Jump to content

PHP login with redirect


twheeler

Recommended Posts

I am very new at PHP and I'm trying to finish my final for a coding class. I have a 2 part question

 

1st the "reports.php" page has to redirect to the login page, the user has to sign in before they can view the page. I am missing something on my login page it keeps saying "failed to login". I'm sure there are a lot of errors in my code any help would be amazing

 

 

MY PHP

<?php require_once ('dbuser.php');?>
<?php
if(isset($_POST['Submit_Login']))
{
$username = trim($_POST['user']);
$password = trim($_POST['pass']);
$link = "<script>window.open('http://twheeler12.mydevryportfolio.com/WDD420/reports.php')</script>";


mysql_connect("localhost", "", "");
mysql_select_db("twheeler_localrun");


$result = mysql_query("select * from users where username = '$username' and password = '$password'") or die("Failed to query database" .mysql_error());
$row = mysql_fetch_array($result, $con);
if ($row['user'] == $username && $row['pass'] == $password){
    echo $link;
} else {
    echo "Failed to login";
}
}

?>

 

MY FORM

<form name="login" class="login" method="post" action="login.php"
        onsubmit="return checkForm()">
        <h2><u><b>Login</b></u></h2>
        <p><tr><th><u><label for="username">Username:</label></u></th>
                <td><input type="text" name="user" id="user" title="username" placeholder="joedirt123" tabindex="1" /><br>
                </p>
                </span>
                </td>
                </tr>
                </p>
        <p><tr><th><u><label for="password">Password:</label></u></th>
                <td><input type="text" name="pass" id="pass"tabindex="2"/><br>
                </p>
                </span>
                </td>
                </tr>
                </p>
            <p><td><input type="submit" name="Submit_Login" action="login.php" tabindex="3" />
            <input type="submit" name="cancel" value="cancel" tabindex="4" </a></input>
                </td>
        </tr>
        </p>
        </form>

 

 

 

 

The 2nd part to my question is on the reports.php page. We have to be able to sort the records by radio buttons first name & distance....again I'm sure there are a lot of errors in my code so any help would be appreciated.

 

MY PHP

<?php require_once ('dbuser.php');?>
<?php
session_start();
$user = $_SESSION['user'];
$select ="";



$runner = $_SESSION['runner'];
if(isset($_POST['submit_sort'])){
        $radio = $_POST['submit sort'];if($radio =='fname'){
        $select ="SELECT `fname` , `lname` , `distance`
FROM `runner` ORDER BY `fname` ";
    }
    
    elseif($radio =='distance'){
        $select = "SELECT `fname` , `lname` , `distance`
FROM `runner` ORDER BY `distance` ";
    }
    $result = mysql_query($select);ordie("Invalid query: ".mysql_error($select));
    
}
?>

 

MY FORM

<form name="reports" class="reports" action="reports.php"
        onsubmit="return checkForm()">
      <fieldset><label for="distance">Sort List</label></u></th>
                <br>
                <input type="radio" name="submit sort" title="fname" value="1" tabindex="10">First Name<br>
                <input type="radio" name="submit sort" title="distance" value="5" tabindex="11">Distance<br></p>
                </tr>
                </fieldset>
            
            <table>
            <tr>
                <th>First Name</th>
                <th>Last Name</th>
                <th>Distance</th>
            </tr>
          <tr>
       <?php
        if($rowcnt==0){
        echo "<tr><td colspan=3>There are currently no results.</td>
            </tr>";}
        if( $result ){
            while($row=mysql_fetch_assoc($result));{
            echo '<tr><td>'.$row['fname'].'</td>';
            echo '<td>'.$row['lname'].'</td>';
            echo '<td>'.$row['distance'].'</td></tr>';}
        }
            ?>
            
</table>
</form>

Link to comment
Share on other sites

There are many possible issues with your code.

 

I will perfunctorily tell you that you should not be using mysql_ functions. You should either use PDO or mysqli. Doing this for a class actually makes it worse, because you are writing obsolete code that is also completely exploitable via sql injection.

 

So to start debugging, the first question that comes to mind is why after you query to find a user, that the user is not verified as having logged in.

 

So let's start with the fetch after the query:

 

$row = mysql_fetch_array($result, $con);

 

And let's look at the manual for that function.

 

Of course you can't miss the part at the top that says "WARNING" but I've already discussed that.

 

Instead let's look at the parameter list:

 

array mysql_fetch_array ( resource $result [, int $result_type = MYSQL_BOTH ] )

 

Now in your case you are passing $con. What is that variable? I bet that it is not an integer as expected. Probably what you want is this:

 

$row = mysql_fetch_array($result);

 

Let's assume that the login is still false. How to know what is going on?

 

The first obvious question is: Did the query find a row, and if so what one?

 

So do something like this, for debugging of that question:

 

$row = mysql_fetch_array($result, $con);
//What does $row contain?

var_dump($row); die();

if ($row['user'] == $username && $row['pass'] == $password){
    echo $link;
} else {
    echo "Failed to login";
}
I hope this gives you an idea of how to begin to figure out what is wrong with your code.
Link to comment
Share on other sites

Thank you for responding to my post. On the MySQL mysqli every code the professor gave us in the class was MySQL not mysqli so I will definitely change those.

i tried the var_dump and retested and it came back with

 

resource(2) of type (mysql result)

 

so I changed mysql to mysqli_fetch_assoc but then that comes back with

 

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, string given in /home/twheeler/public_html/WDD420/login.php on line 13 Failed to query database

 

which I have no clue as to what that means

Link to comment
Share on other sites

I hope you didn't pay very much for this class.  You have not learned that:

 

You don't need multiple php tags to execute two lines of code.  

You can't use mysql_* functions any longer.

That you should never plain text passwords in a database.

That you should not be burying JS code in the middle of you php code.

That you should ALWAYS enable PHP error checking when doing development so that you will be informed immediately of the silly errors that crop up while coding.  (see my signature).

That when you do a query that has where conditions in it for specific criteries, you have no need to later check the results for those very same criteria again.

 

Most importantly it appears the the professor did not teach you to refer to any resource/manual to use to validate the code you are writing.  As already pointed out your function calls do not match the proper syntax (despite the fact that they are deprecated) and you apparently weren't given enough direction in this course to do what EVERY PROGRAMMER has to learn to do - LOOK IT UP!

 

I'd get my money back.  

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.