Jump to content

Recommended Posts

So I try to have a simple login page. But The php and the html for the login page is the same file.

 

 

So one small issue, is it executes like nothing was imputed therefore executing the message which indicates the person you have entered wrong data.

 

My second major issue is that, when i press submit it does not do anything.

Link to comment
https://forums.phpfreaks.com/topic/57254-_serverphp_self-issue/
Share on other sites

<body>
<form id="form1" name="form1" method="post" action="<?php $_SERVER['PHP_SELF'] ?>">
  <label></label>
  <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666">
    <tr>
      <th width="198" scope="col">Login System</th>
    </tr>
    <tr>
      <td height="63">Username:
        <input name="username2" type="text" id="username2" size="33" />
        Password:<br />
        <label>
        <input name="password" type="password" id="password" size="33" />
        <input name="button2" type="submit" id="button2" value="Submit" />
        <a href="register.php">Register here!</a></label></td>
    </tr>
  </table>
  <div align="center">
  
</div>
</form>
    <div align="center">
      <?php
require("config.php");

$user = mysql_real_escape_string($_POST['username']);
$pw = md5(sha1(md5(md5($_POST['password']))));
session_start();

if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){
if (mysql_num_rows($result) > 0) {

$_SESSION['LOGGEDIN'] = TRUE;
$_SESSION['UNAME'] = $user; 

if ($SESSION['LOGGEDIN'] = TRUE){
header("Location: account.php");}}

else {
echo "You have typed in an incorrect password or/and username. Click <a href=\"index.php\">here</a> to try again."; }}


?>
      
      
      
    </div>

Link to comment
https://forums.phpfreaks.com/topic/57254-_serverphp_self-issue/#findComment-282976
Share on other sites

<body>
<form id="form1" name="form1" method="post" action="<?php $_SERVER['PHP_SELF'] ?>">
  <label></label>
  <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666">
    <tr>
      <th width="198" scope="col">Login System</th>
    </tr>
    <tr>
      <td height="63">Username:
        <input name="username2" type="text" id="username2" size="33" />
        Password:<br />
        <label>
        <input name="password" type="password" id="password" size="33" />
        <input name="button2" type="submit" id="button2" value="Submit" />
        <a href="register.php">Register here!</a></label></td>
    </tr>
  </table>
  <div align="center">
  
</div>
</form>
    <div align="center">
      <?php
require("config.php");

$user = mysql_real_escape_string($_POST['user']);
$pw = md5(sha1(md5(md5($_POST['pw']))));
session_start();

if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){
if (mysql_num_rows($result) > 0) {

$_SESSION['LOGGEDIN'] = TRUE;
$_SESSION['UNAME'] = $user; 

if ($SESSION['LOGGEDIN'] = TRUE){
header("Location: account.php");}}

else {
echo "You have typed in an incorrect password or/and username. Click <a href=\"index.php\">here</a> to try again."; }}


?>
      
      
      
    </div>

 

A couple of things:

 

1. Your logic is backwards.  For sticky forms, you should handle processing first, then display the form (more on this in a moment).

2. You never check to see if someone has indeed submitted the form.

 

The 'proper' way to construct a form in the manner you want is to do the following:

 

1. Check to see if the form has been submitted:

  a. If yes, have the other inputs been input correctly?

      I. If yes, process the info.

      II. If no, display the form.

  b. If the form hasn't been submitted, display it.

 

This ensures that the form is always displayed when a user first visits the page, and will only be reshown if the user screws something up.

 

For your form's action, try <?php echo $_SERVER['PHP_SELF']; ?>

 

Hope this helps.

Link to comment
https://forums.phpfreaks.com/topic/57254-_serverphp_self-issue/#findComment-282990
Share on other sites

Looking over your code again, your biggest errors is that you attempt to use headers and session_start after displaying your HTML.  That's not allowed by PHP.  You must send headers and start sessions before anything is sent to the browser (including whitespace).  There's a thread on it here: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html

Link to comment
https://forums.phpfreaks.com/topic/57254-_serverphp_self-issue/#findComment-282995
Share on other sites

than is there another way to use the javascript location code?

 

I assume you mean the code: header("Location: account.php")?  That's not JavaScript code.  It's still PHP.  Yes, the syntax is the same, but you're still writing PHP when you code that.  A nitpick, maybe, but IMO it's important to understand exactly what you're coding.  There is no JavaScript in the code you provided.

 

Check out the link I had in my previous message.  In order to do what you want to do, you'll need to employ output buffering.  That link explains the concept, as well as provides a link to the output buffering code itself.

Link to comment
https://forums.phpfreaks.com/topic/57254-_serverphp_self-issue/#findComment-283008
Share on other sites

<?php

ob_end_flush();

... do a bunch of stuff ...

set_time_limit(30);

flush();

...

?>

 

I use set_time_limit(30) if I suspect that the script will run longer than the defaulted time allocated for php (30 seconds). FYI, don't use this unless your script is expected to run for a long time, no script should ever run this long if it's being used publicly.

Link to comment
https://forums.phpfreaks.com/topic/57254-_serverphp_self-issue/#findComment-283030
Share on other sites

How about trying this:

 

      <?php
require("config.php");

$user = mysql_real_escape_string($_POST['user']);
$pw = md5(sha1(md5(md5($_POST['pw']))));
session_start();

if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){
if (mysql_num_rows($result) > 0) {

$_SESSION['LOGGEDIN'] = TRUE;
$_SESSION['UNAME'] = $user; 
}
if ($SESSION['LOGGEDIN'] = TRUE){
header("Location: account.php");}}

else {
die('You have typed in an incorrect password or/and username. Click <a href=\"index.php\">here</a> to try again.'); }}
}
?> 
<form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
  <label></label>
  <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666">
    <tr>
      <th width="198" scope="col">Login System</th>
    </tr>
    <tr>
      <td height="63">Username:
        <input name="username2" type="text" id="username2" size="33" />
        Password:<br />
        <label>
        <input name="password" type="password" id="password" size="33" />
        <input name="button2" type="submit" id="button2" value="Submit" />
        <a href="register.php">Register here!</a></label></td>
    </tr>
  </table>
  <div align="center">
  
</div>
</form>

    <div align="center">

Foser, for your form action, use

echo $_SERVER['PHP_SELF']

next time.

 

Oh, and Nightslyr, with all due respect, the PHP function code should be BEFORE the html form code.

 

 

Link to comment
https://forums.phpfreaks.com/topic/57254-_serverphp_self-issue/#findComment-283046
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.