[SOLVED] Whats wrong with it?

[jrws]

My problem is that this code is supposed to execute AFTER the submit button is pressed. But that is not so, it just executes the code reguardless and as such gives the error message (the else statement).

I would like to know what I did wrong and how to fix it as well as identify it in the future.

 

<?php
include_once('functions.php');
if(isset($_POST['Submit'])){
    $username = protect($_POST['user']);
    $password = protect(encrypt($_POST['password']));
    $query = "SELECT username, password AND u_LV FROM 
                        user WHERE username ='$username' ,
                        password = '$password' 
                        AND u_lv BETWEEN 1 AND 6";
    $result = mysql_query($query)or die("Error, please contact staff. $bugE");
if(mysql_num_rows($result)>0){
        $r=mysql_fetch_array($result);//Fetch arrays
        $login_username=$r["username"];//Make $login_username = to there username
        session_register("login_username");//Register a session
        Header("Location: logged_in.php");
    }
}else{//Failed login, give error message.
    echo "<div align=center><b>Oops! Your login is wrong. Please click back and try again.</b></div>";
}
close()//Close Database
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
    <link rel="stylesheet" href="c3cd01d0/main.css" type="text/css" media="screen" />
    <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />

    <title>Registration</title>
    <style type="text/css">
    /*<![CDATA[*/
    div.c1 {text-align: left}
    /*]]>*/
    </style>
</head>

<body>
    <p>All fields are required.</p>

    <form id="register" name="register" method="post" action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>">
        <table width="292" border="0" cellspacing="0" cellpadding="3">
            <tr>
                <th width="286" scope="row">
                    <div class="c1">
                        Username : <input name="user" type="text" maxlength="32" />
                    </div>
                </th>
            </tr>

            <tr>
                <th scope="row">
                    <div class="c1">
                        Password : <input name="pass" type="password" maxlength="32" />
                    </div>
                </th>
            </tr>
        </table><input type="submit" value="Submit" name="submit" /><input type="reset" name="Reset" value="Reset" />

        <p>Or perhaps you would like to <a href="http://sandstorm.net46.net/register.php">register</a></p>
    </form>
</body>
</html>

[toplay]

It gives the error message because you're using a lowercase 's' in submit for the name in the form.

 

Change this:

 

if(isset($_POST['Submit'])){

 

to this:

 

if(isset($_POST['submit'])){

 

 

so it matches your form "name" value:

 

<input type="submit" value="Submit" name="submit" />

 

 

 

[jjacquay712]

toplay beat me to it. That's the most likely cause.

[jrws]

Thanks guys, man I hate typo's, but thanks again, at least now I can make sure I check my code like I should! >< Thanks again.

 

-edit-

 

It didn't work, still displays the error message when it shouldn't... I changed it as suggested but it seems to still have the same problem. So no the only code changed is

if(isset($_POST['submit'])){

[ShaunO]

That's bizarre, on the first page load that should never be set.

So even if you close the browser, go back into, ctrl+refresh/shift+refresh to clear cache, it still has the error message?

[Ken2k7]

What's the error message? Also, I'm no SQL guru, but is that SQL statement syntactically correct?

[jrws]

@Shauno, yes at least it is for the program I am using (PHP designer 2008) I will test it again on local host.

@Ken2k7, the error message is a custom error incase the user is not found. I am not sure, but I think the SQL is fine

else{//Failed login, give error message.
    echo "<div align=center><b>Oops! Your login is wrong. Please click back and try again.</b></div>";

 

-edit-

Just tested using a browser, same problem.

[ShaunO]

Oh I see the problem.

 

Basically your if/else nesting is wrong.

You're showing the error message when the submit button has not been pressed, rather than if the login has failed.

This should work.

 

<?php
include_once('functions.php');
if(isset($_POST['submit'])){
    $username = protect($_POST['user']);
    $password = protect(encrypt($_POST['password']));
    $query = "SELECT username, password AND u_LV FROM 
                        user WHERE username ='$username' ,
                        password = '$password' 
                        AND u_lv BETWEEN 1 AND 6";
    $result = mysql_query($query)or die("Error, please contact staff. $bugE");
if(mysql_num_rows($result)>0){
        $r=mysql_fetch_array($result);//Fetch arrays
        $login_username=$r["username"];//Make $login_username = to there username
        session_register("login_username");//Register a session
        Header("Location: logged_in.php");
    } else {
//Failed login, give error message.
    echo "<div align=center><b>Oops! Your login is wrong. Please click back and try again.</b></div>";
    }
}
close()//Close Database
?>

[jrws]

Thanks so much man I will try again, you explained it so it shouldn't happen again.

-edit-

Working!

Thanks so much, I will have to make sure I nest correctly

[toplay]

jrws, on the first page load $_POST['submit'] is not set, so it will execute the "else" logic which displays your echo.

 

You want to put that error check/message inside the first 'if' condition after checking if the post variables are empty and display an appropriate error for that. When they're not empty you do the query and if the query fails then give error of login/pswd not good. See now?

 

 

EDIT: ShaunO beat me to it.

 

[ShaunO]

Thanks so much man I will try again, you explained it so it shouldn't happen again.

 

Sweet, just check the casing on the 'submit' is still just like that as well.