Output Problem?

[inulled]

<?php
    include("global-settings.php");
    session_start();
    mysql_connect($dbhost, $dbuser, $dbpass)or die("Could Not Connect: " . mysql_error());
    mysql_select_db($dbname) or die(mysql_error());
    $email      = mysql_real_escape_string(strip_tags($_POST['email']));
    $password  	= mysql_real_escape_string(strip_tags(sha1($_POST['password'])));
    $result  	= mysql_query("SELECT * FROM users WHERE username='$email' AND password='$password'");

while (mysql_fetch_array($result)) {
if ($email != $row['username'] && $password != $row['password']) { 
        $_SESSION['user_pid']    = $row['user_pid'];
        $_SESSION['firstname']   = $row['first_name'];
        header("Location: ../protected/home.php");
    } else {
        $userid_generator = uniqid(rand(), false);
        $date = date("Y/m/d");
        mysql_query("INSERT INTO users (user_pid, username, password, datetime_registered) 
        VALUES('$userid_generator', '$email', '$password', '$date')") or die(mysql_error()); 
        $_SESSION['userid'] = $userid_generator;

        $result1 = mysql_query("SELECT * FROM leaders");

        $id = $result1['id'];
        mysql_query("INSERT IGNORE INTO friends (node1id, node2id, is_leader, friends_since, friend_type)
    VALUES('$id', '$userid_generator', 'Yes', '$date', 'full')") or die(mysql_error());     
    }
}
?>

 

For some reason this code outputs a blank screen. It either has to do with my while loop or my if...else statement. Any help?

[mikesta707]

Try turning error reporting on to see if that page produces any PHP errors by sticking the following at the very top of the page

 

error_reporting(E_ALL);
ini_set('error_reporting', E_ALL);

[AyKay47]

need to change your while loop to

 

while ($row = mysql_fetch_array($result))

 

Edit: mikesta gave you a good way to debug code for things like this.. if your code is outputting a blank screen, and you have error_reporting set to on.. there will more than likely be a few errors sent to your error log

[inulled]

Oh yeah lol I forgot to add the $row, but it still doesn't work. And I added that code, nope, no errors reported.

[requinix]

1. Your script doesn't output anything. Of course the page is blank.

2.

if ($email != $row['username'] && $password != $row['password']) { 

That logic is wrong.

3. You don't even need that logic because you put it in the SQL query already.

"SELECT * FROM users WHERE username='$email' AND password='$password'"

4. The else block will never execute because the query won't return anything if there aren't any matching rows.

5. However because of #2 it did, and it will have every time you ran the page. Which means you probably have a bunch of duplicate rows in the users and maybe friends tables.

6. Why isn't there a UNIQUE constraint on the users.username field?

7. Do not generate ID numbers yourself. Use an AUTO_INCREMENT.

8a.

$result1 = mysql_query("SELECT * FROM leaders");

$result1 is a resultset resource. It is not a row from the query, so

$id = $result1['id'];

will not work.

8b. You need a loop there if you want the user to be friends with every leader.

9. Don't use "Yes" for a true/false column. Use a TINYINT(1) and 1/0/true/false.

10.

$password  	= mysql_real_escape_string(strip_tags(sha1($_POST['password'])));

Because you SHA1ed the password, it will never have HTML tags and will always be SQL safe. Those two functions are doing nothing for you.

11a. If you're setting $_SESSION values before redirecting, call session_write_close in between to be safe.

11b. Always exit; or die; after a header() redirect.

[inulled]

<?php
session_start();
    include("global-settings.php");
    mysql_connect($dbhost, $dbuser, $dbpass)or die("Could Not Connect: " . mysql_error());
    mysql_select_db($dbname) or die(mysql_error());
    $email      = mysql_real_escape_string(strip_tags($_POST['email']));
    $password  	= sha1($_POST['password']);
    $result  	= mysql_query("SELECT * FROM users");

while ($row = mysql_fetch_array($result)) {
if ($row['email'] == $email && $row['password'] == $password) { 
        $_SESSION['myid'] = $row['id'];
	echo "logged in";
    } else {
        $date = date("Y/m/d");
	$id = $row['id'];
        mysql_query("INSERT INTO users (email, password, datetime_registered, is_leader) 
        	VALUES('$email', '$password', '$date', 'no')") or die(mysql_error());
	mysql_query("INSERT IGNORE INTO friends (node1id, node2id, is_leader, friends_since, friend_type)
		VALUES('$id', '$userid_generator', 'Yes', '$date', 'full')") or die(mysql_error());
	$_SESSION['myid'] = $row['id'];
	echo "new user created";
	}
    }
?>

 

Still no output. Although when I echo something at the end of the script, it outputs. But nothing outputs when the if statements are run.

[requinix]

session_start();

include("global-settings.php");
mysql_connect($dbhost, $dbuser, $dbpass) or die("Could not connect to the database.");
mysql_select_db($dbname) or die("Could not connect to the database.");

$email = mysql_real_escape_string(strip_tags($_POST["email"]));
$password = sha1($_POST["password"]);
$result = mysql_query("SELECT * FROM users WHERE username = '{$email}' AND password = '{$password}'");

if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
$_SESSION["myid"] = $row["id"];
echo "logged in";
} else {
mysql_query("INSERT INTO users (email, password, datetime_registered, is_leader) VALUES ('{$email}', '{$password}', NOW(), 'no')");
$id = mysql_insert_id();
mysql_query("
	INSERT IGNORE INTO friends (node1id, node2id, is_leader, friends_since, friend_type)
	SELECT id, {$id}, 'Yes', NOW(), 'full'
	FROM users WHERE is_leader = 'Yes'
");

$_SESSION["myid"] = $id;
echo "new user created and logged in";
}

// session_write_close();
// header("Location: ../protected/home.php");
// exit;

?>

[inulled]

Thanks allot!

[inulled]

Now how would I take the same code and if is_leader is set to "yes" take the registering user and insert a friendship in the friends table?