lofaif Posted October 14, 2011 Share Posted October 14, 2011 hello ! .. im a newi .. and i tried for a long time to fix this , its about comparison between the <form> information about the user and the actually information in the database ... LOGIN problem everytime he redirecty me to the main_page.php here is the proccesing code : <?php require_once("includes/connection.php");?> <?php require_once("includes/functions.php");?> <?php //to redirect u if u make an error ! global $errors; $errors=array(); $fields_array=array('user_name','user_password'); foreach($fields_array as $field){ if(!isset($_POST[$field]) || empty($_POST[$field])){ $errors[]=$field; }} if(!empty($errors)){ header("Location: errors.php"); exit; } ?> <?php $user_name=mysql_prep($_POST['user_name']); $user_password=mysql_prep($_POST['user_password']); ?> <?php $result=mysql_query("SELECT * FROM users",$connection); if(!$result){ die("Database query failed: " . mysql_error());} ?> <?php while($row=mysql_fetch_array($result)){ $user_ver=array($row['user_name'],$row['user_password']); if($user_ver[0]==$user_name AND $user_ver[1]==$user_password){ header("Location: login_suc.php"); exit; }} header("Location: main_page.php"); exit; ?> <?php mysql_close($connection); ?> Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/ Share on other sites More sharing options...
AyKay47 Posted October 14, 2011 Share Posted October 14, 2011 1. using global the way you do does nothing, and should be avoided.. where you have declared $errors automatically makes it available in the global scope.. 2. mess of code there really, this begins with your query.. what I suggest doing is using the user input for user_name and password and check those values with the appropriate table.. $user_name = $_POST['user_name']; $password = $_POST['user_password']; $result=mysql_query("SELECT * FROM users WHERE user_name = '$user_name' AND user_password = $password",$connection); if(mysql_num_rows($result) == 0){ // user doesn't exist }else{ //user does exist } something like that.. 3. where are you actually being redirected? Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279362 Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 1. using global the way you do does nothing, and should be avoided.. where you have declared $errors automatically makes it available in the global scope.. What are you talking about? You must be thinking of JavaScript where defining a variable outside any function will give it global scope. That is NOT true for PHP. $foo = "bar"; function echoFoo() { echo "The value of foo is $foo"; } echoFoo(); //Output: The value of foo is Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279364 Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 OK, now to comment on the code. There are problems. The first order of business is to properly structure your code so you can visualize the logical flow. Some issues I see: 1. You are querying the DB for ALL records and then trying to match them in PHP code. You only need to query the DB for the ONE record you are looking for then check if there was a record returned. 2. Since you don't appear to be using anything in the include files for the validation, move the includes() until after the validation is completed. 3. If you are not going to use the errors array, then you don't need it. You could simply do the redirect as soon as the first validation error is triggered. Personally I would use the errors array to display the errors the user made, but your current implementation does a header redirect so you lose all that information. 4. Since you are doing a redirect and exit for all the conditions the mysql_close() function never gets run. But, that's ok. However, you should really find a better way of displaying the results without using die() for the error conditions. 5. You should not be storing the password in clear text. You should be hashing the password with a salt. Revised code <?php //The fields to validate $fields_array = array('user_name', 'user_password'); foreach($fields_array as $field) { //Trim POST values so value with only spaces is not considered valid $field = trim($field); if(!isset($_POST[$field]) || empty($_POST[$field])) { header("Location: errors.php"); exit; } } //Move connection/functions down here since you only need //to runthem if validation above passes require_once("includes/connection.php"); require_once("includes/functions.php"); $user_name = mysql_prep($_POST['user_name']); $user_password = mysql_prep($_POST['user_password']); $query = "SELECT * FROM users WHERE user_name = '{$user_name}' AND user_password = '{$user_password}'"; $result = mysql_query($query, $connection); if(!$result) { die("Database query failed: " . mysql_error()); } elseif(mysql_num_rows($result)==0) { //No matching record header("Location: main_page.php"); exit; } else { //Match found header("Location: login_suc.php"); exit; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279369 Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 Edit: Deleted Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279370 Share on other sites More sharing options...
AyKay47 Posted October 14, 2011 Share Posted October 14, 2011 custom functions are the exception.. Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279373 Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 custom functions are the exception.. Again, what are you talking about? Either a variable has global scope or it doesn't. If you look at the manual for variable scope all the examples have to do with whether or not the variable has scope within functions/classes. To say that the variable $errors (inthe code posted by the OP) has global scope is patently false. http://php.net/manual/en/language.variables.scope.php Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279394 Share on other sites More sharing options...
AyKay47 Posted October 14, 2011 Share Posted October 14, 2011 meh I had my mind on C for some reason.. I do not need to read references from the manual.. I have read the entire document Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279404 Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 meh I had my mind on C for some reason.. I do not need to read references from the manual.. I have read the entire document I didn't tell you to go read the document. I provided the link for reference for anyone reading this post. Posting misinformation is very detrimental. Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279407 Share on other sites More sharing options...
AyKay47 Posted October 14, 2011 Share Posted October 14, 2011 ok lets get back on track here.. Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279408 Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 ok lets get back on track here.. There is nothing to get back on track with. I have already provided a solution via improved code. It was only taken off track because of misinformation which I had to correct multiple times. However, to directly respond to the original issue, the problem was likely due to this $result=mysql_query("SELECT * FROM users",$connection); // . . . while($row=mysql_fetch_array($result)){ $user_ver=array($row['user_name'],$row['user_password']); if($user_ver[0]==$user_name AND $user_ver[1]==$user_password){ Since the OP was using * in the SELECT query and then referencing the fields by their order index (i.e. 0, 1) I suspect that the first two field in the query were not the username and password. That is why you should almost always: 1) List out the fields you need in the SELECT query 2) Reference the fields from the query by name (I always use mysql_fetch_assoc()) Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279415 Share on other sites More sharing options...
AyKay47 Posted October 14, 2011 Share Posted October 14, 2011 you ramble too much Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279418 Share on other sites More sharing options...
jcbones Posted October 14, 2011 Share Posted October 14, 2011 I thought Mj did a great job on this whole thread. Can't we all just get along? Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279427 Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 you ramble too much Really? Every response I have made in this thread has been in respect to the OP's original question or to correct misinformation that you provided. That is, until this specific post, to respond to your derogatory comment. Whereas, you have had five individual responses in this thread and FOUR of those have had nothing to do with promoting the resolution of the issue or provide any meaningful information. custom functions are the exception.. meh I had my mind on C for some reason.. I do not need to read references from the manual.. I have read the entire document (note: "reading" != "comprehending") ok lets get back on track here.. you ramble too much If you have a problem with me, take it up in a PM or the Admins. Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279455 Share on other sites More sharing options...
AyKay47 Posted October 14, 2011 Share Posted October 14, 2011 mj is great and I think very highly of him.. this was a simple mistake in wording that can happen, im not perfect.. what I meant is any variable that is declared in the scope of the page can be used at anytime in that page as long as the code is written in the local scope of the page, the exception is of course if there is a custom function present, which has its own local scope.. but in this particular code there is not so it doesn't apply. A simple correction was all that was needed here.. Edit: my apologies for the last comment mj, I myself prefer for discrepancies to be taken care of via private message instead of in the thread.. I made a mistake, thank you for pointing it out.. Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279457 Share on other sites More sharing options...
lofaif Posted October 14, 2011 Author Share Posted October 14, 2011 ?? thanks guys !!! ive solved the problem ! Quote Link to comment https://forums.phpfreaks.com/topic/249129-a-very-simple-problem-help-meee/#findComment-1279459 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.