simcoweb Posted April 23, 2007 Share Posted April 23, 2007 I had this same issue once before ( http://www.phpfreaks.com/forums/index.php/topic,129403.0.html ) which was resolved. I'm using the exact same code that we used in the solving of that with the exception of a couple of minor snippets here and there in the queries. What I get when I enter username/password and hit submit is a blank page and the URL never changes. In other words, the login page is 'index.php' and when submitted it should redirect to 'admin.php'. Instead the url/address stays at 'index.php' and the page turns completely blank. In the previous thread, the problem turned out to be some missing indicator to the md5 encrypted password. Well, in this version, that's there! In fact, I used the ending scripts for that project in creating this project. So, why it won't work is a real mystery. Here's the login page code: <?php ob_start(); session_start(); $loginError = ""; // declare this so it is always available // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); // Validate users input if(!empty($_POST)) { // Check username has a value if(empty($_POST['username'])) $loginError['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $loginError['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($loginError)) { $username = $_POST['username']; $password = md5($_POST['password']); include 'db_config.php'; // Connect to database $con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $con) or die(mysql_error()); // Get Record Set $sql = ("SELECT * FROM admin WHERE username = '$username' AND password = '$password'"); // mysql_query($sql) or die(mysql_error()); $results = mysql_query($sql, $con) or die(mysql_error()); $num_rows = mysql_num_rows($results) or die(mysql_error()); if ($num_rows == "1") { $_SESSION['loggedin'] = $_POST['loggedin']; header("Location: admin.php"); exit; } else { echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n"; } } } include 'adminheader.php'; ?> <div align="center"> <table style="BORDER-COLLAPSE: collapse" bordercolor="#666666" cellpadding="4" width="530" border="0"> <tbody> <tr> <td> <h2 align="center">Login page</h2> <font color="red"><div align="center"> <? // Loop through all errors if(!empty($loginError)) { ?> <ul> <? foreach($loginError as $eg_message) { ?> <li id="validationError"><?= @$eg_message ?></li> <? } ?> </ul> <? } ?> </font></div> <table border="0" width="450" align="center"> <tr><td> <form action="<? $_SERVER['PHP_SELF'] ?>" name="login" method="post" > <input type="hidden" value="loggedin" name="loggedin"> <fieldset style="-moz-border-radius: 7pt;"><font face="Verdana" size="2"> <legend>Administration Login:</legend> <br />Username <input type="text" name="username" size="21" /><br><br> Password <input type="password" name="password" size="21" /> </font></fieldset> <br><input type="submit" value="Login"> </form> </td></tr></table> </td></tr> </tbody> </table> </div> <p> <? include 'adminfooter.php'; ?> Should be simple: * enter username/password, validates against the database records, if successful it sends you off to the admin.php page. If not, sends you back to the login page. Quote Link to comment Share on other sites More sharing options...
steelmanronald06 Posted April 23, 2007 Share Posted April 23, 2007 <? // Loop through all errors <? foreach($loginError as $eg_message) <? } <? include 'adminfooter.php'; I don't know what version of PHP your using, but what is the one thing you notice in all the above quotations? what is one thing that remains consistant? You have: <? In newer version of PHP, short-tags are set to OFF by default, and if you haven't turned them on then you will get errors and blank pages. So, you should go through and start PHP like so: <?php You did good with the first bit, but afterwards you kept leaving off the `php` part. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted April 23, 2007 Author Share Posted April 23, 2007 It's PHP 4.3.2 which, in this case, is the identical version used for the code utilized on another server as I posted in that other previous thread. The error messages show up fine and dandy on both. In other words, with the short tags the error messages display fine. Normally I use the full tags but this is a snippet I use over and over. The big question is... WHY does this login page work fine at one site and not the other? They are virtually identical in the core functionality. Here's the login form as used on two different sites. One works, the other doesn't. The one that doesn't simply displays a blank page upon submit. In the previous thread this was fixed by modifying the password references in the code to allow for the md5 encryption. Take a look at these: This one produces a blank page upon submit. <?php ob_start(); session_start(); $loginError = ""; // declare this so it is always available // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); // Validate users input if(!empty($_POST)) { // Check username has a value if(empty($_POST['username'])) $loginError['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $loginError['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($loginError)) { $username = $_POST['username']; $password = md5($_POST['password']); include 'db_config.php'; // Connect to database $con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $con) or die(mysql_error()); // Get Record Set $sql = ("SELECT * FROM admin WHERE username = '$username' AND password = '$password'"); // mysql_query($sql) or die(mysql_error()); $results = mysql_query($sql, $con) or die(mysql_error()); $num_rows = mysql_num_rows($results) or die(mysql_error()); if ($num_rows == "1") { $_SESSION['loggedin'] = $_POST['loggedin']; header("Location: admin.php"); exit; } else { echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n"; } } } include 'adminheader.php'; ?> <div align="center"> <table style="BORDER-COLLAPSE: collapse" bordercolor="#666666" cellpadding="4" width="530" border="0"> <tbody> <tr> <td> <h2 align="center">Login page</h2> <font color="red"><div align="center"> <? // Loop through all errors if(!empty($loginError)) { ?> <ul> <? foreach($loginError as $eg_message) { ?> <li id="validationError"><?= @$eg_message ?></li> <? } ?> </ul> <? } ?> </font></div> <table border="0" width="450" align="center"> <tr><td> <form action="<? $_SERVER['PHP_SELF'] ?>" name="login" method="post" > <input type="hidden" value="loggedin" name="loggedin"> <fieldset style="-moz-border-radius: 7pt;"><font face="Verdana" size="2"> <legend>Administration Login:</legend> <br />Username <input type="text" name="username" size="21" /><br><br> Password <input type="password" name="password" size="21" /> </font></fieldset> <br><input type="submit" value="Login"> </form> </td></tr></table> </td></tr> </tbody> </table> </div> <p> <? include 'adminfooter.php'; ?> This one works fine. <?php ob_start(); session_start(); $loginError = ""; // declare this so it is always available // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); // Validate users input if(!empty($_POST)) { // Check username has a value if(empty($_POST['username'])) $loginError['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $loginError['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($loginError)) { $username = $_POST['username']; $password = md5($_POST['password']); include 'dbconfig.php'; // Connect to database $con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $con) or die(mysql_error()); // Get Record Set $sql = ("SELECT * FROM eastside_admin WHERE username = '$username' AND password = '$password'"); // mysql_query($sql) or die(mysql_error()); $results = mysql_query($sql, $con) or die(mysql_error()); $num_rows = mysql_num_rows($results) or die(mysql_error()); if ($num_rows == "1") { $_SESSION['loggedin'] = $_POST['loggedin']; header("Location: eastside_admin.php"); exit; } else { echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n"; } } } include 'adminheader.php'; ?> <div align="center"> <table style="BORDER-COLLAPSE: collapse" bordercolor="#666666" cellpadding="4" width="530" border="0"> <tbody> <tr> <td> <h2 align="center">Login page</h2> <font color="red"><div align="center"> <? // Loop through all errors if(!empty($loginError)) { ?> <ul> <? foreach($loginError as $eg_message) { ?> <li id="validationError"><?= @$eg_message ?></li> <? } ?> </ul> <? } ?> </font></div> <table border="0" width="450" align="center"> <tr><td> <form action="<? $_SERVER['PHP_SELF'] ?>" name="login" method="post" > <input type="hidden" value="loggedin" name="loggedin"> <fieldset style="-moz-border-radius: 7pt;"><font face="Verdana" size="2"> <legend>Administration Login:</legend> <br />Username <input type="text" name="username" size="21" /><br><br> Password <input type="password" name="password" size="21" /> </font></fieldset> <br><input type="submit" value="Login"> </form> </td></tr></table> </td></tr> </tbody> </table> </div> <p> <? include 'adminfooter.php'; ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.