[RESOLVED] Header confusion

robkir

I need to understand this header business better. I understand that I am not supposed to have any output before the header. My confusion is how to I gather input before I evoke the header? In the past I have solved this by having two php scipts, with action calling the second script that has the header in it. Now I am ready to put everything in one script...except that I can't get it to work.

<?php
session_start();
require("../functions/checkEntries.php");
include_once "../DBconMOD.php";
include_once "../style_sheet.php";
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Language" content="en-us" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link rel="stylesheet" type="text/css" href="../../templates/master_style_sheet.css" />
</head>

<body>
<img src="../artwork/CupLogo.png" width="265" height="94" /><hr>

<?php

//---| Enter Data

echo "<form method = \"post\" action = \"userlogin_coach.php\">";	
echo "<strong><span class =\"text_reg\">Enter your User Name and Password </strong>(problems? Contact
<a href=\"mailto:webmaster@website.com?subject=problem_pw_or_un_areaPlayoffs\">webmaster</a>)";
echo "<table><tr><td><strong>User Name:</strong> <td> <input type=\"text\" name=\"userName\"/></td></tr>
<tr><td><strong>Password:</strong> </td><td>
<input type=\"password\" name=\"userPass\"></td></tr></table>";
echo "<input type=\"submit\" name=\"submit\" value=\"login\"/></p></form>";

$userName = protect($_POST['userName']);
$userPass = protect($_POST['userPass']);

//---| ERROR CHECKING

//empty userName and or userPass

if($_POST['submit']) 
	{
	if(!$_POST['userName']) 
	{
	echo "<font color =\"red\">You did not enter a user name</font> "; 
	}
	if (!$_POST['userPass'] )
	{
	echo "<font color =\"red\">You did not enter a password</font> "; 
	}

//---|	If userName and userPass are both there, open record and compare to be sure they are the right ones.

	if(isset($userName) && isset($userPass)) {

$sql = "SELECT * FROM admin_coach WHERE 
userName = '".$userName."' AND 
userPass = '".$userPass."'";
$result = mysql_query($sql,$link)or die(mysql_error("not working"));

	//----------------------------------------------------------------------------------------------------------------
	//get the number of rows in the result set; should be 1 if a match
	//----------------------------------------------------------------------------------------------------------------

	if (mysql_num_rows($result) == 1) {

		while ($info = mysql_fetch_array($result)) {

		$_SESSION[idAdmin] = $info['idAdmin'];
		$_SESSION[accessLvL]=$info['accessLvL'];
		$_SESSION[nameF] =$info['nameF'];
		$_SESSION[nameL] =stripslashes($info['nameL']);

		print "correct password" ;

		header("Location: header_test.php");
    	exit();


	} // end while


} else if ($userName && $userPass) {
 echo "<font color = \"red\">Your user name or password are not valid</font>" ;

} // end else if user and user pass
} //end isset $userName and isset $userPass IF

} //end submit IF

?>
</form>
</body>
</html>

cahva

First.. theres lots of errors in your markup(missing </td>, extra </form> etc.). Theres no need to print large chunks of html markup with php(you printed the form with php for some reason).

Do all the checking at the start of your script(before any markup). Separate logic and presentation. That means that you should put errors to string(or array) and you just print the errors later in the markup if they exist. Heres a rough example:

<?php
session_start();
require("../functions/checkEntries.php");
include_once "../DBconMOD.php";
include_once "../style_sheet.php";

// Check that username and passwd is submitted
if (isset($_POST['username']) AND isset($_POST['passwd']))
{
	$error = array(); // Initialize error variable

if (empty($_POST['username']))
{
	$error[] = 'Please input username';
}

if (empty($_POST['passwd']))
{
	$error[] = 'Please input password';
}

if (count($error) == 0)
{
	$sql = sprintf("SELECT * FROM admin_coach WHERE userName = '%s' AND userPass = '%s' LIMIT 1",
		mysql_real_escape_string($_POST['username']),
		mysql_real_escape_string($_POST['passwd'])
	);

	$result = mysql_query($sql);

	if (mysql_num_rows($result) == 1)
	{
		$info = mysql_fetch_assoc($result);

		$_SESSION['idAdmin'] = $info['idAdmin'];
		$_SESSION['accessLvL'] = $info['accessLvl'];
		$_SESSION['nameF'] = $info['nameF'];
		$_SESSION['nameL'] = $info['nameL'];

		// Session is set and login was succesfull, redirect the user to somewhere
		header("Location: header_test.php");
        exit(); 
	}
	else
	{
		$error[] = 'Your user name or password are not valid';
	}
}

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Language" content="en-us" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link rel="stylesheet" type="text/css" href="../../templates/master_style_sheet.css" />
</head>

<body>
	<img src="../artwork/CupLogo.png" width="265" height="94" /><hr />

<?php if (!empty($error)): ?>
	<p class="error">
		<?php implode('<br />',$error) ?>
	</p>
<?php endif; ?>

<form action="userlogin_coach.php" method="post">

	<label>Username</label>
	<input name="username" type="text" />

	<label>Password</label>
	<input name="passwd" type="password" />

	<br />
	<input type="submit" name="submit" value="Login" />

</form>
</body>
</html>

BTW, dont save your password as cleartext but only a hash(and compare that when checking if the user and pass is correct).

Bottomline is. Dont do any complex logic inside your html portion. Do as much as you can and set things to variables, objects etc. in the logic portion of your code.

robkir

Hi cahva,

Wow--that was an eye opener and will change the way I think about and write code. Thanks.

I am confused by the <p class ="error"> code. What does that represent?

I haven't used endif before and I am not sure if there is some special reason you used it. Would not the result be the same if one used a starting "{" and an ending "}" ?

I added a foreach statement to print out the error messages. I assume that is the best way to print them out?

cahva

robkir;10937812 wrote:
I am confused by the <p class ="error"> code. What does that represent?

I haven't used endif before and I am not sure if there is some special reason you used it. Would not the result be the same if one used a starting "{" and an ending "}" ?

I always use alternative syntax for control structures in my views(or templates).

Its just a habit of mine(and many others 🙂 ) that I use when putting code in the presentation side(html). Its more "designer friendly" and looks nicer with the rest of markup. So its the same as { }.

I added a foreach statement to print out the error messages. I assume that is the best way to print them out?

Yeah absolutely! The alternative way to do that would be something like this:

<?php if (!empty($error)): ?>
	<ul>
	<?php foreach ($error as $e): ?>
		<li><?php echo $e ?></li>
	<?php endforeach; ?>
	</ul>
<?php endif; ?>

You might ask why the hell I'm using so much php tags as you could easily put that inside one pair of php tags and the main reason is to really not use any markup inside php variables. Building markup like this, you can easily change it afterwards + when using editor with syntax highlighting you can spot errors with ease 🙂

robkir

It makes perfect sense. Thanks for educating me. Every time I undertake another project I learn something new and cool. Heck, one of these days, I might actually know what I am doing!

Cheers,

robkir