Technex Posted July 23, 2007 Author Share Posted July 23, 2007 I've P.Med you the whole code mate . Quote Link to comment Share on other sites More sharing options...
Wildbug Posted July 23, 2007 Share Posted July 23, 2007 But still it's not working even with this new one:  Yeah, you've gotta be more specific about what's "not working." Clearly the code that's been posted for you works fine. Like mpharo says, there's another part of your code that's screwy. Quote Link to comment Share on other sites More sharing options...
Technex Posted July 23, 2007 Author Share Posted July 23, 2007 But still it's not working even with this new one:  Yeah, you've gotta be more specific about what's "not working." Clearly the code that's been posted for you works fine. Like mpharo says, there's another part of your code that's screwy.  Like I've said it just refreshes the page without displaying nothing at all if you enter nothing in the username form. It doesn't even echo that comment like it should. Quote Link to comment Share on other sites More sharing options...
per1os Posted July 23, 2007 Share Posted July 23, 2007 I've P.Med you the whole code mate . Â Don't PM code if you want help. 50 eyes is better than 1 eye. Post it here. Â Â <?php if (isset($_POST['username']) AND isset($_POST['password'])) { if(is_null($_POST['username'])){ $errorusernamenull=1; echo 'Bad username'; }else { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $db_password = hash('sha512',$password); Â Â Â Â Â Â Â Â echo 'We are ready to enter data'; } }else { echo 'We did not have a username/password entered'; } ?> Â There is a cleaner version of the code, give that a try and see what happens. Quote Link to comment Share on other sites More sharing options...
Wildbug Posted July 23, 2007 Share Posted July 23, 2007 Like I've said it just refreshes the page without displaying nothing at all if you enter nothing in the username form. It doesn't even echo that comment like it should.  Well that has jack-all to do with checking the nullness of $_POST values. We have no idea what your other, unseen code is supposed to do unless you post a question with the relevant code attached.  To get the comment to appear, try empty() instead of is_null(). Quote Link to comment Share on other sites More sharing options...
Technex Posted July 23, 2007 Author Share Posted July 23, 2007 Okay here is all the code...  <? (connect stuff is here)-technex if(empty($_POST['username'])){ $errorusernamenull=1; echo 'Bad username'; } if (isset ($_POST['username']) AND ($_POST['password'])){ $username = $_POST['username']; $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($_POST['password']); $db_password = hash('sha512',$password); $checkusername = mysql_query("SELECT * FROM users WHERE username = '$username'"); $checkpassword = mysql_query("SELECT * FROM users WHERE password = '$db_password'"); if (mysql_num_rows($checkusername)==0){ $errorusername=1; } if (mysql_num_rows($checkpassword)==0){ $errorpassword=1; } if ((mysql_num_rows($checkusername) == 1) AND (mysql_num_rows($checkpassword) == 1)){ $getuserinfo = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$db_password'"); $userinfo = mysql_fetch_array($getuserinfo); setcookie(id, $userinfo[id], time()+60*60*24*30, "/");//30days setcookie(password, $db_password, time()+60*60*24*30, "/");//30days $ip = $_SERVER['REMOTE_ADDR']; mysql_query("DELETE FROM guests WHERE ip='$ip'"); mysql_query("UPDATE users SET status='1' WHERE id='$userinfo[id]'"); header('refresh: 0; url=/'); } } ?>     I tried  if(empty($_POST['username'])){ $errorusernamenull=1; echo 'Bad username'; }  same problem... Quote Link to comment Share on other sites More sharing options...
mpharo Posted July 23, 2007 Share Posted July 23, 2007 that code right there and the one you PM'd works perfect for me...can we see your connect string? just do not post the username/password for your DB... Quote Link to comment Share on other sites More sharing options...
per1os Posted July 23, 2007 Share Posted July 23, 2007 Wow very inefficient  EDIT::: Fixed a syntax error in the mysql_num_rows check.  <?php (connect stuff is here)-technex if (isset($_POST['username']) AND isset($_POST['password'])) { if(empty($_POST['username'])) { $errorusernamenull=1; echo 'Bad username'; }else { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $db_password = hash('sha512',$password); $check = mysql_query("SELECT * FROM users WHERE username = '" . $username . "' AND `password` = '" . $db_password . "' LIMIT 1"); if (mysql_num_rows($check) == 1) { $userinfo = mysql_fetch_array($check); setcookie('id', $userinfo['id'], time()+60*60*24*30, "/");//30days setcookie('password', $db_password, time()+60*60*24*30, "/");//30days $ip = $_SERVER['REMOTE_ADDR']; mysql_query("DELETE FROM guests WHERE ip='$ip'"); mysql_query("UPDATE users SET status='1' WHERE id='" . $userinfo['id'] . "'"); header('refresh: 0; url=/'); // Why are we just refreshing the page, there is nothing here!        }else {             echo 'Bad username and password';        } } }else { echo 'No post data was sent'; } ?>  Better version, more efficient.  Note the note on the header fresh line, that does not make sense to just refresh the page, but an actual page in there other than this one because this will obviously not output anything on a refresh as there are no echo statements, redirect to a "logged in" page or an index page or something. Quote Link to comment Share on other sites More sharing options...
Technex Posted July 23, 2007 Author Share Posted July 23, 2007 Thank you, but could you make it work with my custom error codes? Â It just displays Bad username and password. Â Thanks. Â mpharo it does? Doesn't for me... It logs in fine but doesn't display any error if login was submitted without content (NULL). The connect script is just a inc file, it connects fine. Â The whole basis of my site is to keep it all running off index.php. login.php is included if ?action=login which happens by the submit button. header('refresh: 0; url=/'); just refreshes the home page after logging in. Â Edit: Why did you do this: mysql_query("UPDATE users SET status='1' WHERE id='" . $userinfo['id'] . "'");? Â And not just: mysql_query("UPDATE users SET status='1' WHERE id='$userinfo[id]'"); Quote Link to comment Share on other sites More sharing options...
per1os Posted July 23, 2007 Share Posted July 23, 2007 Edit: Why did you do this: mysql_query("UPDATE users SET status='1' WHERE id='" . $userinfo['id'] . "'");? Â And not just: mysql_query("UPDATE users SET status='1' WHERE id='$userinfo[id]'"); Â Because not having single quotes around indexes in an array causes a notice error, which in return will "slow down the site" as it sees id as being an undefined constant. Just not good practice. Â Thank you, but could you make it work with my custom error codes? Â Nope, but good luck. This is HELP not code for me. Â The whole basis of my site is to keep it all running off index.php. login.php is included if ?action=login which happens by the submit button. header('refresh: 0; url=/'); just refreshes the home page after logging in. Â Makes more sense. Quote Link to comment Share on other sites More sharing options...
Technex Posted July 23, 2007 Author Share Posted July 23, 2007 Because not having single quotes around indexes in an array causes a notice error, which in return will "slow down the site" as it sees id as being an undefined constant. Just not good practice. Okay great, thanks I'll use mysql_query("UPDATE users SET status='1' WHERE id='".$userinfo['id']."'"); from now on. I'll just change the rest of my site when it comes to it. Â Nope, but good luck. This is HELP not code for me. Â Umm, thanks then :/. Code comes under help as far as I'm concerned, it's okay I just won't use your single check method. Â Makes more sense. Â Yep indeed. Quote Link to comment Share on other sites More sharing options...
Technex Posted July 24, 2007 Author Share Posted July 24, 2007 Hello guys, it's still not working I'm afraid .  http://84.26.66.197/  It just refreshes the page.  Username: test  Password: test  Try it yourself leave the username box empty, it should echo "bad username"... Quote Link to comment Share on other sites More sharing options...
dg Posted July 24, 2007 Share Posted July 24, 2007 just use this and check wht is there in POST Â print_r($_POST) and paste the result Quote Link to comment Share on other sites More sharing options...
Technex Posted July 24, 2007 Author Share Posted July 24, 2007 just use this and check wht is there in POST  print_r($_POST) and paste the result  It shows nothing, just refreshes the page.  But if I put it after if (isset($_POST['username']) AND isset($_POST['password'])){ it then tells me the password and username.  Thanks still . Quote Link to comment Share on other sites More sharing options...
dg Posted July 24, 2007 Share Posted July 24, 2007 put it before the if statement and submit blank form and check if $_POST['username'] is really blank or passing some value like '' Quote Link to comment Share on other sites More sharing options...
Technex Posted July 24, 2007 Author Share Posted July 24, 2007 Yeah I did, it just shows nothing, almost as if the code doesn't even get run... Strange eh? Quote Link to comment Share on other sites More sharing options...
dg Posted July 24, 2007 Share Posted July 24, 2007 this code work fine with me ............. only thing added is trim function for username   <? //connection string  $_POST['username'] = trim($_POST['username']);  if(empty($_POST['username'])) { $errorusernamenull=1; echo 'Bad username'; }  if (isset($_POST['username']) AND ($_POST['password'])) { $username = $_POST['username']; $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($_POST['password']); // $db_password = hash('sha512', $password);  $checkusername = mysql_query("SELECT * FROM test WHERE test_id = '$username'"); $checkpassword = mysql_query("SELECT * FROM test WHERE test_one = '$password'"); if (mysql_num_rows($checkusername)==0) { $errorusername=1;} if (mysql_num_rows($checkpassword)==0) {$errorpassword=1;} if ((mysql_num_rows($checkusername) == 1) AND (mysql_num_rows($checkpassword) == 1)) { $getuserinfo = mysql_query("SELECT * FROM test WHERE test_id = '$username' AND test_one = '$password'"); $userinfo = mysql_fetch_array($getuserinfo); setcookie(id, $userinfo[id], time()+60*60*24*30, "/");//30days setcookie(password, $password, time()+60*60*24*30, "/");//30days  $ip = $_SERVER['REMOTE_ADDR'];  // mysql_query("DELETE FROM guests WHERE ip='$ip'"); // mysql_query("UPDATE users SET status='1' WHERE id='$userinfo[id]'"); header('refresh: 0; url=/'); } } ?> <form action='arr2.php' method='post'> <div id='loginbutton'> <input type='image' name='login' src="" alt='LOGIN' /> </div> <p>Username:</p> <p><input type='text' name='username' /></p> <p>Password:</p> <p><input type='password' name='password' /></p> </form> Quote Link to comment Share on other sites More sharing options...
Technex Posted July 24, 2007 Author Share Posted July 24, 2007 Nope doesn't work. I've even copied and pasted all the posted codes, still doesn't :/. Â Oh well... Guess if people are dumb enough to put nothing in the form then they shouldn't be on the site... Â Thanks though, very much. Quote Link to comment Share on other sites More sharing options...
dg Posted July 24, 2007 Share Posted July 24, 2007 paste the present code which ur trying on the site Quote Link to comment Share on other sites More sharing options...
Technex Posted July 24, 2007 Author Share Posted July 24, 2007 paste the present code which ur trying on the site  I like this code, just doesn't show empty forms... if(empty($_POST['username'])) { $errorusernamenull=1; echo 'Bad username'; } if (isset($_POST['username']) AND isset($_POST['password'])){ $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $db_password = hash('sha512',$password); $checkusername = mysql_query("SELECT * FROM users WHERE username = '$username'"); $checkpassword = mysql_query("SELECT * FROM users WHERE password = '$db_password'"); if (mysql_num_rows($checkusername)==0){ $errorusername=1; } if (mysql_num_rows($checkpassword)==0){ $errorpassword=1; } if ((mysql_num_rows($checkusername) == 1) AND (mysql_num_rows($checkpassword) == 1)){ $getuserinfo = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$db_password'"); $userinfo = mysql_fetch_array($getuserinfo); setcookie(id, $userinfo[id], time()+60*60*24*30, "/");//30days setcookie(password, $db_password, time()+60*60*24*30, "/");//30days $ip = $_SERVER['REMOTE_ADDR']; mysql_query("DELETE FROM guests WHERE ip='$ip'"); mysql_query("UPDATE users SET status='1' WHERE id='".$userinfo['id']."'"); header('refresh: 0; url=/'); } } Quote Link to comment Share on other sites More sharing options...
dg Posted July 24, 2007 Share Posted July 24, 2007 put the exit after echo ..... i think it is echo n than refreshing  if(empty($_POST['username'])) { $errorusernamenull=1; echo 'Bad username'; exit; } Quote Link to comment Share on other sites More sharing options...
Technex Posted July 24, 2007 Author Share Posted July 24, 2007 I've tried that already, it just still refreshes :/. Â I have a new idea do you think it's because when the form submits it goes to index.php? Â I'll try messing around with that now. Â Â <form action='index.php' method='post'> Â Edit: Also header('refresh: 0; url=/'); doesn't work with IE 7! :S Quote Link to comment Share on other sites More sharing options...
dg Posted July 24, 2007 Share Posted July 24, 2007 i m using firefox Quote Link to comment Share on other sites More sharing options...
Technex Posted July 24, 2007 Author Share Posted July 24, 2007 i m using firefox  So am I, but it doesn't really help now does it? Quote Link to comment Share on other sites More sharing options...
dg Posted July 25, 2007 Share Posted July 25, 2007 try putting else statement ......... as below n check    if(empty($_POST['username'])) { $errorusernamenull=1; echo 'Bad username'; } else {  if (isset($_POST['username']) AND isset($_POST['password'])){ $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']);  $db_password = hash('sha512',$password);  $checkusername = mysql_query("SELECT * FROM users WHERE username = '$username'"); $checkpassword = mysql_query("SELECT * FROM users WHERE password = '$db_password'"); if (mysql_num_rows($checkusername)==0){ $errorusername=1; } if (mysql_num_rows($checkpassword)==0){ $errorpassword=1; } if ((mysql_num_rows($checkusername) == 1) AND (mysql_num_rows($checkpassword) == 1)){ $getuserinfo = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$db_password'"); $userinfo = mysql_fetch_array($getuserinfo); setcookie(id, $userinfo[id], time()+60*60*24*30, "/");//30days setcookie(password, $db_password, time()+60*60*24*30, "/");//30days  $ip = $_SERVER['REMOTE_ADDR'];  mysql_query("DELETE FROM guests WHERE ip='$ip'"); mysql_query("UPDATE users SET status='1' WHERE id='".$userinfo['id']."'"); header('refresh: 0; url=/'); } } }   Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.