Jump to content

error of coding

optiplex

By optiplex
in PHP Coding Help

 Share

Recommended Posts

optiplex Newbie

optiplex

Posted
  • Author
Posted

basically the problem is the username and password session variables don't get passed to next url..

 

the coding to check is 

<?php

ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username xx
$password="root"; // Mysql password 
$db_name="algebraf_account"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $t_nick and $t_password 
$t_nick=$_POST['t_nick']; 
$t_password=$_POST['t_password'];

// To protect MySQL injection (more detail about MySQL injection)
$t_nick = stripslashes($t_nick);
$t_password = stripslashes($t_password);
$t_nick = mysql_real_escape_string($t_nick);
$t_password = mysql_real_escape_string($t_password);

$sql="SELECT * FROM $tbl_name WHERE t_nick='$t_nick' and t_password='$t_password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $t_nick and $t_password, table row must be 1 row

if($count==1){
// Register $t_nick, $t_password and redirect to file "list_details.php"
//session_register("t_nick");
//session_register("t_password"); 
//echo $t_nick;
//exit;
$_SESSION["t_nick"] = $t_nick;
$_SESSION["t_password"] = $t_password;
header("location:index.php?t_nick=$t_nick"); //HERE IM TRYING TO PASS THE USERNAME
}
else {
echo "Wrong Username or Password.. please <a href=login.php>re-login";
}

ob_end_flush();
?>

 

tq

Link to comment
Share on other sites
akitchin Regular Member

akitchin

Posted
Posted

first, i see no mention of $_GET['username'], so i'm not sure how this section is related to your initial question.

 

otherwise, the reason SESSION variables are not being passed is (i suspect) you are missing session_start(); at the very top of the script. that needs to be on EVERY page in order to pass session variables along.

Link to comment
Share on other sites
optiplex Newbie

optiplex

Posted
  • Author
Posted

ok.. ive put $_GET

<?php

$t_nick=$_GET['t_nick'];

ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username xx
$password="root"; // Mysql password 
$db_name="algebraf_account"; // Database name 
$tbl_name="members"; // Table name

 

and ive put 

session_start();
$_SESSION["t_nick"] = $t_nick;
//echo "namo den $t_nick";
//exit;
if(!session_is_registered(t_nick)){
header("location:login.php");
}

 

at the top of every script. tq

Link to comment
Share on other sites
optiplex Newbie

optiplex

Posted
  • Author
Posted

dear akitchin..

 

checking the username and password (checklogin.php)

<?php
$t_nick=$_GET['t_nick'];

ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username xx
$password="root"; // Mysql password 
$db_name="algebraf_account"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


// Define $t_nick and $t_password 
$t_nick=$_POST['t_nick']; 
$t_password=$_POST['t_password'];

// To protect MySQL injection (more detail about MySQL injection)
$t_nick = stripslashes($t_nick);
$t_password = stripslashes($t_password);
$t_nick = mysql_real_escape_string($t_nick);
$t_password = mysql_real_escape_string($t_password);

$sql="SELECT * FROM $tbl_name WHERE t_nick='$t_nick' and t_password='$t_password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $t_nick and $t_password, table row must be 1 row

if($count==1){
// Register $t_nick, $t_password and redirect to file "list_details.php"
//session_register("t_nick");
//session_register("t_password"); 
//echo $t_nick;
//exit;
$_SESSION["t_nick"] = $t_nick;
$_SESSION["t_password"] = $t_password;
header("location:index.php");
}
else {
echo "Wrong Username or Password.. please <a href=login.php>re-login";
}

ob_end_flush();
?>

 

index.php

<?php
session_start();
if(!session_is_registered(t_nick)){
header("location:login.php");
}

include "config.inc";
include "connect.inc";

$t_nick=$_GET['t_nick']; 


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>AlgebraForex</title>
<link href="../style.css" rel="stylesheet" type="text/css" />
</head>
<?

if ($t_nick) {
          		$sql = "select *  from
                     trader_details where t_nick='$t_nick' ";

                   $res = mysql_query($sql);
               echo mysql_error();
             
  	           		$row 			= mysql_fetch_row($res);
				$id				= $row[0];
				$t_nick			= $row[1];
				$t_password		= $row[2];
				$t_name			= $row[3];
				$t_telefon		= $row[4]; 
				$t_email		= $row[5];
				$t_alamat		= $row[6];
				$t_ic  			= $row[7];
             	$intro 			= $row[8];
             	$no_akaun		= $row[9];
				$bank			= $row[10];
             	$w_nama  		= $row[11];
             	$w_telefon 		= $row[12];
				$w_alamat		= $row[13];
				$w_ic			= $row[14];
				$p_status		= $row[15];
				$acc_no			= $row[16];
				$acc_status		= $row[17];
				$reg_date		= $row[18];
				$trade_cat		= $row[19];

			}

			//echo $sql;
			//exit;
	?>
  
<body>
<table width="90%" border="0" align="center">
  <tr>
    <td><h1>algebraforex.com</h1></td>
  </tr>
  <tr>
    <td> </td>
  </tr>
  <tr>
    <td><div align="center">| My Profile |
      <? 

$semakdeposit = mysql_query ("SELECT * from deposit where t_nick ='$t_nick'");
if (mysql_num_rows($semakdeposit) == 0) 
{

echo "<a href=deposit.php?t_nick=$row[1]>Deposit</a> |"; 

}
else
{
echo "Add Account |"; 
}

      echo " <a href=withdraw.php?t_nick=$row[1]>Withdrawal</a>
|  Msg To Admin | <a href=aff_report.php?t_nick=$row[1]>Affiliate Report</a>";?>
      | </div></td>
  </tr>
  <tr>
    <td> </td>
  </tr>
  <tr>
    <td><div align="center"></div></td>
  </tr>
  <tr>
    <td><table width="80%" border="0" align="center">
      <tr>
        <td colspan="2" bgcolor="#E4E4E4"><h2>Maklumat : <strong><?php echo htmlentities ($t_nick);?></strong></h2></td>
      </tr>
      <tr>
        <td colspan="2"> </td>
      </tr>
      <tr>
        <td width="26%"><div align="right">Status Akaun : </div></td>
        <td width="74%"><strong><?php echo htmlentities ($acc_status);?>
          <input name="id" type="hidden" value="<?php echo $id ?>" />
        </strong></td>
      </tr>
      <tr>
        <td><div align="right"></div></td>
        <td> </td>
      </tr>
      <tr>
        <td><div align="right"></div></td>
        <td><strong><?php echo htmlentities ($t_name);?></strong></td>
      </tr>
      <tr>
        <td> </td>
        <td><strong><?php echo htmlentities ($t_alamat);?></strong></td>
      </tr>
      <tr>
        <td> </td>
        <td><strong><?php echo htmlentities ($t_email);?></strong></td>
      </tr>
      <tr>
        <td> </td>
        <td><strong><?php echo htmlentities ($t_telefon);?></strong></td>
      </tr>
      <tr>
        <td> </td>
        <td> </td>
      </tr>
      <tr>
        <td colspan="2" bgcolor="#E4E4E4"><h2>Maklumat Akaun </h2></td>
        </tr>
      <tr>
        <td><div align="right">Kategori Akaun : </div></td>
        <td><strong><?php echo htmlentities ($trade_cat);?></strong></td>
      </tr>
  <tr>
    <td><div align=right>Baki : </div></td>
    <td>
	<?
	if ($t_nick) {
          		
			 //nengok berpa dia dah keluarkan

				$sql2 = "select t_nick ='$t_nick', sum(wd_amount) as TWdraw
						from withdraw WHERE t_nick ='$t_nick'";

			   $res = mysql_query($sql2);
			   echo mysql_error();
         		$row = mysql_fetch_assoc($res);
				$totalWithdraw = $row['TWdraw'];



				//kira profit bonus sendirik
				$sql3 = "select t_nick ='$t_nick', sum(total_bonus) as TBonus2
						from profit_bonus WHERE t_nick ='$t_nick'";


                   $res = mysql_query($sql3);
               echo mysql_error();
			   $row = mysql_fetch_assoc($res);
				$totalTBonus2 = $row['TBonus2'];

				//kira deposit saya
				$sql4i = "select t_nick ='$t_nick', sum(dep_amount) as TBonus1i
						from deposit WHERE t_nick ='$t_nick'";

                   $res = mysql_query($sql4i);
               echo mysql_error();
			    $row = mysql_fetch_assoc($res);
				$totalTBonus1i = $row['TBonus1i'];

  	          //kira profit bonus yg kita introduce
				$sql3i = "select t_nick ='$t_nick', sum(total_bonus) as TBonus3
						from profit_bonus WHERE intro ='$t_nick'";


                   $res = mysql_query($sql3i);
               echo mysql_error();
			   $row = mysql_fetch_assoc($res);
				$totalTBonus3 = $row['TBonus3'] * (5/100);

			//kira deposit org
				$sql4 = "select t_nick ='$t_nick', sum(dep_amount) as TBonus1
						from deposit WHERE intro ='$t_nick'";

                   $res = mysql_query($sql4);
               echo mysql_error();
			   $row = mysql_fetch_assoc($res);

			//kira 5% dari deposit utk introducer
			$totalprofit1 = $row['TBonus1'] * (5/100);

			}


					//echo "owner acc $t_nick<br>";

		 $baki = ($totalTBonus2 + $totalTBonus1i + $totalTBonus3 + $totalprofit1) - $totalWithdraw;
		 echo "<b>RM $baki</b>"; 
	?>		</td>
    </tr>
  <tr>
    <td><div align=right>Introducer : </div></td>
    <td><strong><?php echo htmlentities ($intro) ;?></strong></td>
    </tr> 
      
  <?php
  		if ($trade_cat != 'affliate')
		{
  echo "
  
  <tr>
        <td><div align=right>No Account : </div></td>
        <td><strong>$acc_no</strong></td>
      </tr>
  
	";
	}

	?>
    </table></td>
  </tr>
</table>
</body>
</html>

 

tq..

Link to comment
Share on other sites
Danny620 Advanced Member

Danny620

Posted
Posted

if its a log-in script that stores the username and password in a session then you would just create a 2 text fields with the names as 'user' & 'pass' and submint buttion and basically just create a script that checks the user & pass have been $_post then validate them and check them against the db to see if they match. then if they do just store the 'user' & 'pass' in session.

Link to comment
Share on other sites
akitchin Regular Member

akitchin

Posted
Posted

alright, there are still some problems with your code:

 

1. you need session_start() at the top of EVERY PAGE. that INCLUDES checklogin.php and login.php.

 

2. if you're submitting the form and getting t_nick via $_POST, you don't need it via $_GET. remove that line from the top of checklogin.php.

 

3. session_is_registered() is deprecated, and you're not even passing it a string. you're trying to pass it a constant that doesn't exist. in index.php you can simply use:

 

if (!isset($_SESSION['t_nick']))

 

4. in index.php, 't_nick' will be in the $_SESSION variable, not $_GET. use:

 

$t_nick = $_SESSION['t_nick'];

 

i'll be honest and say i think you're out of your element here - you may want to follow along some basic tutorials regarding variable types, assignment, and handling.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.