Jump to content


Photo

includes/$_POST error i think.....


  • Please log in to reply
3 replies to this topic

#1 rempires

rempires
  • Members
  • PipPipPip
  • Advanced Member
  • 60 posts
  • LocationIndiana (USA)

Posted 23 September 2006 - 05:49 AM

okay so i'm making a log in script for my website, i already created the script to make a new user and everything.  the log in script works, at times.... i'll explain

my site has 2 input fields below the menu, username password and then a submit button, on submit it goes to login.phpaction=login

okay that works fine kinda, see if i put in the username and password from ym main index, were good, but if i try to put the suername apssword in from signup page or login page it jsut keeps saying username doesn't exist, so i decided to research into it, i'll give some code know for a demo


foreach ($_POST as $field => $value)
		{
			${$field} = strip_tags($value); 
		}


//do what action the $_get variable implies
switch (@$_GET['action'])
	{
		case "login":  //statements to log in with
		
		
	$connection = mysql_connect($DBhost, $DBuser,$DBpassword)
	or die ("Couldn’t connect to server.");
$dbase = mysql_select_db($database, $connection)
	or die ("Couldn’t select database.");
	
	
$sql = "SELECT memberName FROM Members WHERE memberName = '$username'";
	
$result = mysql_query($sql)
or die("Couldn't run sql query to retrieve username");
$passwrd = md5($passwrd);
$usernamecheck = mysql_num_rows($result);
	if ($usernamecheck == 1) // username is correct 
		{
			$sql = "SELECT memberName FROM Members WHERE memberName = '$username' AND password='$passwrd'";
				
			$result2 = mysql_query($sql)
				or die("couldn't run query to retrieve password");
			$passcheck = mysql_num_rows($result2);
			if ($passcheck > 0) //the password is correct
				{
					$_SESSION['auth']="yes";
					$_SESSION['username'] = $username;
					$todaystime = date("Y-m-d h:m:s"); 
					$sql = "UPDATE Members SET lastLogIn= '$todaystime' WHERE memberName='$username'";
					mysql_query($sql) 
						or die("Can’t execute login query.");
					
				}
			else // password is not correct 
				{
					echo "Your username exist, but it doesn not match the password, please try again:<p>";
echo "<table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td width='40%'>";
			include("Login/loginform.inc"); //load in log in form
echo "</td><td width='60%'><img src='images/stopmembersonly_w.gif'></td></tr></table>";
			echo "<p>Not a member yet? <a href='Signup.php'>click here to become one</a>";
			break; //display the reast of the form
				}
		} 
	else
		{
			echo "That username doesn't exist, please try again:<p>";
echo "<table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td width='40%'>";
			include("Login/loginform.inc"); //load in log in form
echo "</td><td width='60%'><img src='images/stopmembersonly_w.gif'></td></tr></table>";
			echo "<p>Not a member yet? <a href='Signup.php'>click here to become one</a>";
			break; //display the reast of the form
		}


to explain the above code, the location of the form/log in script is "Login/loginform.inc, here is the great aprt, when i run that form though that script it works fine, but if i run it one the left hand side menu, it fails, despite both being on the same page.

visual of script on same page http://www.revolutio...hp?action=login
the left hand menu doesn't work the one directly ont eh page does

** note on how called for menu, the menu is called by that page and then the menu calls Login/loginform.inc, (the script is located in a declared include_path)

okay so noticing this i decided to do mroe research
i took the following code from the begining

foreach ($_POST as $field => $value)
		{
			${$field} = strip_tags($value); 
		}

and changed it to this

foreach ($_POST as $field => $value)
		{
			${$field} = strip_tags($value); 
echo "$field <br> $value<br>"; 
		}

and wala, when it ran from the side menu the values are empty, like they don't exist didn't get transfered, but running that same form exact form, sjut not from the side menu and it works....

please help, if you have ANY questions i'll get right on answereing them, i'm very confused right know, i'm fairly new to php, i vb .net and i'm taking asp and c++ in high school this year, but i've spent a very long time trying to correct this and i jsut can't figure it out, there are more erros, but those i know how to fix, and i figure one error at a time....

sry about teh messy code, it's 1am here and i jsut wanted to put this up and go to beed, it's not normally so messy, but i've been screwing around with it for a while and i screwed up all my indentions and 1/2 my other scripts... once i get cought, it really bothers me....

#2 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 23 September 2006 - 06:10 AM

Just asking why you got two forms to login ?

wouldnt it be better to delete the center form and leave the rest, that way users that have got a account can use the side form to login.

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#3 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 23 September 2006 - 06:11 AM

I like the way that you are trying to handle the post variables but I think that you are setting the $field variable to the strip_tags($value) .

Also, for future reference you should use the [php] your php code without the <?php ?> [/php]

To show php code like this.

foreach ($_POST as $field => $value) {
   $f = mysql_real_escape_string(trim($field));  
   $val = mysql_real_escape_string(trim($value));
   echo $f . '<br />' . $val . '<br />';
}

The ^ above code is untested but it should work fine.

now to display code that has the <?php ?> tags use the following [code][/code]

This is how I personaly like to use the switch statment.

<?php
session_start();
include("db.php"); //your database connection file.
$validActions = array('login', 'something_else');
$action = strip_tags($_GET['action']);
if (!in_array($action, $validActions)) {
   die("Invalid Action");
}
function getaction($action) {
   switch($action) {
       case "login":
       //your code for the login action
       break;
       case "something_else":
       //your code for something else
       break;
   }
}
getaction($action);
?>

I hope that helps a bit..

Good Luck,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#4 rempires

rempires
  • Members
  • PipPipPip
  • Advanced Member
  • 60 posts
  • LocationIndiana (USA)

Posted 23 September 2006 - 06:44 AM

hmm, somthing tells me i'm doing somthing really stupid, i know this error but i can't think of what it is i missed

i know why the error is being caused know, the form works fine UNLESS the url already reads Login.php?action=login, if it reads that it errors out (unless i log in with the script from the center, which has the exact same include as the other one, which i don't understand). otehrwise, if it jsut read Login.php it works fine, it's only after i already have had 1 failed log in and sentt eh get data.  i'm pretty sure i know this error and i'm pretty sure it's an easy fix... but i jsut can't think

tomfmason - really like that switch statement, really good idea, i might end up using it yet, even if it does mean reduing multiple pages, will work better in the long run. but as for the foreach statment i think you misread it, i never change the data in the $field variable.

the $field variable stays the same
because it's ${$field} it makes a new variable with the data that was in the field var, so if $field contained bob and value contained 3

it would make $bob = 3

i lvoe those little {} around vars, so powerful.

i really wish i could think right know....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users