SitePoint Sponsor

User Tag List

Results 1 to 19 of 19
  1. #1
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Red face if/else not if'n and else'n... what is wrong with me?

    ok, so i'm trying to build a SIMPLE site that carries a varible in a nice little cookie from page to page, and i was HOPING that my if/else clause would keep out the riff raff for the most part. the following code seems to allow authorized users to do what they need to do, but if said riff raff trys to go to a page with a chunk of this code on it, they just get a blank page (i know becuase i've dumped the aformentioned cookie and tried to get it, and it works the same if one enters a wrong login). this is the php end of my login thingy, but i hope to use much of it throughout my site as a tracking/authentication device.
    //not using this part throughout...
    <?php
    if ((!$_POST[user_name]) || (!$_POST[pass_word])) {
    header("Location: http://www.login_postgre1.html");
    exit;
    }
    ?>
    //using this...
    <?php
    // create connection; substitute your own information
    $dbconn = pg_connect("host=pgsql dbname=**** user=***** password=******") or die("Couldn't make a connection");
    // formulate and execute the query
    $sql = "SELECT * FROM sometable WHERE user_name='$_POST[user_name]' and pass_word='$_POST[pass_word]'";
    // execute SQL query and get result
    $sql_result = pg_query($dbconn,$sql) or die(pg_result_error());
    while ($row = pg_fetch_array($sql_result)) {
    $id = $row["id"];
    $user_name = $row["user_name"];
    //also not using this part throughout...
    setcookie("id", $id, time()+3600*24*2);
    //starting here for the rest of the site...
    $result = pg_query($sql) or die (pg_error());
    $num = pg_num_rows($result);
    // Present results based on validity.
    if ($num != "0") {
    echo "You are a valid user! Welcome, $user_name!<br> Click <a href=\"http://www.php\">here</a> to start doing stuff";}
    else {
    echo "You are not authorized! Maybe you could try to <a href=\"http://www.login_postgre.html\">login again</a>";}
    exit;
    }

    on the other pages, i check to see if the $id variable in the cookie matches to the db with this instead of the earlier code at the top
    $id = $HTTP_COOKIE_VARS["id"];
    // create connection; substitute your own information
    $dbconn = pg_connect("host=pgsql#### dbname=##### user=##### password=#####") or die("Couldn't make a connection");
    // formulate and execute the query
    $sql = "SELECT * FROM some_table WHERE id=$id";

    that works, it really does. it spits out a crazy, indecypherable error if there is no cookie, but i really dont care much about that just yet. i just want my if/else clause to redirect the yahoos and wierdos. i just dont get it. as you may have guessed, i'm not exactly an old hand at php or postgresql, but i've had some fun with coldfusion in the past. any help you could give me would be greatly appreciated.

  2. #2
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Please read the forum guidelines and any sticky posts prior to posting. Thank you.

    http://www.sitepoint.com/forums/showthread.php?t=192980
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  3. #3
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok, thank you, i did. your post was very vague. was there some rule broken, or did i do something else wrong? could you be more specific, and help a newbie out rather than just offering a summary snubbing? i'd really love to get some help with my issue, and you suggesting that i had not read "forum guidelines and any sticky posts prior to posting" helps no one, unless maybe you in which case maybe you did not have the time or energy to offer anything more useful. shame on you. you're welcome.

  4. #4
    SitePoint Addict KelliShaver's Avatar
    Join Date
    Mar 2003
    Location
    Morehead, KY
    Posts
    308
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, put yoru PHP code inside PHP tags (or at least code tags though the syntax hilighting of the PHPH tags will help). Without proper indenting, it's a big pain to read and troubleshoot

  5. #5
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Kelli is pretty much right. I saw that it was your first post and it was obvious you didn't read the "Read before you post..." thread, so I figured I better let you know up front to read through it as well as the forum guidelines, which I also assume you did not read.

    I'll see if I have time to get at your actual question a bit later
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  6. #6
    SitePoint Guru toasti's Avatar
    Join Date
    Feb 2004
    Location
    Grahamstown
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok. i think i agree with the other dudes and u should but your code into code tags!

    one thing (and this isnt why your script isnt working, but its easy and worth changing) you should change:

    Code:
    if ($num != "0") {
    echo "You are a valid user! Welcome, $user_name!<br> Click <a href=\"http://www.php\">here</a> to start doing stuff";}
    else {
    echo "You are not authorized! Maybe you could try to <a href=\"http://www.login_postgre.html\">login again</a>";}
    exit;
    }
    to

    Code:
    if ($num == "1") {
    echo "You are a valid user! Welcome, $user_name!<br> Click <a href=\"http://www.php\">here</a> to start doing stuff";}
    else {
    echo "You are not authorized! Maybe you could try to <a href=\"http://www.login_postgre.html\">login again</a>";}
    exit;
    }
    the first version will allow people in if there are more than one users with that uid/pword combo, which you dont want....

    as a rule, with validation you want to narrow down what you accept to the bare minimum.

  7. #7
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you toasti, i appreciate your help. let me try to put the code in question here in a way that is socially acceptable:
    PHP Code:
     //not using this part throughout...
    <?php
    if ((!$_POST[user_name]) || (!$_POST[pass_word])) {
    header("Location: http://www.login_postgre1.html");
    exit;
    }
    ?>
         //using this...
    <?php
         
    // create connection; substitute your own information
    $dbconn pg_connect("host=pgsql dbname=**** user=***** password=******") or die("Couldn't make a connection");
         
    // formulate and execute the query
    $sql "SELECT * FROM sometable WHERE user_name='$_POST[user_name]' and pass_word='$_POST[pass_word]'";
         
    // execute SQL query and get result
    $sql_result pg_query($dbconn,$sql) or die(pg_result_error());
    while (
    $row pg_fetch_array($sql_result)) {
    $id $row["id"];
    $user_name $row["user_name"];
         
    //also not using this part throughout...
    setcookie("id"$idtime()+3600*24*2);
         
    //starting here for the rest of the site...
    $result pg_query($sql) or die (pg_error());
    $num pg_num_rows($result);
         
    // Present results based on validity.
    if ($num == "1") {
    echo 
    "You are a valid user! Welcome, $user_name!<br> Click <a href=\"http://www.php\">here</a> to start doing stuff";}
    else {
    echo 
    "You are not authorized! Maybe you could try to <a href=\"http://www.login_postgre.html\">login again</a>";}
    exit;
    }
    i changed the validation to reflect the awesome suggestion of toasti. i'd really like to get to the bottom of this issue, and by the volume of response to my first poorly formatted post, i get the feeling like help is on the way. i hope i have not failed again.

  8. #8
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok, so i seem to have sidestepped my issue for now, but i still want to know why my stupid code doesnt work the way it looks like it should. instead relying on the the if/else clause to weed out the unauthorized wierdos, i just add a
    PHP Code:
     if ((!$HTTP_COOKIE_VARS["id"])) {    

    header("Location: http://www.login_postgre1.html");
        exit;

    to the top of the rest of my pages to look for the cookie i set. that seems to work, but i would love it if some kind person could look a my code and maybe suggest a possible soultion or route to one. thanks to all that have helped so far.

  9. #9
    SitePoint Wizard Lats's Avatar
    Join Date
    Jun 2003
    Location
    Melbourne, AU
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try changing...
    PHP Code:
    $id $row["id"]; 
    $user_name $row["user_name"]; 
    to...
    PHP Code:
    $id $row['id']; 
    $user_name $row['user_name']; 
    Lats...

  10. #10
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks! unfortunately, that yielded no changes in the outcome... my code works the way I want it to when the correct user/password combo is input, but when something is wrong, that page still just comes up blank.

  11. #11
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi
    might it be of any help? I used sessions instead of cookies but if you really want cookies, just change the relevant bit of codes.

    DISCLAIMER: I might not be able to check this thread in the next few days. Sorry if my follow up sucks



    you will create say... your 'login' table.
    Code:
    CREATE TABLE `login` (
      `userID` mediumint(11) unsigned NOT NULL auto_increment,
      `username` varchar(25) NOT NULL,
      `password` varchar(50) NOT NULL,
      PRIMARY KEY  (`userID`)
    )
    Here is a simple login script:
    PHP Code:

    <?php 
    session_start
    (); 

    //get the data used to authenticate users 

    $username trim(addslashes($_POST['username'])); 
    //without encryption:
    $password trim(addslashes($_POST['password'])); 
    //with encryption 
    $password md5($_POST['password']); 

    //if you use encryption. make sure that you will first record your user password like this:
    //$password = md5($_POST['password']); 

    //perform the query to see if you have a matching result 

    $sql mysql_query
    "SELECT userID 
    , username 
    , password 
    FROM login 
    WHERE username = '
    $username
    AND password = '
    $password
    LIMIT 0,1"

    or die(
    '<p>Unable to query the database at this time.<br />Error: ' mysql_error() . '</p>'); 
    $row mysql_fetch_array($sql); 

    if(
    mysql_num_rows($sql) == 1// if there is one matching result, then get some data to be displayed on your pages for the user logged in. 

        
    $_SESSION['userID'] = $row['userID']; 
        
    $_SESSION['username'] = $row['username']; 
        
    $_SESSION['loggedin'] = TRUE// Setting session var 'loggedin' to true--> check it on top of each you want to be protected. 
           
        
    header('Location:http://www.yoursite.com/welcome.php'); // redirects to the welcome page if everything is ok. always use absolute URL!! 
        
    exit; 
           
    }else{ 
        
    header('Location:http://www.yoursite.com/error.php'); // Redirect to error page. 
        
    exit; 

    ?>
    Then use this code on top of each page you want to be protected:
    PHP Code:

    if ($_SESSION['loggedin'] == TRUE) { 
    //display page 

    else { 
    //redirect to another page, like index or login... 



    for a much more complex auth system, check out this article:

    http://www.sitepoint.com/article/ant...access-control

    just in case, here is the login form:
    Code:
    <form action="checklogin.php" method="post">
    username: <input type="text" name="username" size="10" />
    password: <input type="password" name="password" size=10 />
    <input type="submit" value="go" />
    </form>
    now if you need to add new users, use the table shown above, and use the below code.
    here is the form:
    Code:
    <form action="addnewmember.php" method="post">
    username: <input type="text" name="username" size="10" />
    password: <input type="password" name="password" size=10 />
    <input type="submit" value="go" />
    </form>
    here is the addnewmember.php relevant code:
    PHP Code:
    $username trim(addslashes($_POST['username'])); 
    //without encryption: 
    $password trim(addslashes($_POST['password'])); 
    //with encryption 
    $password md5($_POST['password']); 


    //perform the query to see if you have a matching result 

    $sql mysql_query
    "INSERT INTO
    login
    SET 
    username = '
    $username' '
    , password = '
    $password' ' 
    LIMIT 0,1"

    or die(
    '<p>Unable to query the database at this time.<br />Error: ' mysql_error() . '</p>'); 

  12. #12
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you for your very in-depth reply! I already have all of that stuff set up and it works fine- I've chosen not to use encryption, but the rest of that stuff looks pretty much like the standard stuff i've found in most online login-building tutorials. all i don't understand is why in the heck my doggone 'else' doesn't display- like i said- the 'if' part seems to work fine when a user inputs the correct user/pass combo. the
    problem lies only with the 'else'- all that happens when some random user that hasnt registered tries to login is a blank page gets displayed- and for some reason it does so in the right page... would it help for me to add any more information about my code or database? Thank you again for the help anyway!

  13. #13
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tip:
    redirect your users to an error management page. In the long run, you'll love a page like this one.

    PHP Code:
    else{ 
        
    header('Location:http://www.yoursite.com/error.php?e=wrong_login'); // Redirect to error page. 
        
    exit; 

    and at the top of error.php
    PHP Code:
    $error $_GET['e'];
    if (
    $error 'wrong_login') {
    $error_message 'A problem occured during your registration process. Please try again.';

    And in the body of your page.

    PHP Code:
    echo ($error_message); 
    that you can manage multiple errors only in one page.
    If you have more than one error to manage in the near future, then use the switch statement instead of multiple ifs.

    Try this code as it is and tell me what is happening. Also, you should modify the code of my last post and use it.

  14. #14
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i would like to thank you again, Alex, but I'd also like to point out that at this point in my design, i'm only looking for a simple solution to my 'else' issue. I really appreciate what you have done, but I'm not looking to recode my site, just solve my silly little issue. Can you suggest why 'else' is behaving the way it is, or is there some other reason that i should recode my pages to fit your parameters? I am open to your suggestions, but i am on a time budget here, so unless you see recoding as totally necessary, i dont want to do it. If i NEED to recode, could you explain why? This will be my first site using PHP, and I want to learn what i'm doing right and wrong for my personal betterment. could you (or anyone else) address my question first, even your answer is "you are a noobie, you are doing it wrong, and the way i'm showing you is the best way to do a site- even if it's your first one and complexity is something you want to shy away from for the time being." I'm not just looking for code that works, but also the logic and learning behind it. Thank you very much!

  15. #15
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    k

    just try this and tell us what's happening.
    PHP Code:
    if ($num == 1) { 
    echo (
    'ok');
    }else{ 
    echo (
    'not ok');

    Also... why are you using a while loop? Where do you end it?

  16. #16
    SitePoint Enthusiast ssx-gun's Avatar
    Join Date
    Sep 2002
    Location
    Strongsville, OH
    Posts
    97
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by duuudie
    Also... why are you using a while loop? Where do you end it?
    most people use while loops with databases. once you learn it one way its hard to change, even if there are better ways.
    PHP: Pills Help People
    ---
    weird-one.com


  17. #17
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok- right now my stuff looks like this:
    PHP Code:
    while ($row pg_fetch_array($sql_result)) :
            
    $id $row['id'];
            
    $user_name $row['user_name'];
    setcookie("id"$idtime()+3600*24*2);
    $result pg_query($sql) or die (pg_error());
    $num pg_num_rows($result);
    // Present results based on validity.
    if ($_POST[user_name] == "****" || $_POST[pass_word] == "****") {
        echo 
    "Welcome person with different rights than the rest of the riff raff! Click <a href=\"http://www.admin.php\">here</a> to go to your administration page.";}
    elseif (
    $num == "1") {
        echo 
    "You are a valid user! Welcome, $user_name!<br> Click <a href=\"http://www.menu.php\">here</a> to start doing simple stuff
        } else {
        echo "
    You are not authorizedMaybe you could try to <a href=\"http://www.login_postgre1.html\">login again</a>";
        exit;
    } endwhile; 
    trying it your way, I get 'ok' with a correct user/pass combo and blank page with incorrect stuff. I'm using a while loop so i can address the user more personally, but i'm not super attached to that method. you can see, however, that i need a way to direct one particular user to the 'high overloard of all things cool in this directory' admin page. maybe i'm being a bit over zealous or something here, but mostly i just want to allow the general membership to go one place, and the administrator to go another- does that make sense?

  18. #18
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It looks worser to me.

    try this instead:

    PHP Code:


    // create connection; substitute your own information 
    $dbconn pg_connect("host=pgsql dbname=**** user=***** password=******") or die("Couldn't make a connection"); 

    // formulate and execute the query 
    $sql "SELECT * 
    FROM sometable 
    WHERE user_name='
    $_POST[user_name]
    AND pass_word='
    $_POST[pass_word]'"

    // execute SQL query and get result 
    $sql_result pg_query($dbconn,$sql) or die(pg_result_error()); 

    //fetch the result
    $row pg_fetch_array($sql_result);

    //count the result. If only one row match, then it's ok.
    if (pg_num_rows($sql) == 1) { 

    $id $row["id"]; 
    $user_name $row["user_name"]; 

       echo 
    "You are a valid user! Welcome, $user_name!<br> Click <a href=\"http://www.php\">here</a> to start doing stuff"

    }else { 

       echo 
    "You are not authorized! Maybe you could try to <a href=\"http://www.login_postgre.html\">login again</a>"


  19. #19
    SitePoint Enthusiast crazylegswilson's Avatar
    Join Date
    Nov 2004
    Location
    oregon
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok, i see what you did there, but i still need to 1) set a cookie for later called 'id'
    2) direct most folks to the main section of the site and one user to the admin section... your code does not accomplish either of those things for me... the way i have my code in that last post works except it doesnt echo the 'you are unauthorized' to unauthorized users... is there any chance you could just tell me how to get that part going, or tell me why it wont work, rather than continuing to just say 'do this' or 'do that instead'- try to remember that i'm learing php from library books and anything i can dig up on the internet, so i need to understand the 'why' behind the advice you give to make me better... like i've said many times- i am very thankful that you've been helping me so far- i'm just wondering if you wouldnt mind directly answering my question, or at least directly attacking the issue i want to address? I just feel like using your suggestions hasnt looked like anything but a step sideways or backwards from where i want to be...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •