MySQL and variables help

[dancojocaru2000]

Hello. I wrote based on 2 toturials and my knowledge the following code:

<?php
session_start();
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Login to Bitcoin Double Machine, cancel to sign up"');
    header('HTTP/1.0 401 Unauthorized');
    //echo 'You canceled the login. Click <a href="test.php">here</a> to retry.';
    echo "<script type='text/javascript'> 
var msg = \"LOGIN CANCELLED. PLEASE REFRESH OR SIGN UP\";
msg = \" ... \" + msg;pos = 0;
function scrollTitle() {
document.title = msg.substring(pos, msg.length) + msg.substring(0, pos); pos++;
if (pos > msg.length) pos = 0
window.setTimeout(\"scrollTitle()\",300);
}
scrollTitle();
</script>";
    echo "<h1>To sign up, use the button below</h1>";
    echo "<a href=\"signup.php\" style=\"-webkit-appearance: button;-moz-appearance: button; appearance: button; text-decoration: none; color: initial\">Sign Up</a>";
    echo "<br><br>";
    echo "<iframe src=\"../401.php\" seamless style=\"width:100%;height:80%\"></iframe>";
    exit;
} else {
	define('DB_HOST', 'localhost');
    define('DB_NAME', 'dan cojocaru');
    define('DB_USER','root');
    define('DB_PASSWORD','abcd');
    $con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
    $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
    /*
    //$ID = $_SESSION['user'];
    //$Password = $_SESSION['pass'];
    */
    function SignIn()
    {
        //session_start(); //starting the session for user profile page
        if(!empty($_SERVER['PHP_AUTH_USER'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
        {
            $query = mysql_query("SELECT * FROM UserName where userName = " . $_SERVER['PHP_AUTH_USER'] . " AND pass = " . $_SESSION['PHP_AUTH_PW'] . "") or die(mysql_error()); //LINE 38
            $row = mysql_fetch_array($query) or die(mysql_error());
            if(!empty($row['userName']) AND !empty($row['pass']))
            {
                $_SESSION['userName'] = $row['pass'];
                echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
            } else
            {
                echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
            }
        }
    }
    //if(isset($_POST['submit']))
    //{
        SignIn();
    //}
}
?>

Commented thing are not used but I never ever delete anything, just in case I might need it.

So I saved this code and tested, but I got this error:

 

Notice: Undefined index: PHP_AUTH_PW in C:\xampp\htdocs\test3.php on line 38
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

Please help me to fix this code.

[ginerjm]

$_SERVER not $_SESSION

[dancojocaru2000]

$_SERVER not $_SESSION

Thank you! I can't belive I missed that! But now, I got another error:

Unknown column 'dancojocaru' in 'where clause'

(dancojocaru is the name I entered in the username field at the login box)

How can I get past this one?

[fastsol]

You need single quotes around the username and password values in the query string

$query = mysql_query("SELECT * FROM UserName where userName = '" . $_SERVER['PHP_AUTH_USER'] . "' AND pass = '" . $_SESSION['PHP_AUTH_PW'] . "'") or die(mysql_error());

[dancojocaru2000]

Ok, I think I will leave PHP programming. 

Now it just shows a blank page.

Could someone copy and test with the code, maybe it's something wrong with my PC.

This is the code at the momment of the post.

<?php
session_start();
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Login to Bitcoin Double Machine, cancel to sign up"');
    header('HTTP/1.0 401 Unauthorized');
    //echo 'You canceled the login. Click <a href="test.php">here</a> to retry.';
    echo "<script type='text/javascript'> 
var msg = \"LOGIN CANCELLED. PLEASE REFRESH OR SIGN UP\";
msg = \" ... \" + msg;pos = 0;
function scrollTitle() {
document.title = msg.substring(pos, msg.length) + msg.substring(0, pos); pos++;
if (pos > msg.length) pos = 0
window.setTimeout(\"scrollTitle()\",300);
}
scrollTitle();
</script>";
    echo "<h1>To sign up, use the button below</h1>";
    echo "<a href=\"signup.php\" style=\"-webkit-appearance: button;-moz-appearance: button; appearance: button; text-decoration: none; color: initial\">Sign Up</a>";
    echo "<br><br>";
    echo "<iframe src=\"../401.php\" seamless style=\"width:100%;height:80%\"></iframe>";
    exit;
} else {
	define('DB_HOST', 'localhost');
    define('DB_NAME', 'dan cojocaru');
    define('DB_USER','root');
    define('DB_PASSWORD','abcd');
    $con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
    $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
    /*
    //$ID = $_SESSION['user'];
    //$Password = $_SESSION['pass'];
    */
    function SignIn()
    {
        //session_start(); //starting the session for user profile page
        if(!empty($_SERVER['PHP_AUTH_USER'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
        {
            $query = mysql_query("SELECT * FROM UserName where userName = '" . $_SERVER['PHP_AUTH_USER'] . "' AND pass = '" . $_SERVER['PHP_AUTH_PW'] . "'") or die(mysql_error());
            $row = mysql_fetch_array($query) or die(mysql_error());
            if(!empty($row['userName']) AND !empty($row['pass']))
            {
                $_SESSION['userName'] = $row['pass'];
                echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
            } else
            {
                echo "SORRY... YOU ENTERED WRONG ID AND PASSWORD... PLEASE RETRY...";
            }
        }
    }
    //if(isset($_POST['submit']))
    //{
        SignIn();
    //}
}
?> 

[ginerjm]

As my signature suggests, turn on php error checking and see what your script then shows you.

 

Leave programming? What? You thought this stuff was easy?

[scootstah]

A blank white page is generally a fatal error. You'll want to enable error reporting in your php.ini and not at the top of your script. If it is a fatal compilation error you will only see it if errors are enabled in your php.ini.

[dancojocaru2000]

As my signature suggests, turn on php error checking and see what your script then shows you.

 

Leave programming? What? You thought this stuff was easy?

1. That was a joke, ok? If I didn't knew what kind of thing programming is, I wouldn't choose IT High School as my first high school option.

2. Now, it shows me this:

 

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in C:\xampp\htdocs\test3.php on line 29

[dancojocaru2000]

A blank white page is generally a fatal error. You'll want to enable error reporting in your php.ini and not at the top of your script. If it is a fatal compilation error you will only see it if errors are enabled in your php.ini.

 

Just a tip, your answer would be better if you had told me how to do that, not just how to do it...

[CroNiX]

It's often helpful, especially when learning, to google your error messages. The message is pretty self explanatory. You are using the "mysql" driver, which is deprecated from PHP, meaning it will be removed in a future version of PHP so it's obsolete and its use is discouraged. Otherwise when you or your host upgrades the PHP version on the server one day, all your queries will suddenly stop working and you'll have to rewrite the whole db layer of your app to use a more modern db driver.

 

You would want to use either the PDO driver, or mysqli (with an i at the end). PDO is the preferred driver.

[scootstah]

Just a tip, your answer would be better if you had told me how to do that, not just how to do it...

Just a tip, read the manual.