phpsane Posted September 10, 2017 Share Posted September 10, 2017 (edited) Php Folks, Why is not this working ? ($_SERVER['REQUEST_METHOD'] == "POST") I get no errors. Error reporting on. declare(strict_types=1); ini_set('display_errors', '1'); ini_set('display_startup_errors', '1'); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); I get the ELSE getting triggered when it should not. This ELSE: else { echo "$_SERVER['REQUEST_METHOD'] == "POST") is not getting triggered !"; exit; } login_2.php Edited September 10, 2017 by phpsane Quote Link to comment Share on other sites More sharing options...
phpsane Posted September 10, 2017 Author Share Posted September 10, 2017 (edited) This forum keeps erasing indentations. And so, you can find an attachment in my original post. Open it in NotePad++ to see the full code. Thanks! <?php /* ERROR HANDLING */ declare(strict_types=1); ini_set('display_errors', '1'); ini_set('display_startup_errors', '1'); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); include 'config.php'; // check if user is already logged in if (is_logged() === true) { //Redirect user to homepage page after 5 seconds. header("refresh:2;url=home.php"); exit; //Added it so script runs no further if user is logged-in. Mac_Guyver's suggestion. } if ($_SERVER['REQUEST_METHOD'] == "POST") { if (isset($_POST["login_username"]) && isset($_POST["login_password"])) { $username = trim($conn, $_POST["login_username"]); // I rid the mysqli_real_escape_string based on Mac_Guyver's suggestion. $password = $_POST["login_password"]; //Select Username or Email to check against Mysql DB if they are already registered or not. $stmt = mysqli_stmt_init($conn); if($stmt = mysqli_prepare($conn, "SELECT accounts_activations, usernames, emails, passwords FROM users WHERE usernames = ?")) { mysqli_stmt_bind_param($stmt, 's', $username); mysqli_stmt_execute($stmt); //$result = mysqli_stmt_get_result($stmt); //Use either this line, or ... $result = mysqli_stmt_bind_result($stmt, $db_account_activation_state, $db_username, $db_email, $db_password); // ... this line. But not both. $row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Check if inputted Username or Email is registered or not. //Either type following paragraph or the next one but not both. Ask in forum which one is best. /* PARAGRAPH 1 if (($username == $row['usernames'] && $password == $row['passwords']) // either this paragraph or ... { echo "Please wait while we check your account details ..."; } else { if($row['accounts_activations'] == '0') { echo "You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us."; exit; } } */ //PARAGRAPH 2 if ($username == $db_username && password_verify($password, $db_password))// ..... this paragraph. But not both. { "Please wait while we check your account details ..."; } else { if($row['accounts_activations'] == '0') { echo "You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us."; exit; } } //If 'Remember Me' check box is checked then set the cookie. if(!empty($_POST["login_remember"])) // Either use this line .... //if (isset($_POST['login_remember']) && $_post['login_remember'] == "on") // ...or this line. But not both! { setcookie("login_username", $username, time()+ (10*365*24*60*60)); } else { //If Cookie is available then use it to auto log user into his/her account! if (isset($_COOKIE['login_username'])) { setcookie("login_username","",""); } if (isset($_COOKIE['login_password'])) //I will remove this later on as it is not safe to save passwords on cookies. Currently, got this on for debugging purpoises. { setcookie("login_password", "", ""); } } $_SESSION["user"] = $username; header("location:home.php?user=$username"); } else { echo "That Username or Email is not registered!"; } } else { echo "Your account details are incorrect!"; exit; } } else { echo "$_SERVER['REQUEST_METHOD'] == "POST") is- not getting triggered !"; exit; } echo "Don not forget to click the 'Login' button!"; ?> <!DOCTYPE html> <html> <head> <title><?php $site_name?> Member Login Page</title> <meta charset="utf-8"> </head> <body> <div class = "container"> <form method="post" action=""> <center><h3><?php $site_name ?> Member Login Form</h3></center> <div class="text-danger"> <?php if(isset($message)) { echo $message; } ?> <div class="form-group"> <center><label>Username/Email:</label> <input type="text" placeholder="Enter Username" name="login_username" value="<?php if(isset($_COOKIE["login_username"])) echo $_COOKIE["login_username"]; ?>"</center> </div> <div class="form-group"> <center><label>Password:</label> <input type="password" placeholder="Enter password" name="login_password" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center> </div> <div class="form-group"> <center><label>Remember Login Details:</label> <input type="checkbox" name="login_remember" /></center> </div> <div class="form-group"> <center><input type="submit" name="login_submit" value="Login" class="button button-success" /></center> </div> <div class="form-group"> <center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="login_password_reset.php">Reset it here!</a></font></center> <center><font color="red" size="3"><b>Not registered ?</b><br><a href="register.php">Register here!</a></font></center> </form> </div> </body> </html> Edited September 10, 2017 by phpsane Quote Link to comment Share on other sites More sharing options...
phpsane Posted September 10, 2017 Author Share Posted September 10, 2017 (edited) Folks-, Whoever checks out my attachment on my original post, change line 105-109 to this or you will get error: else { echo "SERVER REQUEST_METHOD is not getting triggered !"; exit; } Edited September 10, 2017 by phpsane Quote Link to comment Share on other sites More sharing options...
phpsane Posted September 10, 2017 Author Share Posted September 10, 2017 (edited) Ignore the code on my 2nd post. Here is an update but problem still remains the same as my original post: <?ph /* ERROR HANDLING */ declare(strict_types=1); ini_set('display_errors', '1'); ini_set('display_startup_errors', '1'); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); include 'config.php'; // check if user is already logged in if (is_logged() === true) { //Redirect user to homepage page after 5 seconds. header("refresh:2;url=home.php"); exit; //Added it so script runs no further if user is logged-in. Mac_Guyver's suggestion. } if ($_SERVER['REQUEST_METHOD'] == "POST") { if (isset($_POST["login_username"]) && isset($_POST["login_password"])) { $username = trim($conn, $_POST["login_username"]); // I rid the mysqli_real_escape_string based on Mac_Guyver's suggestion. $password = $_POST["login_password"]; //Select Username or Email to check against Mysql DB if they are already registered or not. $stmt = mysqli_stmt_init($conn); if($stmt = mysqli_prepare($conn, "SELECT accounts_activations, usernames, emails, passwords FROM users WHERE usernames = ?")) { mysqli_stmt_bind_param($stmt, 's', $username); mysqli_stmt_execute($stmt); //$result = mysqli_stmt_get_result($stmt); //Use either this line, or ... $result = mysqli_stmt_bind_result($stmt, $db_account_activation_state, $db_username, $db_email, $db_password); // ... this line. But not both. $row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Check if inputted Username or Email is registered or not. //Either type following paragraph or the next one but not both. Ask in forum which one is best. /* PARAGRAPH 1 if (($username == $row['usernames'] && $password == $row['passwords']) // either this paragraph or ... { echo "Please wait while we check your account details ..."; } else { if($row['accounts_activations'] == '0') { echo "You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us."; exit; } } */ //PARAGRAPH 2 if ($username == $db_username && password_verify($password, $db_password))// ..... this paragraph. But not both. { "Please wait while we check your account details ..."; } else { if($row['accounts_activations'] == '0') { echo "You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us."; exit; } } //If 'Remember Me' check box is checked then set the cookie. if(!empty($_POST["login_remember"])) // Either use this line .... //if (isset($_POST['login_remember']) && $_post['login_remember'] == "on") // ...or this line. But not both! { setcookie("login_username", $username, time()+ (10*365*24*60*60)); } else { //If Cookie is available then use it to auto log user into his/her account! if (isset($_COOKIE['login_username'])) { setcookie("login_username","",""); } if (isset($_COOKIE['login_password'])) //I will remove this later on as it is not safe to save passwords on cookies. Currently, got this on for debugging purpoises. { setcookie("login_password", "", ""); } } $_SESSION["user"] = $username; header("location:home.php?user=$username"); } else { echo "That Username or Email is not registered!"; } } else { echo "Your account details are incorrect!"; exit; } } else { echo "SERVER REQUEST_METHOD is not getting triggered !"; exit; } echo "Do not forget to click the 'Login' button!"; ?> <!DOCTYPE html> <html> <head> <title><?php $site_name?> Member Login Page</title> <meta charset="utf-8"> </head> <body> <div class = "container"> <form method="post" action=""> <center><h3><?php $site_name ?> Member Login Form</h3></center> <div class="text-danger"> <?php if(isset($message)) { echo $message; } ?> <div class="form-group"> <center><label>Username/Email:</label> <input type="text" placeholder="Enter Username" name="login_username" value="<?php if(isset($_COOKIE["login_username"])) echo $_COOKIE["login_username"]; ?>"</center> </div> <div class="form-group"> <center><label>Password:</label> <input type="password" placeholder="Enter password" name="login_password" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center> </div> <div class="form-group"> <center><label>Remember Login Details:</label> <input type="checkbox" name="login_remember" /></center> </div> <div class="form-group"> <center><input type="submit" name="login_submit" value="Login" class="button button-success" /></center> </div> <div class="form-group"> <center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="login_password_reset.php">Reset it here!</a></font></center> <center><font color="red" size="3"><b>Not registered ?</b><br><a href="register.php">Register here!</a></font></center> </form> </div> </body> </html> It is strange, is it not why the ELSE gets triggered ? What do you reckon the hindrance is ? Why is not the THEN getting triggered as it is supposed to ? And, which paragraph would you use ? 1 or 2 ? Lines 44 - 71. /* PARAGRAPH 1 if (($username == $row['usernames'] && $password == $row['passwords']) // either this paragraph or ... { echo "Please wait while we check your account details ..."; } else { if($row['accounts_activations'] == '0') { echo "You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us."; exit; } } */ //PARAGRAPH 2 if ($username == $db_username && password_verify($password, $db_password))// ..... this paragraph. But not both. { "Please wait while we check your account details ..."; } else { if($row['accounts_activations'] == '0') { echo "You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us."; exit; } } Edited September 10, 2017 by phpsane Quote Link to comment Share on other sites More sharing options...
phpsane Posted September 10, 2017 Author Share Posted September 10, 2017 (edited) Folks, Looking at the full context of my script, which line out the following 2 would you use ? Line 36 //$result = mysqli_stmt_get_result($stmt); //Use either this line, or ... Line 37 $result = mysqli_stmt_bind_result($stmt, $db_account_activation_state, $db_username, $db_email, $db_password); // ... this line. But not both. Edited September 10, 2017 by phpsane Quote Link to comment Share on other sites More sharing options...
phpsane Posted September 10, 2017 Author Share Posted September 10, 2017 Folks, Rise & shine, SUNSHINES! I fixed my code it is now working. Look: <?php /* ERROR HANDLING */ declare(strict_types=1); ini_set('display_errors', '1'); ini_set('display_startup_errors', '1'); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); include 'config.php'; // check if user is already logged in if (is_logged() === true) { //Redirect user to homepage page after 5 seconds. header("refresh:2;url=home.php"); exit; //Added it so script runs no further if user is logged-in. Mac_Guyver's suggestion. } ?> <!DOCTYPE html> <html> <head> <title><?php $site_name?> Member Login Page</title> <meta charset="utf-8"> </head> <body> <div class = "container"> <form method="post" action=""> <center><h3><?php $site_name ?> Member Login Form</h3></center> <div class="text-danger"> <?php if(isset($message)) { echo $message; } ?> <div class="form-group"> <center><label>Username/Email:</label> <input type="text" placeholder="Enter Username" name="login_username_or_email" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"</center> </div> <div class="form-group"> <center><label>Password:</label> <input type="password" placeholder="Enter password" name="login_password" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center> </div> <div class="form-group"> <center><label>Remember Login Details:</label> <input type="checkbox" name="login_remember" /></center> </div> <div class="form-group"> <center><input type="submit" name="login_submit" value="Login" class="button button-success" /></center> </div> <div class="form-group"> <center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="login_password_reset.php">Reset it here!</a></font></center> <center><font color="red" size="3"><b>Not registered ?</b><br><a href="register.php">Register here!</a></font></center> </form> </div> </body> </html> <?php if ($_SERVER['REQUEST_METHOD'] == "POST") { if (isset($_POST["login_username_or_email"]) && isset($_POST["login_password"])) { $username_or_email = trim($_POST["login_username_or_email"]); // I rid the mysqli_real_escape_string based on Mac_Guyver's suggestion. $password = $_POST["login_password"]; //Select Username or Email to check against Mysql DB if they are already registered or not. $stmt = mysqli_stmt_init($conn); if($stmt = mysqli_prepare($conn, "SELECT accounts_activations, usernames, emails, passwords FROM users WHERE usernames = ?")) { mysqli_stmt_bind_param($stmt, 's', $username_or_email); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); //Use either this line, or ... //$result = mysqli_stmt_bind_result($stmt, $db_account_activation_state, $db_username, $db_email, $db_password); // ... this line. But not both. $row = mysqli_fetch_array($result, MYSQLI_ASSOC); // Check if inputted Username or Email is registered or not. //Either type following paragraph or the next one but not both. Ask in forum which one is best. // PARAGRAPH 1 if ($username_or_email == $row['usernames'] || $username_or_email == $row['emails'] && password_verify($password, $row['passwords'])) // either this paragraph or ... { echo "Paragraph 1: Please wait while we check your account details ..."; if($row['accounts_activations'] == '0') { echo "Paragraph 1: You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us."; exit; } } else { echo "Paragraph 1: That Username or Email is not registered!"; exit; } /* PARAGRAPH 2 if ($username_or_email == $db_username || $username_or_email == $row['emails'] && password_verify($password, $db_password)) // ..... this paragraph. But not both. { echo "Paragraph 2: Please wait while we check your account details ..."; if($row['accounts_activations'] == '0') { echo "Paragraph 2: You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us."; exit; } } else { echo "Paragraph 2: That Username or Email is not registered!"; exit; } */ //If 'Remember Me' check box is checked then set the cookie. if(!empty($_POST["login_remember"])) // Either use this line .... //if (isset($_POST['login_remember']) && $_post['login_remember'] == "on") // ...or this line. But not both! { setcookie("login_username", $username, time()+ (10*365*24*60*60)); } else { //If Cookie is available then use it to auto log user into his/her account! if (isset($_COOKIE['login_username'])) { setcookie("login_username","",""); } if (isset($_COOKIE['login_password'])) //I will remove this later on as it is not safe to save passwords on cookies. Currently, got this on for debugging purpoises. { setcookie("login_password", "", ""); } } $_SESSION["user"] = $username_or_email; header("location:home.php?user=$username"); } else { echo "Your account details are incorrect!"; exit; } } else { echo "isset else triggered!"; exit; } } else { echo "SERVER REQUEST_METHOD is not getting triggered !"; exit; } echo "Do not forget to click the 'Login' button!"; exit; ?> Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 11, 2017 Share Posted September 11, 2017 You need to SLOW DOWN. The fact that you had to post and repost your code multiple times shows you are disorganized. Your first post shows that it is invalid right off the bat with how you open the PHP code <?ph I'm glad you got it working, but even that last bit of code is problematic. When you need to go many levels deep in if/else structures you really need to step back and fins a better way yo structure it. Plus, when using if/else to rule out the "happy path" I would highly suggest creating them like this: if(condition1) { //Error/false condition 1 } else { if(condition2) { //Error/false condition 2 } else { //Happy path } } The reason is that when you need to add error messages into the error condition, when you start nesting the if/else conditions it is difficult to "see" which error conditions line up with which condition Your code is horribly illogical. You need to put the logic (i.e. PHP code) at the top of the script and the presentation (i.e. HTML) at the bottom. Much of your code would never "work" as it is now. You should create "test cases" for your logic to ensure you get the correct results for all scenarios. You currently have logic that is, well, illogical. For example, why is there a message being displayed when the REQUEST_METHOD is not "POST". Just show the form. What you *can* do is add some code for debugging purposes. But, do not create complicated logic for that purpose. It will only make your life difficult. There are security flaws in that code. For example, the code will "leak" information as to what emails are already registered. But, more importantly, it looks as if a user who is registered will get logged in if only their email address is correct. It is really hard to tell from the spaghetti code. Quote Link to comment Share on other sites More sharing options...
phpsane Posted September 11, 2017 Author Share Posted September 11, 2017 (edited) Psycho, I've been having problem ith my computer lately as it kept auto typing "------" continuously when I type some chars and I'm having to hit the back delete button and delete them. I guess at that point I mistakenly deleted the "p" from "<?php". I did spot it after I uploaded the attachment and fixed it on my side nearly 24hrs ago. I tried re-uploading the modified attachment but the forum was not allowing it. As for me needing to have my php code at the top and html form at the bottom. Well, originally I did but the IF was not getting triggered and so I took the html at the top and the problem went away. I will open another thread about that if I encounter the problem again and so do lookout for that thread. Why do you think I attached my file yesterday and supposedly got carried away to where you are now telling me to SLOW DOWN (take it easy) ? I put it up so you guy can have a look at it hoping to find flaws to drop my smile off my face. And look my plan or should I say my act worked. Lol! You just pointed-out the flaws. Indirectly, I put you upto it. Thanks for falling into my harmless trap. I will try fixing my code based on your suggestions. I am surprised that no-one else fell for it. I was hoping to get some criticism from Requinix but Sedopati the most. Mmm. Must try other methods to attract criticisms. Anyway, you referred to my login.php. My registration.php has the php on top and html on bottom and it is working all this time and so I don't know why the same does not work with login.php and I am having to drag the html at the top. Strange! Anyway, we will look into this matter in the upcoming thread: Why Html Plays Hide & Seek With Php ? There are 2 ways of writing the opening & closing brackets. But I prefer the latter as that way it is easier to track which code belongs to which IF/ELSE. 1 if(condition1) { //Error/false condition 1 } else { if(condition2) { //Error/false condition 2 } else { //Happy path } } 2. if(condition1) { //Error/false condition 1 } else { if(condition2) { //Error/false condition 2 } else { //Happy path } } This forum breaks the indentations when I copy and paste in my posts. I'm having to manually provide 4 char equivalent spaces to make the indentation on my above mentioned code. Edited September 11, 2017 by phpsane Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 11, 2017 Share Posted September 11, 2017 (edited) A couple things: 1. My comment about slowing down was made because of two things. A) The multiple posts alluded to the posts being made hurriedly necessitating follow ups with corrections and B) The code also suffers from what appears to be "knee-jerk" reactive coding. The code has a lot of flaws and doesn't have a logical flow to it. You should slow down by working out the logic on paper first with a flow chart. Then code. 2. My suggestion about the if/else format was not about the brackets (in fact I use that format as well, I removed some line breaks for brevity in the forum). It was about the logical structure. Below is an example of the structure I saw in some of the code above. Because the conditions are written to look for the absence of an error, it is difficult to "see" which error conditions apply to each condition check. if(condition1) { if(condition2) { if(condition3) { //happy path } else { //Error condition 3 } } else { //error condition 2 } } else { //error condition 1 <<< The condition for this is way at the top } That is why I suggest that the conditions be written to check of the existence of an error and structured so you can easily see the error conditions associated with each condition check if(!condition1) { //error condition 1 } else { if(!condition2) { //error condition 2 } else { if(!condition3) { //Error condition 3 } else { //happy path } } } In fact, when following this format, you can sometimes get rid of the nested else/ifs entirely and make the code much cleaner such as this if(!condition1) { //error condition 1 } elseif(!condition2) { //error condition 2 } elseif(!condition3) { //Error condition 3 } else { //happy path } Edited September 11, 2017 by Psycho Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.