b><br />
<input type="text" name="user" size="30" />
<br /><b>&#1055;&#1072;&#1088;&#1086;&#1083;&#1072;:</b><br />
<input type="password" name="pass" size="30" />
<br /><input type="submit" value="&#1042;&#1093;&#1086;&#1076;" name="submit" />
</form>
<br />
&#1053;&#1103;&#1084;&#1072;&#1096; &#1072;&#1082;&#1072;&#1091;&#1085;&#1090;? <a href="register.php">&#1056;&#1077;&#1075;&#1080;&#1089;&#1090;&#1088;&#1080;&#1088;&#1072;&#1081; &#1089;&#1077; &#1089;&#1077;&#1075;&#1072;!</a>
</div>';
if (empty($_POST['user'])) {
echo "&#1042;&#1098;&#1074;&#1077;&#1076;&#1077;&#1090;&#1077; &#1087;&#1086;&#1090;&#1088;&#1077;&#1073;&#1080;&#1090;&#1077;&#1083;";}
if (empty($_POST['pass'])) {
echo "&#1042;&#1098;&#1074;&#1077;&#1076;&#1077;&#1090;&#1077; &#1087;arola";
echo "<a href=\"index.php\">back</a>"; // &#1074;&#1088;&#1098;&#1097;&#1072; &#1086;&#1073;&#1088;&#1072;&#1090;&#1085;&#1086;

}else {

$user=$_POST['user'];
$password=$_POST['pass'];
include ('config.php');
mysql_connect ($dbhost, $dbusername, $dbuserpass) or die('&#1053;&#1103;&#1084;&#1072; &#1074;&#1088;&#1098;&#1079;&#1082;&#1072; &#1089; mySQL!');
mysql_select_db('********') or die('&#1053;&#1103;&#1084;&#1072; &#1074;&#1088;&#1098;&#1079;&#1082;&#1072; &#1089; &#1073;&#1072;&#1079;&#1072;&#1090;&#1072; &#1076;&#1072;&#1085;&#1085;&#1080;!');
$query="SELECT * FROM users WHERE user='$user' AND password='$password'";
$query1=mysql_query($query); 
if(mysql_num_rows($query1)>0) {
$imp="SELECT realname  FROM users";
$zaqvka=mysql_query ($imp);
$info=mysql_fetch_array ($zaqvka);
$potrebitel=$info['realname'];
$_SESSION['potrebitel']=$potrebitel;
$_SESSION['log']=1;
echo "<meta http-equiv=\"refresh\" content=\"1; url=users.php\">";

} else {echo'&#1043;&#1088;&#1077;&#1096;&#1085;&#1072; &#1087;&#1072;&#1088;&#1086;&#1083;&#1072;!<a href="javascript:history.back()">&#1053;&#1072;&#1079;&#1072;&#1076;</a>';
}
}
?>

I tried to make this code working with sessions, so the user will be able to log and log out and have some other things than the which is not logged, but obviously there is a problem. I can't solve the problem. Is there a chance to do this using cookies. Which is better?

[ Mod Edit - bpat1434 ] Please use [php] tags!!

bpat1434

You can't use $SESSION to store session information until after [man]session_start/man is called. Once that's called, you can then write and read from the $SESSION array like you do in your code above.

You need at the top of your script (on the line directly after "<?") this:

session_start();

Then for every script that will use a session, you need to have [man]session_start/man at the top so it knows to read from that same session.

To log them out, just empty the session.

benracer

This is what you are looking for...
http://www.phpeasystep.com/phptu/6.html

probvam

10x for writing. I have fixed the problem. I appreciate your help. 10x again 🙂