Where's the error?

[LemonInflux]

Basically, this is a login code for my in-the-works forum.

 

This is user_auth_fns.php (the file with the function):

 

<?php
require_once('db_fns.php');
db_connect();

function login($username, $password){
$sql = 'SELECT * FROM `members` where username = "'. $username .'" and password = "sha1('. $password .')"';
$sqlresult = mysql_query($sql);
if(mysql_num_rows($sqlresult) = 0){
return false;
}elseif(mysql_num_rows($sqlresult = 1){
return true;
}else{
return false;
}
}
?>

 

Here is db_fns.php:

 

<?php
function db_connect(){
$dbHost = "x";         //Location Of Database
$dbUser = "x";         //Database User Name
$dbPass = "x";        //Database Password
$dbDatabase = "x"; //Database Name

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 
}
?>

 

 

And here is the start of index.php (the main file):

 

<?php
include('db_fns.php');
include('user_auth_fns.php');
db_connect();

session_start();

//create short variable names
$username = $_POST['username'];
$password = $_POST['password'];

if(isset($username) && isset($password))
// they have just tried logging in
{
  login($username, $password);
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $username;
  $message = '- Login Successful!';
  }else{
  $message = '- Login Failed!';
}
?>

 

My problem is, it's causing index.php to be completely blank. So, where's the error? I think I've narrowed it down to a problem in user_auth_fns.php, because when I delete the include, it works fine. Any help is appreciated. Thanks in advance, Tom.

[wildteen88]

It would be a good idea to turn display_errors on and up error_reporting to E_ALL in the php.ini. That way if there is any errors they be shown during run time rather than getting an unhelpful blank screen.

 

But for now try removing these two lines:

require_once('db_fns.php');
db_connect();

in user_auth_fns.php.

 

You have already included db_fns.php in index.php. No need to include it again in user_auth_fns.php.

[LemonInflux]

Parse error: parse error, unexpected '=' in e:\domains\r\reflexprojects.net\user\htdocs\forumbuild\user_auth_fns.php on line 5

 

Line 5 is:

 

if(mysql_num_rows($sqlresult) = 0){

[LemonInflux]

Weirdly, I removed the spacing around it, and the page started showing. Although, now there's loads of errors. Will post them in a sec after I see which ones I can sort.

[LemonInflux]

Wait, spaces didn't help. That's still an error.

[BlueSkyIS]

that should be ==, not =

 

if(mysql_num_rows($sqlresult) == 0) {

 

you're attempting to assign a value to a function using =

 

[iPixel]

im not too fond of that select statement... coincidentally on line 5.

 

give this a shot...

$sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')";

[LemonInflux]

Parse error: parse error, unexpected '{' in e:\domains\r\reflexprojects.net\user\htdocs\forumbuild\user_auth_fns.php on line 7

 

line 7: }elseif(mysql_num_rows($sqlresult == 1){

 

Also, have put that query in.

[BlueSkyIS]

missing second paren, oy:

 

} elseif(mysql_num_rows($sqlresult) == 1) {

 

 

... and the suggested change to SQL will make no difference. Both ways will produce the exact same result.

[LemonInflux]

Ah, ok. Also, added that, now these are the errors:

 

 

Notice: Undefined index: username in e:\domains\r\reflexprojects.net\user\htdocs\forumbuild\index.php on line 14

 

Notice: Undefined index: password in e:\domains\r\reflexprojects.net\user\htdocs\forumbuild\index.php on line 15

 

Well, these are:

 

$username = $_POST['username'];
$password = $_POST['password'];

 

But they're only defined if a person is directed to that page via the login.

 

Notice: Undefined index: SESSION_UNAME in e:\domains\r\reflexprojects.net\user\htdocs\forumbuild\inc\header.inc on line 3

 

That's

if(!$_SESSION["SESSION_UNAME"]){

But the header.inc is for the nav stuff. I guess it's talking about the bit I tried to add:

 

if(!$_SESSION["SESSION_UNAME"]){
echo '<a href="login.php">Log In</a></p>';
}else{
echo '<a href="#">Log Out ['. $username .']</a></p>';
}

 

It was meant to change to log in/log out, depending on whether you were logged in or not.

 

 

Notice: Undefined index: SESSION_UNAME in e:\domains\r\reflexprojects.net\user\htdocs\forumbuild\index.php on line 90, which is:

 

<?php if(!$_SESSION["SESSION_UNAME"]){ echo 'You are not logged in. <a href="login.php">Log In</a> or Register.'; }else{ echo 'Hello, '. $username; } ?>

[BlueSkyIS]

turn off notices in php.ini or you'll be looking at that stuff all the time.

[iPixel]

instead of doing the simple

 

$username = $_POST['username'];

 

try

 

$username=  isset($_POST[username]) ? $_POST[username] : null;
if (!is_null($username)) 
{
	$username= $_POST[username];
}

 

and see if you still get the errors

 

 

[LemonInflux]

Ok, that got rid of those errors.

[LemonInflux]

still left are undefined sessions; would the same kinda thing sort it?

[iPixel]

no no that wont fix the session problems ...

 

try this though.. but dont hold me to it working

 

if(!$_SESSION['SESSION_UNAME']){
echo '<a href="login.php">Log In</a></p>';
}else{
echo '<a href="#">Log Out ['. $username .']</a></p>';
}

[LemonInflux]

...Isn't that my code?

[LemonInflux]

Wait, I see. But it still didn't work

[iPixel]

can i see the code to create the session ?

[LemonInflux]

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('config.inc.php');
include('db_fns.php');
include('user_auth_fns.php');
db_connect();

session_start();

//create short variable names

$username =  isset($_POST['username']) ? $_POST['username'] : null;
if (!is_null($username)) 
{
	$username= $_POST['username'];
}
$password =  isset($_POST['username']) ? $_POST['username'] : null;
if (!is_null($username)) 
{
	$username = $_POST['username'];
}


if(isset($username) && isset($password))
// they have just tried logging in
{
  login($username, $password);
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $username;
  $message = '- Login Successful!';
  }else{
  $message = '- Login Failed!';
}
?>

 

It's all in the index.php bit.

[iPixel]

shouldnt the sessions name be 'valid_user' instead of 'SESSION_UNAME'

 

if(!$_SESSION['valid_user']){
echo '<a href="login.php">Log In</a></p>';
}else{
echo '<a href="#">Log Out ['. $username .']</a></p>';
}

[LemonInflux]

oops >_< Changed, although still errors. http://www.reflexprojects.net/forumbuild

[BlueSkyIS]

those are still undefined index notices which you wouldn't see if you turned them off.

 

although if you want to do things 'perfectly' you would set the indices so they aren't undefined.

[iPixel]

Still says  SESSION_UNAME

 

Notice: Undefined index: SESSION_UNAME in e:\domains\r\reflexprojects.net\user\htdocs\forumbuild\index.php on line 98

 

can you tell show me the lines 97,98,99

[LemonInflux]

says valid user now. Forgot to upload. Shall I just take the error reporting out, then?

[BlueSkyIS]

if it's working, leave it alone 

 

If you have access to change php.ini, I'd turn off all but errors there. if you can't change php.ini, you'll need to set error_reporting in your scripts.