Check Login Process/Error

[Pikachu2000]

You have a problem with your logic and/or your comparisons. Did you write the code? Do you even know what it does?

[Christian F.]

I can answer that for you, to save you the trouble of reading the entire thread: Nope, and nope.

Despite repeated pleas from just about everyone that he start with the basics, he refuses and claims that crashing headlong into this is a better way to learn. Which is why most of us have given up on him.

[darkfreaks]

my head just wants to explode reading 4 pages of sheer ignorance from the OP. 

[justlukeyou]

my head just wants to explode reading 4 pages of sheer ignorance from the OP. 

 

Trust me my head also wants to explode also.

 

On here http://forums.phpfreaks.com/index.php?topic=37442.0 it says  "All of this can be avoided if you make sure that your favorite editor saves your documents without the byte order mark or, alternatively, by enabling output buffering in php.ini."

 

Yet on the forum when I ask if I should do this I'm told "nope".  Thats its just "nope". 

 

Why does the sticky guide say I should enable output buffering in php.ini yet on the forum I'm told "nope".

[darkfreaks]

my head just wants to explode reading 4 pages of sheer ignorance from the OP. 

 

Trust me my head also wants to explode also.

 

On here http://forums.phpfreaks.com/index.php?topic=37442.0 it says  "All of this can be avoided if you make sure that your favorite editor saves your documents without the byte order mark or, alternatively, by enabling output buffering in php.ini."

 

Yet on the forum when I ask if I should do this I'm told "nope".  Thats its just "nope". 

 

Why does the sticky guide say I should enable output buffering in php.ini yet on the forum I'm told "nope".

NEW EDIT TO THIS TOPIC:

 

what usually results in these errors is poor script design.  when one processes a form, they should do it BEFORE OUTPUTTING ANYTHING TO THE BROWSER.  there is NO reason that the process cannot be operated in the header of the document, before any HTML is output.

 

let's take a common example.  the programmer wants a login form which checks the username and password against the database.  if they don't match, then don't set a cookie remembering them and tell them it failed.  if they do match, set the cookie and send them to a member page.  many will do:

 

[php processing the form]

[form code]

 

because they can simply echo any errors straight from PHP right above that form.  they can also send a success message, set the cookie, and header() them off on their merry way without seeing the form again.  it's a logical place to put this code.  think again.  you'll (perhaps not so) obviously get header errors when you go to use setcookie() and header().  if the login fails, it's dandy, but if you have a successful login the user gets nowhere.

 

answer:  put the processing in the header, and store the results in variables.  perhaps a $result variable that is 1 if successful, 0 if failed.  then $output that contains either a success message or customized error messages.  the new code would look like:

 

[php processing the form (if it was sent) and storing the results]

[html starting the page and layout]

[php echoing the results]

[form code if failed - exit(); if successful]

[justlukeyou]

What do you think to this guide?  What guide would you recommend to learn how to create a membership script.

 

http://edrackham.com/php/php-login-script-tutorial/

 

I have made a a bit of progress.  By adding an else to show that someone is logged in and moving the header location to here the page no longer automatically loads onto the index page.

 

<?php
ob_start(); session_start();
   if(!$ses_user && !$ses_pass){
      echo "You need to be logged in to view this page.";
   }else{  
            echo "You have successfully logged in.";

		 header('Location: /index.php');

        }  
?>

 

However when I enter the correct login nothing happens.  When I enter false login information I still get this message:

 

    $p_check = $check["password"];
                        
                        if($u != $u_check && $p != $p_check){
                            $msg .= "<p>The username or password was incorrect.</p>";
                        }
                        

 

 

 

[KevinM1]

Again, your echo in the else clause won't show.  Technically, it will display, but the header command will be invoked immediately after, bringing the user to a new page that DOES NOT have that message.

[justlukeyou]

I understand that but at least it has autoloading to the index page without doing anything.

 

Where I can specifically learn how to build a registration script?

 

 

[White_Lily]

If you have a local library/book store, try finding a "Computing" section - it's more than likely that they will have books on; HTML, CSS and PHP - maybe even MySQL. If they do, try seeing if they are at beginners/novice level.

 

 

These books should give you a general understanding of what basic commands/tags do (some books also tell you what best practices are and how to properly layout your code ). Most HTML books come with a section dedicated to basic forms that do... well... nothing. but at least you get an idea of how to layout your form, and how to hide passwords on password fields, and implement textareas (usually for contact forms or online applications for jobs etc). The php books should also have a form section where it should tell you how to get the information into a database. (some also add a little validation but skip the validation if you can for now).

 

 

Once you have read & done any activities that these books consist of, then try implementing what you've learnt into a basic static site with very little functionality (no login/registration forms) once you understand all of that THEN try and go about making a registration form (with no validation) that will enter information into a database under the correct columns, then create a login form that just checks to make sure the username and password(s) are in the database, and sets a session to indicate that the user is logged in. You can then also add validation to your script(s) once you understand that.

 

 

This method will take a lot of time - but you more than likely won't regret it once you have what your looking for.

[spiderwell]

ypu say that, but I hae noticed a trend in bookshops no longer stocking programming books and instead books on 'how to use your ipad' or related to being an expert in photoshop, more all about software than programming, which is kinda of annoying!

[White_Lily]

Then in such case try ordering books online from book companies such as: "In easy steps" i believe its called. they have a range of books from HTML to AJAX/jQuery, etc.

[darkfreaks]

click the link(s) in my signature it should help you more than getting started in learning PHP

[White_Lily]

Here is the "In Easy Steps" website i was talking about:

 

 

http://www.ineasysteps.com/books-by-category/web-development/

[KevinM1]

Here's an updated version of the book I started with.  It has pictures and everything: http://www.amazon.com/PHP-MySQL-Dynamic-Web-Sites/dp/0321784073/ref=sr_1_1?s=books&ie=UTF8&qid=1347881081&sr=1-1&keywords=larry+ullman

[justlukeyou]

Hi,

 

I bought this book but I found it very slow going http://www.amazon.co.uk/Learning-MySQL-JavaScript-Step---Step/dp/0596157134/ref=sr_1_1?ie=UTF8&qid=1347883486&sr=8-1

 

I used this forum and built a database driven sales site complete with a discussion section in two months.  I learnt alot from that as well.  Thats why I continue using this forum. 

 

Once I have a script I can get a picture of how it works and how its put together.

 

What are peoples thoughts towards this guide:

 

http://edrackham.com/php/php-login-script-tutorial/

 

A quality tutorial on how to build a login script would do the job instead of piecing it together from books.

[darkfreaks]

i believe it would better suit yourself to buy some more PHP/javascipt/ajax books and read them up and practice what they teach. then make your own login system, instead of piecing code together or using already provided code.

[White_Lily]

Also, looking at that tutorial they cant even style their own code sections properly making it extremely hard to read.

 

and they cant even connect to their databases correctly either. (right click their supposed "Demo" of a failed connection script.)

 

MY SUGGESTION: Make things easy and get books.

[spiderwell]

the problem i have with books is you cant be sure on the typos, at least with most online resources, you get feedback and changes if they are needed!

 

plus books are costly and often go out of date quickly

[KevinM1]

Listen, there's nothing wrong with looking at working code seeing how it works.  You should be doing that.  However, it's best used as a supplement to learning, and as a springboard to discovering new things you didn't know.  The problem is that 3rd party scripts and tutorials will never be as useful as a good book.  3rd party scripts assume a certain level of ability for the people who will be using them, and tutorials tend to gloss over details and jargon due to space limitations.  Even worse, a lot of scripts and tutorials are old, and highlight bad ways to do things. 

 

O'Reilly books are good.  The Larry Ullman book I linked to above is great.  Apress books are generally good (although they tend to have some editing problems).  That said, you should only buy books whose latest copyright edition is from 2010 or later.  Why?  PHP 5.3 was released on June 30, 2009, and added a fair amount to the language itself.

[justlukeyou]

Thats what I'm talking about baby!

 

It took around 45 minutes to set up this guide http://edrackham.com/php/php-login-script-tutorial/ and I've already made a few minor changes such as displaying that the user is logged in.  Still have a lot of changes to make and to add an email authorisation but it looks to be a quality registration script I can have a go at developing.

 

No header errors either!

[Christian F.]

It is old, outdated and insecure. For reasons mentioned at least 2 times by me alone in this thread.

[justlukeyou]

It is old, outdated and insecure. For reasons mentioned at least 2 times by me alone in this thread.

 

But like I've said its a start.  Im not just going to use it straight away.  If I can get an upto date guide on entering data into a database I should be able to update the code to modernise it.

 

Where would I get latest code and ensure that it is secure.  A two year old book or a forum based on PHP?