mr_badger Posted May 10, 2007 Share Posted May 10, 2007 I have done a tutorial to build a forum but I'am having some problems, probably simple ti fix but I can't fix them. First problem is when I try to login I get this firefox message: The page isn't redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete. * This problem can sometimes be caused by disabling or refusing to accept cookies. Second problem is when I try to view a couple of pages I'am just getting the footer, no errors just the footer with the copyright information. this is the code for login <?php session_start(); require("config.php"); require("functions.php"); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); if($_POST['submit']) { $sql = "SELECT * FROM users WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "';"; $result = mysql_query($sql); $numrows = mysql_num_rows($result); $result = mysql_query($sql); $numrows = mysql_num_rows($result); if(numrows == 1) { $row = mysql_fetch_assoc($result); if($row['active'] == 1) { session_register("USERNAME"); session_register("USERID"); $SESSION['USERNAME'] = $row['username']; $_SESSION['USERID'] = $row['id']; switch ($_GET['ref']) { case "newpost": if(isset($_GET['id']) == FALSE) { header("Location: " . $config_basedir . "/newtopic.php"); } else { header("Location: " . $config_basedir . "/newtopic.php?=" . $_GET['id']); } break; case "reply": if(isset($_GET['id']) == FALSE) { header("Location: " . $config_basedir . "/newtopic.php"); } else { header("Location: " . $config_basedir . "/newtopic.php?id=" . $_GET['id']); } break; default: header("Location: " . $config_basedir); break; } } else { require("header.php"); echo "This account is not verified yet. You were emailed a link to verify the account. Please click on the link in the email to continue."; } echo "This account is not yet verified. You were emailed a link to verify the account. Please click on the link in the email to continue."; } } else { header("Location: " . $config_basedir . "/login.php?error=1"); } { require("header.php"); if($_GET['error']) { echo "Incorrect login, please try again"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <form action="<?php echo pf_script_with_get($SCRIPT_NAME); ?>" method="post"> <table <tr> <td>Username</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password"></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </form> Don't have an account? Go and <a href="register.php">Register</a> <?php require("footer.php") ?> </body> </html> This is the code for register where only the footer information can be seen <?php session_start(); require("config.php"); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); if($_POST['submit']) { if($_POST['password1'] == $_POST['password2']) { $checksql = "SELECT * FROM users WHERE username = '" . $_POST['username'] . "';"; $checkresult = mysql_query($checksql); $checknumrows = mysql_num_rows($checkresult); if($checknumrows == 1) { header("Location: " . $config_basedir . "register.php?error=taken"); } else { for($i = 0; $i < 16; $i++) { $randomstring .= chr(mt_rand(32,126)); } $verifyurl = "http://127.0.0.1/forums/verify.php"; $verifystring = urlencode($randomstring); $verifyemail = urlencode($_POST['email']); $validusername = $_POST['username']; $sql = "INSERT INTO users(username, password, email, verifystring, active) VALUES('" . $_POST['username'] . "', '" . $_POST['password1'] . "', '" . $_POST['email'] . "', '" . addslashes($randomstring) . "', 0);"; mysql_query($sql); $mail_body="Hi $validusername, Please click on the following link to verify your new account: $verifyurl?email=$verifyemail&verify=$verifystring"; _MAIL_; mail($_POST['email'], $config_forumsname . " User verification", $mail_body); require("header.php"); echo "A link has been emailed to the address you entered below. Please follow the link in the email to validate your account."; } header("Location: " . $config_basedir . "register.php?error=pass"); } else { } require("header.php"); switch($_GET['error']) { case "pass": echo "Passwords do not match"; break; case "taken": echo "Username taken, please use another"; break; case "no": echo "Incorrect login details"; break; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <h2>Register</h2> To register on the <?php echo $config_forumsname; ?> forums, fill in the form below. <form action="<?php echo $SCRIPT_NAME ?>" method="post"> <table> <tr> <td>Username</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password1"></td> </tr> <tr> <td>Password (again)</td> <td><input type="password" name="password2"></td> </tr> <tr> <td>Email</td> <td><input type="text" name="email"></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Register"></td> </tr> </table> </form> <?php } require("footer.php"); ?> </body> </html Hope you can help. Link to comment https://forums.phpfreaks.com/topic/50865-forum-problems/ Share on other sites More sharing options...
StormTheGates Posted May 11, 2007 Share Posted May 11, 2007 Aright 2 things I noticed. Where is $config_dir defined? Secondly, I sure hope you have some form of validating thing on those posts, because you are plugging direct user input into an SQL query and you are going to suffer massive SQL injection attacks. Link to comment https://forums.phpfreaks.com/topic/50865-forum-problems/#findComment-250237 Share on other sites More sharing options...
mr_badger Posted May 11, 2007 Author Share Posted May 11, 2007 The $config_dir is defined in the folder blog same as the other files. it's in the localhost directory. Link to comment https://forums.phpfreaks.com/topic/50865-forum-problems/#findComment-250507 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.