Jump to content

Mind Boggling PHP code (sessions related)


Andrius

Recommended Posts

ok this is the dumbest thing I have come across in a while... the PHP code on itself works perfectly but when inserted into this page... it ceases to work. and by not working I mean it refreshes the page it's on (eg: http://www.getliveevents.com/Admin_login.php will become http://www.getliveevents.com/Admin_login.php?do=login after submit is pressed)

[code]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
background-image: url(Images/bg_main.gif);
background-repeat: repeat-x;
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
a:link {
color: #FFFF00;
text-decoration: none;
}
a:visited {
color: #FFCC00;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
a:active {
text-decoration: none;
}
-->
</style></head>

<body>
<div align="center">
  <table width="1000" height="100%" border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td>&nbsp;</td>
      <td width="102" height="163"><img src="Images/1.gif" width="102" height="163" /></td>
      <td width="482" height="163"><img src="Images/2.gif" width="482" height="163" /></td>
      <td width="233" height="163"><img src="Images/3.gif" width="233" height="163" /></td>
      <td width="117" height="163"><img src="Images/4.gif" width="117" height="163" /></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td width="102" height="77"><img src="Images/5.gif" width="102" height="77" /></td>
      <td background="Images/6_bg.gif"><div align="center"><img src="Images/banner_top.jpg" width="468" height="60" /></div></td>
      <td width="233" height="77"><img src="Images/7.gif" width="233" height="77" /></td>
      <td width="117" height="77"><img src="Images/8.gif" width="117" height="77" /></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td width="32" height="40"><img src="Images/9.gif" width="32" height="40" /></td>
      <td width="102" height="40"><img src="Images/10.gif" width="102" height="40" /></td>
      <td width="482" height="40"><img src="Images/11.gif" width="482" height="40" /></td>
      <td width="233" height="40"><img src="Images/12.gif" width="233" height="40" /></td>
      <td width="117" height="40"><img src="Images/13.gif" width="117" height="40" /></td>
      <td width="34" height="40"><img src="Images/14.gif" width="34" height="40" /></td>
    </tr>
    <tr>
      <td width="32" height="80"><img src="Images/15.gif" width="32" height="80" /></td>
      <td width="102" height="80"><img src="Images/16.gif" width="102" height="80" /></td>
      <td height="80" colspan="2"><img src="Images/17.gif" width="715" height="80" /></td>
      <td width="117" height="80"><img src="Images/18.gif" width="117" height="80" /></td>
      <td width="34" height="80"><img src="Images/19.gif" width="34" height="80" /></td>
    </tr>
    <tr>
      <td height="100%" background="Images/20_runner_BG.gif">&nbsp;</td>
      <td height="100%" valign="top"><div align="right"><img src="Images/banner_left.jpg" width="100" height="487" /></div></td>
      <td height="100%" colspan="2" valign="top" background="Images/bg_inner.gif"><div align="center"><?php
  session_start();                                        # 9
  include("Includes/conn.php"); #10
  switch (@$_GET['do'])                                   #11
  {
    case "login":                                         #13
      $connection = mysql_connect($host, $user,$password) #14
               or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
               or die ("Couldn't select database.");      #17

      $sql = "SELECT username FROM getlive_admin
              WHERE username='$_POST[fusername]'";       #20
      $result = mysql_query($sql)
                  or die("Couldn't execute query.");      #22
      $num = mysql_num_rows($result);                     #23
      if ($num == 1)  // login name was found             #24
      {
         $sql = "SELECT username FROM getlive_admin
                 WHERE username='$_POST[fusername]'
                 AND password=password('$_POST[fpassword]')";
         $result2 = mysql_query($sql)
                   or die("Couldn't execute query 2.");   #30
         $num2 = mysql_num_rows($result2);
         if ($num2 > 0)  // password is correct           #32
         {
           $_SESSION['auth']="yes";                       #34
           $logname=$_POST['fusername'];
           $_SESSION['logname'] = $logname;               #36
           $today = date("Y-m-d h:i:s");                  #37
           $sql = "INSERT INTO getlive_login (username, logintime)
                   VALUES ('$logname','$today')";
           mysql_query($sql) or die("Can't execute query.");
           header("Location: Admin_index.php");           #41
         }
         else    // password is not correct               #43
         {
           unset($_GET['do']);                            #45
           $message="<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name, '$_POST[fusername]'
                     exists, but you have not entered the
                     correct password! Please try again.<br></font>";
           include("Includes/admin_login_form.inc");                     #49
         }
      }                                                   #51
      elseif ($num == 0)  // login name not found         #52
      {   
         unset($_GET['do']);                              #54
         $message = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name you entered does not
                     exist! Please try again.<br></font>";
         include("Includes/admin_login_form.inc");
      }
    break;                                                #59

    case "new":                                           #61
      foreach($_POST as $field => $value)                 #62
      {
        if (ereg("(Name)",$field))                        #75
        {
         if (!ereg("^[A-Za-z' -]{1,50}$",$value))
         {
           unset($_GET['do']);
           $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $field is not a valid name.
                            Please try again.<br></font>";
           include("/Includes/admin_login_form.inc");
           exit();
         }
        }
        $$field = strip_tags(trim($value));               #86
      } // end foreach
      if (!ereg("^[0-9)(xX -]{7,20}$",$corp_phone))            #96
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_phone is not a valid phone number.
                        Please try again.<br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }
      if (!ereg("^.+@.+\\..+$",$corp_email))                  #115
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_email is not a valid email address.
                         Please try again.<br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }                                                  #122
      /* check to see if login name already exists */
      $connection = mysql_connect($host,$user,$password) 
                or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
                or die ("Couldn't select database.");
      $sql = "SELECT username FROM getlive_admin
                WHERE username='$newname'";
      $result = mysql_query($sql)
                or die("Couldn't execute query.");
      $num = mysql_numrows($result);
      if ($num > 0)                                      #133
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $newname already used. Select another
                         Member ID. <br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }
      else                                               #141
      {   
        $today = date("Y-m-d");                          #143
        $sql = "INSERT INTO getlive_admin (username,createDate,password,corp_name,corp_phone,corp_email)
VALUES ('$newname','$today',password('$newpass'),'$corp_name','$corp_phone','$corp_email')";
        mysql_query($sql);                               #150
        $_SESSION['auth']="yes";                         #151
        $_SESSION['logname'] = $newname;                 #152
        /* send email to new member */                   #153
        $emess = "A new Member Account has been setup. ";
        $emess.= "Your new Member ID and password are: ";
        $emess.= "\n\n\t$newname\n\t$newpass\n\n";
        $emess.= "We appreciate your interest in our Live Shows";
        $emess.= " at GetLiveEvents.com. \n\n";
        $emess.= "If you have any questions or problems,";
        $emess.= " email [email protected]";
        $ehead="From: [email protected]\r\n";     #161
        $subj = "Your new Member Account from GetLiveEvents.com";
        $mailsend=mail("$corp_email","$subj","$emess","$ehead");
        header("Location: New_member.php");              #164
      }
    break;                                               #166

    default:                                             #168
        include("Includes/admin_login_form.inc");
  }
?>

</div></td>
      <td height="100%" valign="top"><div align="right"><img src="Images/banner_right.jpg" width="100" height="487" /></div></td>
      <td height="100%" background="Images/21_runner_BG.gif">&nbsp;</td>
    </tr>
  </table>
</div>
</body>
</html>[/code]

BELOW CODE IS WORKING CODE ON IT'S OWN

[code]<?php
/* Program: Login.php
* Desc:    Login program for the Members Only section of the
*          pet store. It provides two options: (1) login
*          using an existing Login Name and (2) enter a new
*          login name. Login Names and passwords are stored
*          in a MySQL database.
*/
  session_start();                                        # 9
  include("Includes/conn.php"); #10
  switch (@$_GET['do'])                                   #11
  {
    case "login":                                         #13
      $connection = mysql_connect($host, $user,$password) #14
               or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
               or die ("Couldn't select database.");      #17

      $sql = "SELECT username FROM getlive_admin
              WHERE username='$_POST[fusername]'";       #20
      $result = mysql_query($sql)
                  or die("Couldn't execute query.");      #22
      $num = mysql_num_rows($result);                     #23
      if ($num == 1)  // login name was found             #24
      {
         $sql = "SELECT username FROM getlive_admin
                 WHERE username='$_POST[fusername]'
                 AND password=password('$_POST[fpassword]')";
         $result2 = mysql_query($sql)
                   or die("Couldn't execute query 2.");   #30
         $num2 = mysql_num_rows($result2);
         if ($num2 > 0)  // password is correct           #32
         {
           $_SESSION['auth']="yes";                       #34
           $logname=$_POST['fusername'];
           $_SESSION['logname'] = $logname;               #36
           $today = date("Y-m-d h:i:s");                  #37
           $sql = "INSERT INTO getlive_login (username, logintime)
                   VALUES ('$logname','$today')";
           mysql_query($sql) or die("Can't execute query.");
           header("Location: Admin_index.php");           #41
         }
         else    // password is not correct               #43
         {
           unset($_GET['do']);                            #45
           $message="<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name, '$_POST[fusername]'
                     exists, but you have not entered the
                     correct password! Please try again.<br></font>";
           include("Includes/admin_login_form.inc");                     #49
         }
      }                                                   #51
      elseif ($num == 0)  // login name not found         #52
      {   
         unset($_GET['do']);                              #54
         $message = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name you entered does not
                     exist! Please try again.<br></font>";
         include("Includes/admin_login_form.inc");
      }
    break;                                                #59

    case "new":                                           #61
      foreach($_POST as $field => $value)                 #62
      {
        if (ereg("(Name)",$field))                        #75
        {
         if (!ereg("^[A-Za-z' -]{1,50}$",$value))
         {
           unset($_GET['do']);
           $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $field is not a valid name.
                            Please try again.<br></font>";
           include("/Includes/admin_login_form.inc");
           exit();
         }
        }
        $$field = strip_tags(trim($value));               #86
      } // end foreach
      if (!ereg("^[0-9)(xX -]{7,20}$",$corp_phone))            #96
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_phone is not a valid phone number.
                        Please try again.<br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }
      if (!ereg("^.+@.+\\..+$",$corp_email))                  #115
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_email is not a valid email address.
                         Please try again.<br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }                                                  #122
      /* check to see if login name already exists */
      $connection = mysql_connect($host,$user,$password) 
                or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
                or die ("Couldn't select database.");
      $sql = "SELECT username FROM getlive_admin
                WHERE username='$newname'";
      $result = mysql_query($sql)
                or die("Couldn't execute query.");
      $num = mysql_numrows($result);
      if ($num > 0)                                      #133
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $newname already used. Select another
                         Member ID. <br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }
      else                                               #141
      {   
        $today = date("Y-m-d");                          #143
        $sql = "INSERT INTO getlive_admin (username,createDate,password,corp_name,corp_phone,corp_email)
VALUES ('$newname','$today',password('$newpass'),'$corp_name','$corp_phone','$corp_email')";
        mysql_query($sql);                               #150
        $_SESSION['auth']="yes";                         #151
        $_SESSION['logname'] = $newname;                 #152
        /* send email to new member */                   #153
        $emess = "A new Member Account has been setup. ";
        $emess.= "Your new Member ID and password are: ";
        $emess.= "\n\n\t$newname\n\t$newpass\n\n";
        $emess.= "We appreciate your interest in our Live Shows";
        $emess.= " at GetLiveEvents.com. \n\n";
        $emess.= "If you have any questions or problems,";
        $emess.= " email [email protected]";
        $ehead="From: [email protected]\r\n";     #161
        $subj = "Your new Member Account from GetLiveEvents.com";
        $mailsend=mail("$corp_email","$subj","$emess","$ehead");
        header("Location: New_member.php");              #164
      }
    break;                                               #166

    default:                                             #168
        include("Includes/admin_login_form.inc");
  }
?>[/code]
Link to comment
https://forums.phpfreaks.com/topic/29016-mind-boggling-php-code-sessions-related/
Share on other sites

no dice... this is new non working code with revision (moved session start to beginning of file)

[code]<?php
session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
background-image: url(Images/bg_main.gif);
background-repeat: repeat-x;
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
a:link {
color: #FFFF00;
text-decoration: none;
}
a:visited {
color: #FFCC00;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
a:active {
text-decoration: none;
}
-->
</style></head>

<body>
<div align="center">
  <table width="1000" height="100%" border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td>&nbsp;</td>
      <td width="102" height="163"><img src="Images/1.gif" width="102" height="163" /></td>
      <td width="482" height="163"><img src="Images/2.gif" width="482" height="163" /></td>
      <td width="233" height="163"><img src="Images/3.gif" width="233" height="163" /></td>
      <td width="117" height="163"><img src="Images/4.gif" width="117" height="163" /></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td width="102" height="77"><img src="Images/5.gif" width="102" height="77" /></td>
      <td background="Images/6_bg.gif"><div align="center"><img src="Images/banner_top.jpg" width="468" height="60" /></div></td>
      <td width="233" height="77"><img src="Images/7.gif" width="233" height="77" /></td>
      <td width="117" height="77"><img src="Images/8.gif" width="117" height="77" /></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td width="32" height="40"><img src="Images/9.gif" width="32" height="40" /></td>
      <td width="102" height="40"><img src="Images/10.gif" width="102" height="40" /></td>
      <td width="482" height="40"><img src="Images/11.gif" width="482" height="40" /></td>
      <td width="233" height="40"><img src="Images/12.gif" width="233" height="40" /></td>
      <td width="117" height="40"><img src="Images/13.gif" width="117" height="40" /></td>
      <td width="34" height="40"><img src="Images/14.gif" width="34" height="40" /></td>
    </tr>
    <tr>
      <td width="32" height="80"><img src="Images/15.gif" width="32" height="80" /></td>
      <td width="102" height="80"><img src="Images/16.gif" width="102" height="80" /></td>
      <td height="80" colspan="2"><img src="Images/17.gif" width="715" height="80" /></td>
      <td width="117" height="80"><img src="Images/18.gif" width="117" height="80" /></td>
      <td width="34" height="80"><img src="Images/19.gif" width="34" height="80" /></td>
    </tr>
    <tr>
      <td height="100%" background="Images/20_runner_BG.gif">&nbsp;</td>
      <td height="100%" valign="top"><div align="right"><img src="Images/banner_left.jpg" width="100" height="487" /></div></td>
      <td height="100%" colspan="2" valign="top" background="Images/bg_inner.gif"><div align="center"><?php
/* Program: Login.php
* Desc:    Login program for the Members Only section of the
*          pet store. It provides two options: (1) login
*          using an existing Login Name and (2) enter a new
*          login name. Login Names and passwords are stored
*          in a MySQL database.
*/
                                        # 9
  include("Includes/conn.php"); #10
  switch (@$_GET['do'])                                  #11
  {
    case "login":                                        #13
      $connection = mysql_connect($host, $user,$password) #14
              or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
              or die ("Couldn't select database.");      #17

      $sql = "SELECT username FROM getlive_admin
              WHERE username='$_POST[fusername]'";      #20
      $result = mysql_query($sql)
                  or die("Couldn't execute query.");      #22
      $num = mysql_num_rows($result);                    #23
      if ($num == 1)  // login name was found            #24
      {
        $sql = "SELECT username FROM getlive_admin
                WHERE username='$_POST[fusername]'
                AND password=password('$_POST[fpassword]')";
        $result2 = mysql_query($sql)
                  or die("Couldn't execute query 2.");  #30
        $num2 = mysql_num_rows($result2);
        if ($num2 > 0)  // password is correct          #32
        {
          $_SESSION['auth']="yes";                      #34
          $logname=$_POST['fusername'];
          $_SESSION['logname'] = $logname;              #36
          $today = date("Y-m-d h:i:s");                  #37
          $sql = "INSERT INTO getlive_login (username, logintime)
                  VALUES ('$logname','$today')";
          mysql_query($sql) or die("Can't execute query.");
          header("Location: Admin_index.php");          #41
        }
        else    // password is not correct              #43
        {
          unset($_GET['do']);                            #45
          $message="<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name, '$_POST[fusername]'
                    exists, but you have not entered the
                    correct password! Please try again.<br></font>";
          include("Includes/admin_login_form.inc");                    #49
        }
      }                                                  #51
      elseif ($num == 0)  // login name not found        #52
      { 
        unset($_GET['do']);                              #54
        $message = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name you entered does not
                    exist! Please try again.<br></font>";
        include("Includes/admin_login_form.inc");
      }
    break;                                                #59

    case "new":                                          #61
      foreach($_POST as $field => $value)                #62
      {
        if (ereg("(Name)",$field))                        #75
        {
        if (!ereg("^[A-Za-z' -]{1,50}$",$value))
        {
          unset($_GET['do']);
          $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $field is not a valid name.
                            Please try again.<br></font>";
          include("/Includes/admin_login_form.inc");
          exit();
        }
        }
        $$field = strip_tags(trim($value));              #86
      } // end foreach
      if (!ereg("^[0-9)(xX -]{7,20}$",$corp_phone))            #96
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_phone is not a valid phone number.
                        Please try again.<br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }
      if (!ereg("^.+@.+\\..+$",$corp_email))                  #115
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_email is not a valid email address.
                        Please try again.<br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }                                                  #122
      /* check to see if login name already exists */
      $connection = mysql_connect($host,$user,$password) 
                or die ("Couldn't connect to server.");
      $db = mysql_select_db($database, $connection)
                or die ("Couldn't select database.");
      $sql = "SELECT username FROM getlive_admin
                WHERE username='$newname'";
      $result = mysql_query($sql)
                or die("Couldn't execute query.");
      $num = mysql_numrows($result);
      if ($num > 0)                                      #133
      {
        unset($_GET['do']);
        $message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $newname already used. Select another
                        Member ID. <br></font>";
        include("Includes/admin_login_form.inc");
        exit();
      }
      else                                              #141
      { 
        $today = date("Y-m-d");                          #143
        $sql = "INSERT INTO getlive_admin (username,createDate,password,corp_name,corp_phone,corp_email)
VALUES ('$newname','$today',password('$newpass'),'$corp_name','$corp_phone','$corp_email')";
        mysql_query($sql);                              #150
        $_SESSION['auth']="yes";                        #151
        $_SESSION['logname'] = $newname;                #152
        /* send email to new member */                  #153
        $emess = "A new Member Account has been setup. ";
        $emess.= "Your new Member ID and password are: ";
        $emess.= "\n\n\t$newname\n\t$newpass\n\n";
        $emess.= "We appreciate your interest in our Live Shows";
        $emess.= " at GetLiveEvents.com. \n\n";
        $emess.= "If you have any questions or problems,";
        $emess.= " email [email protected]";
        $ehead="From: [email protected]\r\n";    #161
        $subj = "Your new Member Account from GetLiveEvents.com";
        $mailsend=mail("$corp_email","$subj","$emess","$ehead");
        header("Location: New_member.php");              #164
      }
    break;                                              #166

    default:                                            #168
        include("Includes/admin_login_form.inc");
  }
?>

</div></td>
      <td height="100%" valign="top"><div align="right"><img src="Images/banner_right.jpg" width="100" height="487" /></div></td>
      <td height="100%" background="Images/21_runner_BG.gif">&nbsp;</td>
    </tr>
  </table>
</div>
</body>
</html>
[/code]

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.