twheeler Posted June 24, 2017 Share Posted June 24, 2017 I am very new at PHP and I'm trying to finish my final for a coding class. I have a 2 part question 1st the "reports.php" page has to redirect to the login page, the user has to sign in before they can view the page. I am missing something on my login page it keeps saying "failed to login". I'm sure there are a lot of errors in my code any help would be amazing MY PHP <?php require_once ('dbuser.php');?> <?php if(isset($_POST['Submit_Login'])) { $username = trim($_POST['user']); $password = trim($_POST['pass']); $link = "<script>window.open('http://twheeler12.mydevryportfolio.com/WDD420/reports.php')</script>"; mysql_connect("localhost", "", ""); mysql_select_db("twheeler_localrun"); $result = mysql_query("select * from users where username = '$username' and password = '$password'") or die("Failed to query database" .mysql_error()); $row = mysql_fetch_array($result, $con); if ($row['user'] == $username && $row['pass'] == $password){ echo $link; } else { echo "Failed to login"; } } ?> MY FORM <form name="login" class="login" method="post" action="login.php" onsubmit="return checkForm()"> <h2><u><b>Login</b></u></h2> <p><tr><th><u><label for="username">Username:</label></u></th> <td><input type="text" name="user" id="user" title="username" placeholder="joedirt123" tabindex="1" /><br> </p> </span> </td> </tr> </p> <p><tr><th><u><label for="password">Password:</label></u></th> <td><input type="text" name="pass" id="pass"tabindex="2"/><br> </p> </span> </td> </tr> </p> <p><td><input type="submit" name="Submit_Login" action="login.php" tabindex="3" /> <input type="submit" name="cancel" value="cancel" tabindex="4" </a></input> </td> </tr> </p> </form> The 2nd part to my question is on the reports.php page. We have to be able to sort the records by radio buttons first name & distance....again I'm sure there are a lot of errors in my code so any help would be appreciated. MY PHP <?php require_once ('dbuser.php');?> <?php session_start(); $user = $_SESSION['user']; $select =""; $runner = $_SESSION['runner']; if(isset($_POST['submit_sort'])){ $radio = $_POST['submit sort'];if($radio =='fname'){ $select ="SELECT `fname` , `lname` , `distance` FROM `runner` ORDER BY `fname` "; } elseif($radio =='distance'){ $select = "SELECT `fname` , `lname` , `distance` FROM `runner` ORDER BY `distance` "; } $result = mysql_query($select);ordie("Invalid query: ".mysql_error($select)); } ?> MY FORM <form name="reports" class="reports" action="reports.php" onsubmit="return checkForm()"> <fieldset><label for="distance">Sort List</label></u></th> <br> <input type="radio" name="submit sort" title="fname" value="1" tabindex="10">First Name<br> <input type="radio" name="submit sort" title="distance" value="5" tabindex="11">Distance<br></p> </tr> </fieldset> <table> <tr> <th>First Name</th> <th>Last Name</th> <th>Distance</th> </tr> <tr> <?php if($rowcnt==0){ echo "<tr><td colspan=3>There are currently no results.</td> </tr>";} if( $result ){ while($row=mysql_fetch_assoc($result));{ echo '<tr><td>'.$row['fname'].'</td>'; echo '<td>'.$row['lname'].'</td>'; echo '<td>'.$row['distance'].'</td></tr>';} } ?> </table> </form> Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 24, 2017 Share Posted June 24, 2017 There are many possible issues with your code. I will perfunctorily tell you that you should not be using mysql_ functions. You should either use PDO or mysqli. Doing this for a class actually makes it worse, because you are writing obsolete code that is also completely exploitable via sql injection. So to start debugging, the first question that comes to mind is why after you query to find a user, that the user is not verified as having logged in. So let's start with the fetch after the query: $row = mysql_fetch_array($result, $con); And let's look at the manual for that function. Of course you can't miss the part at the top that says "WARNING" but I've already discussed that. Instead let's look at the parameter list: array mysql_fetch_array ( resource $result [, int $result_type = MYSQL_BOTH ] ) Now in your case you are passing $con. What is that variable? I bet that it is not an integer as expected. Probably what you want is this: $row = mysql_fetch_array($result); Let's assume that the login is still false. How to know what is going on? The first obvious question is: Did the query find a row, and if so what one? So do something like this, for debugging of that question: $row = mysql_fetch_array($result, $con); //What does $row contain? var_dump($row); die(); if ($row['user'] == $username && $row['pass'] == $password){ echo $link; } else { echo "Failed to login"; } I hope this gives you an idea of how to begin to figure out what is wrong with your code. Quote Link to comment Share on other sites More sharing options...
twheeler Posted June 24, 2017 Author Share Posted June 24, 2017 (edited) Thank you for responding to my post. On the MySQL mysqli every code the professor gave us in the class was MySQL not mysqli so I will definitely change those.i tried the var_dump and retested and it came back with resource(2) of type (mysql result) so I changed mysql to mysqli_fetch_assoc but then that comes back with Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, string given in /home/twheeler/public_html/WDD420/login.php on line 13 Failed to query database which I have no clue as to what that means Edited June 25, 2017 by twheeler Quote Link to comment Share on other sites More sharing options...
anatak Posted June 25, 2017 Share Posted June 25, 2017 You should really look into PDO. It is so much easier than mysqli (in my opinion) Read this tutorial It is one (longish) page that will get you to grips with the basics of PDO https://phpdelusions.net/pdo#query Quote Link to comment Share on other sites More sharing options...
Sepodati Posted June 26, 2017 Share Posted June 26, 2017 That link doesn't work for me. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted June 26, 2017 Share Posted June 26, 2017 I hope you didn't pay very much for this class. You have not learned that: You don't need multiple php tags to execute two lines of code. You can't use mysql_* functions any longer. That you should never plain text passwords in a database. That you should not be burying JS code in the middle of you php code. That you should ALWAYS enable PHP error checking when doing development so that you will be informed immediately of the silly errors that crop up while coding. (see my signature). That when you do a query that has where conditions in it for specific criteries, you have no need to later check the results for those very same criteria again. Most importantly it appears the the professor did not teach you to refer to any resource/manual to use to validate the code you are writing. As already pointed out your function calls do not match the proper syntax (despite the fact that they are deprecated) and you apparently weren't given enough direction in this course to do what EVERY PROGRAMMER has to learn to do - LOOK IT UP! I'd get my money back. 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.