thewooleymammoth Posted August 31, 2007 Share Posted August 31, 2007 <?php $username="root"; $password=""; $database="userlist"; $table="login"; $user=$_POST['username']; $userpass=$_POST['password']; $connectmysql=mysql_connect('localhost',$username,$password) or die(mysql_error()); $selectdb=mysql_select_db($database) or die(mysql_error()); $query=mysql_query("SELECT*FROM $table WHERE username='$user'"); $result=mysql_fetch_assoc($query) or die('error'); $user2=$_COOKIE['auth']; $makecookie=setcookie ('auth','$user'); if($_COOKIE['auth']) { echo "welcome $user2"; } elseif (!isset($_POST['loggedin'])) { echo "<a>please login:</a><br> <form method='post' action='index.php'> Username:<input type='text' name='username'><br> Password:<input type='text' name='password'><br> <input type='submit' name='loggedin' value='Log In'><br> <a href='resister.php'>Register here</a>"; } elseif (isset($_POST['loggedin'])) { $connectmysql; $selectdb; if($user == $result['username']) { if($userpass == $result['password']) { $makecookie; echo "You have logged in succesfully"; } elseif ($userpass != $result['password']) { echo "bad user/password combonation please try again.1"; } } elseif ($user !== $result['username']) { echo "bad user/password combonation please try again.2"; } } else { echo "error"; } ?> i just get the "error" which means none of the conditions are met... and i dont see how its possible for none of them to be met... thanks Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted August 31, 2007 Share Posted August 31, 2007 How do you know the string "error" that you're seeing is not from this line: $result=mysql_fetch_assoc($query) or die('error'); You also have this line: $makecookie=setcookie ('auth','$user'); You should probably drop the single quotes around the variable $user. What are you trying to accomplish with the line: $makecookie; Also, you have spelled combination wrong. Quote Link to comment Share on other sites More sharing options...
thewooleymammoth Posted August 31, 2007 Author Share Posted August 31, 2007 ah thanks.. i am getting the error from the line. $result=mysql_fetch_assoc($query) or die('error'); and originally i had something like this elseif (isset($_POST['loggedin'])) { $connectmysql; $selectdb; if($user == $result['username']) { if($userpass == $result['password']) { setcookie ('auth','$user'); echo "You have logged in succesfully"; } elseif ($userpass != $result['password']) { echo "bad user/password combonation please try again.1"; } } elseif ($user !== $result['username']) { echo "bad user/password combonation please try again.2"; } but it said it couldnt modify header or something like that, so i thought if i make it as a variable at the top of the page it might do it right... idk i was just expiramenting and left it. help with that would be apreciated also, but now i need to know why im getting an error from this line $result=mysql_fetch_assoc($query) or die('error'); thanks again Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted August 31, 2007 Share Posted August 31, 2007 Because if the person never did press the submit button, then $_POST['user'] will always be nulled. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted August 31, 2007 Share Posted August 31, 2007 Why don't you replace 'error' with mysql_error() and get some output that's actually useful. Web servers will send what's called header information to a browser before any of the actual web page is sent. Headers basically warn the browser what the content it's about to receive actually is. For example, if the web server is sending a basic HTML file, it will warn the browser that the incoming content is of type text/html. If instead the web server were about to send a PDF file, it would warn the browser that the incoming content is of type application/pdf so that the browser knows to open it with a PDF reader. This is an oversimplified explanation. The catch with headers is they must come before any of the actual page or document. Certain PHP functions, set_cookie() being one of them, modify header information. Therefore when you have any sort of echo, print, print_r, etc. statement and then call set_cookie, PHP is going to complain at you. Now you tried to fix it by placing $makecookie=setcookie ('auth','$user'); at the top of your script. What this does is calls the function and stores the function's return value in a variable $makecookie. This does not save the statement into a variable to be executed later; it calls the function immediately. Therefore, in conjunction with your first if statement: if($_COOKIE['auth']) The cookie will always be set! The way you have structured your code the first if block should always execute; that is how I knew it was your die() statement that was printing the "error" string. It was impossible for your code to execute the other statement that outputs "error." I suggest you read up a little more in the PHP manual about functions, return values, and how to make use of them. As for the actual statement: $makecookie=setcookie ('auth','$user'); This will set a cookie named auth with the value $user and not the contents of the variable $user. For example, if $user holds the value "bob", the value of your cookie will not be "bob;" it will be "$user." Variables are only replaced with their values inside of double quoted strings: $makecookie=setcookie ('auth',"$user"); // Note the double quotes! But since there is no other string inside the double quotes, why not just use the variable? $makecookie=setcookie ('auth',$user); // No quotes Now let's look at your line: $makecookie; Since $makecookie stores the result of a function call, in this case either true or false, this statement is equivalent to one of the following (depending on what the function returned) // this one true; // or this one false; Both of them are valid PHP statements AFAIK, but neither does anything useful. As for actually figuring out what's wrong with your code, here are some steps you can follow. First, insert the following at the bottom of your file. This function will allow you to dump useful information about your data. After all, you know what the data should be, so make sure it's what you're expecting. function dbg_echo($val){ echo '<pre style="text-align: left;">' . print_r($val, true) . '</pre>'; } Next, change the following: $connectmysql=mysql_connect('localhost',$username,$password) or die(mysql_error()); $selectdb=mysql_select_db($database) or die(mysql_error()); $query=mysql_query("SELECT*FROM $table WHERE username='$user'"); $result=mysql_fetch_assoc($query) or die('error'); to // You do not need either the $connectmysql or $selectdb variables // you had. You only need to save values in variables if you are // planning to use them again. Your script makes use of neither. mysql_connect('localhost', $username, $password) or die("connect: " . mysql_error()); mysql_select_db($database) or die("select_db: " . mysql_error()); // Here you do need the $query value because you are planning // to use it $query = mysql_query("SELECT*FROM $table WHERE username='$user'") or die("select: " . mysql_error()); $result = mysql_fetch_assoc($query); dbg_echo($result); Quote Link to comment Share on other sites More sharing options...
thewooleymammoth Posted August 31, 2007 Author Share Posted August 31, 2007 alright as far as i can tell i got the whole thing working... woot for me im sure its not secure so if you feel like poking some holes in it now its fine with me. thanks again for all the help im off to the registration page! thanks again for the help. here was my final code. <?php $username="root"; $password=""; $database="userlist"; $table="login"; $connectmysql=mysql_connect('localhost',$username,$password) or die(mysql_error()); $selectdb=mysql_select_db($database) or die(mysql_error()); $user2=$_COOKIE['auth']; if($_COOKIE['auth']) { echo "welcome $user2"; } elseif (!isset($_POST['loggedin'])) { echo "<a>please login:</a><br> <form method='post' action='index.php'> Username:<input type='text' name='username'><br> Password:<input type='text' name='password'><br> <input type='submit' name='loggedin' value='Log In'><br> <a href='resister.php'>Register here</a>"; } elseif (isset($_POST['loggedin'])) { $user=$_POST['username']; $userpass=$_POST['password']; $query=mysql_query("SELECT*FROM $table WHERE username='$user'") or die(mysql_error()); $result=mysql_fetch_assoc($query) or die(error1); $connectmysql; $selectdb; if($user == $result['username']) { if($userpass == $result['password']) { setcookie ('auth', $user); echo "You have logged in succesfully"; } elseif ($userpass != $result['password']) { echo "bad user/password combanation please try again.1"; } } elseif ($user !== $result['username']) { echo "bad user/password combanation please try again.2"; } } else { echo "error"; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.