Simple Question I Think about a PHP Form

[sippy]

I am totally new to php (and this forum) but used to code in java a while ago. I have an app I am trying to figure out and the first thing is a simple username/password login page that I can't get the two text fields to show up when I browse to the php page.

 

It used to work so I am not sure what is going on. Below is all the code that makes up this login php page. But, if you upload this to a web server and try to browse to it, the page appears blank. No text fields show up but should. Is there something in the functions.php file I should be looking at or something? Can someone help me with this please?

 

<?php

#login page

include('sqlConn.php');

include('functions.php');

 

if(isset($_POST['submit'])){

$username = $_POST['userName'];

$password = md5($_POST['passWord']);

 

#check username and password in DB

 

$query = "SELECT * FROM users WHERE userName='$username' AND password='$password' LIMIT 1";

$results = $db->query($query);

if($results->num_rows == 1){

#successful login processed

 

$cookieString = encryptText($username);

setcookie('loginCookie', $cookieString, time()+21600);

#$status = 'Welcome<br />';

$sidebar = 'links.php';

 

}

else {

#unsuccessful login attempt

$sidebar = 'baduser.html';

}

}

 

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Admin Console</title>

</head>

<frameset cols="200,*" frameborder="no" border="0" framespacing="0">

  <frame src="<? echo $sidebar; ?>" name="leftFrame" scrolling="No" noresize="noresize" id="leftFrame" title="leftFrame" />

  <frame src="about:blank" name="mainFrame" id="mainFrame" title="mainFrame" />

</frameset>

<noframes><body>

<? echo $status; ?>

</body>

</noframes></html>

 

[timecatcher]

Sorry I know isn't particularaly about your question however just a tip, you might want to change your cookie to contain something about your website in the name as theres going to be other websites that might try and write over that one as far as I remeber. (Feel free to correct me just trying to help ) Hope you work out the text thing.

 

Timecatcher.

[gevans]

<?php
   #login page
   include('sqlConn.php');
   include('functions.php');
   
   if(isset($_POST['submit'])){
      $username = mysql_real_escape_string($_POST['userName']); //make sure to protect against sql injection
      $password = md5($_POST['passWord']);
      
      #check username and password in DB
      
      $query = "SELECT * FROM users WHERE userName='$username' AND password='$password' LIMIT 1";
      $results = $db->query($query);
      if($results->num_rows == 1){ //don't know how your database class is set up, but usually need to pass the result array with num_rows
         #successful login processed
         
         $cookieString = encryptText($username);
         setcookie('loginCookie', $cookieString, time()+21600); //i'd recommend using sessions not cookies, these are more secure for login system
         #$status = 'Welcome<br />';
         $sidebar = 'links.php';
         
      }
      else {
         #unsuccessful login attempt
         $sidebar = 'baduser.html';
      }
   }
   
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Admin Console</title>
</head>
<frameset cols="200,*" frameborder="no" border="0" framespacing="0">
  <frame src="<?php echo $sidebar; /*Use full php open and close tags*/?>" name="leftFrame" scrolling="No" noresize="noresize" id="leftFrame" title="leftFrame" />
  <frame src="about:blank" name="mainFrame" id="mainFrame" title="mainFrame" />
</frameset>
<noframes><body>
<?php echo $status; ?>
</body>
</noframes></html>

 

I've made a little change to you code, go through it as there are a couple of notes in there to!

[curtis]

I am totally new to php (and this forum) but used to code in java a while ago. I have an app I am trying to figure out and the first thing is a simple username/password login page that I can't get the two text fields to show up when I browse to the php page.

 

It used to work so I am not sure what is going on. Below is all the code that makes up this login php page. But, if you upload this to a web server and try to browse to it, the page appears blank. No text fields show up but should. Is there something in the functions.php file I should be looking at or something? Can someone help me with this please?

 

<snipped code>

 

There are no syntax errors in the code you showed (doing a lint check). However, there may be errors during run-time and/or errors in your included files.

 

Make sure to check your PHP error logs, and that PHP is indeed logging errors. In your development environment, it's helpful to use these settings in php.ini:

display_errors = On
error_reporting = E_ALL | E_STRICT

[sippy]

gevans,

thanks, i tried it but still the page shows up blank

 

curtis,

where do you think the logs would be? i ftp'd to the server and looked and there are no logs files.

[gevans]

display_errors = On
error_reporting = E_ALL | E_STRICT

 

Look at curtis' first quote!

[curtis]

curtis,

where do you think the logs would be? i ftp'd to the server and looked and there are no logs files.

 

If PHP is not logging or displaying errors, you will need access to php.ini (preferred), or try to change the settings during runtime:

 

<?php
// at the top of your script - this may not work, depending on how PHP's configured
set_ini('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);

...

?>

 

Try running script and see if you get any errors. If you are trying to debug on a live server, either test locally, or make a copy of your necessary files (the script and those included) and move them to an alternate directory; make sure the paths point to the proper files.

[sippy]

ok, keep in mind I am a dummy and totally new to php, I tried to find a php.ini file but had no luck. I have no development env, I just have dreamweaver with a ton of php files that make up this big app, so near with me. and thanks for trying.

 

I did add it to the top of my script and here's the output now:

 

Fatal error: Call to undefined function set_ini() in /home/content/p/a/r/parent411/html/admin.php on line 2

[gevans]

I'm guessing your using windows, just search for php.ini

[sippy]

yes, I have Windows. I searched and didn't find it,

[gevans]

You type php.ini in the search bar on your local machine and got nothing? What php/server installation do you have? Did you put this in place or does it come with dreamweaver?

[sippy]

yeah, I got nothing. I have no idea what php/server installation I have. First, I don't think I have any php loaded onto my local machine. Obviously the server must have php on it. I downloaded all the files from the server and am using that in dreamweaver. the programmer who did this is now gone and I am stuck trying to figure the whole thing out. And nothing comes with dreamweaver.

[curtis]

Your error is my fault (sorry, been a while since I've used that function). It should be "ini_set".

 

Edit: also, to find out more about your server's PHP installation, create a file somewhere not obvious, and in it, put only this:

 

<?php
phpinfo();
?>

 

Run the script, and carefully look it over. It should also tell you which php.ini you are using, and where it is.

[sippy]

thanks curtis, I tried it again and got a different error:

 

Not Found

The requested URL /<br /><b>Notice</b>: Undefined variable: sidebar in <b>/html/admin.php</b> on line <b>39</b><br /> was not found on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/1.3.33 Server at  Port 80

[gevans]

Are you loading the page without submitting anything?? If you do this the $sidebar variable is not set

 

 

<?php
   #login page
   include('sqlConn.php');
   include('functions.php');
   
   if(isset($_POST['submit'])){
      $username = mysql_real_escape_string($_POST['userName']); //make sure to protect against sql injection
      $password = md5($_POST['passWord']);
      
      #check username and password in DB
      
      $query = "SELECT * FROM users WHERE userName='$username' AND password='$password' LIMIT 1";
      $results = $db->query($query);
      if($results->num_rows == 1){ //don't know how your database class is set up, but usually need to pass the result array with num_rows
         #successful login processed
         
         $cookieString = encryptText($username);
         setcookie('loginCookie', $cookieString, time()+21600); //i'd recommend using sessions not cookies, these are more secure for login system
         #$status = 'Welcome<br />';
         $sidebar = 'links.php';
         
      }
      else {
         #unsuccessful login attempt
         $sidebar = 'baduser.html';
      }
   } else {

    $sidebar = 'defaultpagetoshow.html';   //this should be the page to show when a form hasn't been submitted

}
   
?>

[sippy]

yes, I am loading the page without submitting anything.

what is the code below? 

[curtis]

I edited my previous post with a suggestion to try phpinfo().

 

thanks curtis, I tried it again and got a different error:

 

Not Found

The requested URL /<br /><b>Notice</b>: Undefined variable: sidebar in <b>[...]</b> on line <b>39</b><br /> was not found on this server.

It seems $sidebar is undefined when you try and echo it out in the frame tag. It doesn't seem like that should be the case, from your code. Did you post the exact code with which you're working?

 

Also, did you make all the changes suggested in gevans' initial post? It contains some important improvements, one of the most important being the use of mysql_real_escape_string() to prevent SQL injection attacks.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/1.3.33 Server at server.com Port 80

Since the variable is undefined, you're not getting a valid resource. OT here, but configure your server to serve error pages for the various HTTP errors. There is an Apache forum for specifically dealing with Apache configuration issues.

[sippy]

curtis,

 

yes, I did post the same code and the updated version. what do you think i ought to try next?

and do you mind deleting the url in your post, I'd rather not have it here?

[sippy]

hey, I found a file with the same name but 'OLD' appended to the name, this may offer some clues:

 

<?php

#login page

include('sqlConn.php');

include('functions.php');

 

if(isset($_POST['submit'])){

$username = $_POST['userName'];

$password = md5($_POST['passWord']);

 

#check username and password in DB

 

$query = "SELECT * FROM users WHERE userName='$username' AND password='$password'";

$results = $db->query($query);

if($results->num_rows == 1){

#successful login processed

 

$cookieString = encrptText($username);

setcookie('loginCookie', $cookieString, time()+3600);

$status = 'Welcome<br />';

$links = '<a href="createVendorPage.php" target="mainFrame">Create Vendor</a>

<br /><br />

<a href="manageVendor.php" target="mainFrame">Manage Vendor</a>

<br /><br />

<a href="sponsoredLink.php" target="mainFrame">Sponsored Links</a>

<br /><br />

<a href="manageCategories.php" target="mainFrame">Manage Categories</a>

<br /><br />

<a href="createUser.php" target="mainFrame">Create User</a>

<br /><br />

<a href="logout.php" target="mainFrame">Logout</a>

<br /><br />';

$status .= $links;

 

}

else {

#unsuccessful login attempt

$status = "Invalid User Name or Password";

}

}

 

?>

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Admin Links</title>

</head>

 

<body>

[gevans]

You haven't made any of the changes we suggested.

 

setting $status after your initial if statement, adding mysql_real_escape_string so that I won't come and hack your site etc...

[curtis]

curtis,

 

yes, I did post the same code and the updated version. what do you think i ought to try next?

and do you mind deleting the url in your post, I'd rather not have it here?

 

Showing your absolute path shouldn't be too big a security issue. Presumably, you aren't going to keep it there permanently, but in any case, I edited it out.

 

As for what's next, I'm quite tired at the moment, so I think I'm going to turn in for now. I just saw you posted the "old" version. I like it much better, for the simple fact that it doesn't use frames. It still has problems that gevans mentioned about your original posting, though. Also, you define the variable for output, but it never does get echo'd later in the script.

 

To be honest, all this seems to be the tip of the ice berg, IMO. If you have the time and desire, you'll want to absorb a lot of tutorials and practice coding. Otherwise, maybe consider contracting a PHP developer.

 

Good luck.

[sippy]

thanks for the help, I will learn or hire for sure

 

but you didn't take the url out in your earlier post, it's still there, right after the Apache/1.3.33 Server at

can you delete it still?

[acallahan]

Is it possible that the use of frames is causing this? I'm no expert, but recently finished a lesson in frames in class. We were able to see the frames page if we typed in the exact url, but not if we navigated there from a non-frames page. We were simply told that it had to do with modern browsers and the use of frames becoming obsolete, and that it was a good example of why frames should never be used in the real world.

[curtis]

Sorry, it seems the permissions are set up to allow reg. users to edit posts for a limited time.