php not picking up a variable

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

php not picking up a variable

Post by m3rajk »

code in use: http://people.brandeis.edu/~m3rajk/JMT/ ... signup.php
code minus opening <?php: http://people.brandeis.edu/~m3rajk/JMT/ ... signup.txt

main issue (only one that MUST be resolved): php is not picking up the variable step in the submission of the 4th step.
function that creates the 4th step:

Code: Select all

<?php 
function s4(){ 
  ?>      <h1>THIS IS A TEST. IT DOES NOT HAVE A DATABASE CONNECTION NOR DOES IT CHECK USERNAMES. THIS LINE WILL BE REMOVED IN THE REAL ONE </h1> 
      
      <p>Thank you for your interest in joining FindYourDesire.com. We need to know some things about you in order to make your profile here. Any feild in <font color="#ff0000">RED</font> is required. Any feild marked with an * is confidential and will NOT show up in your user stats. Any feild with a &#176; will not show up in your user stats, but is collected for future features. You will be notified before they are used.</p> 
      <h2>NOTE: MAXIMUM PICTURE SIZE IS 150 KB</h2> 
      <form enctype="multipart/form-data" action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST"> 
   <input type="hidden" name="step" value="5"><input type="hidden" name="MAX_FILE_SIZE" value="153600"> 
   <table frame="void" bgcolor="#000000" border="0" cellpadding="0" cellspacing="0" text="#c8c8c8"> 
       <tr><td>Your <a name="#confcode" href="#confcode" onClick="window.open('faq.php?seek=confcode', 'faq', 'width=500,height=250,scrollbars=yes');">Confirmation Code</a></td><td><input type="text" name="conf" size="25"></td></tr> 
       <tr><td>Upload your main picture</td><td><input type="file"  accept="image/jpeg" name="main" size="25"></td></tr> 
       <tr><td>Upload Thumb 1</td><td><input type="file"  accept="image/jpeg" name="t1" size="25"></td></tr> 
       <tr><td>Upload Thumb 2</td><td><input type="file"  accept="image/jpeg" name="t2" size="25"></td></tr> 
       <tr><td>Upload Thumb 3</td><td><input type="file"  accept="image/jpeg" name="t3" size="25"></td></tr> 
       <tr><td>Upload Thumb 4</td><td><input type="file"  accept="image/jpeg" name="t4" size="25"></td></tr> 
       <tr><td>Upload your <a name="#salute" href="#salute" onClick="window.open('faq.php?seek=salute', 'faq', 'width=500,height=250,scrollbars=yes');">salute</a></td><td><input type="file"  accept="image/jpeg" name="salute" size="25"></td></tr> 
       <tr><td><input type="submit" value="Go To The Next Step"></td><td><input type="reset" value="Restart This Step"></td></tr> 
   </table> 
    </center> 
  </body> 
</html> 
<?php 
}?>
thanx in advance for your insight.

-m3rajk

ps: i inserted two more debugging lines that proves that NOTHING is being passed at step 4. i tried something on a hunch...

http://people.brandeis.edu/~m3rajk/JMT/ ... signup.php

in this one i changed: <form enctype="multipart/form-data" action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST">
to: <form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST">

it works there, but i don't know if the pictures would upload (i don't think i have access to the upload directory on that server, please don't try to test that) would it upload right without that line? what would cause it to work incorrectly when that line is there???
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

bonus: has anyone ade a semi-secure site before where you had to differentiate users and keep them out of each others' accounts while logging who' a person is on the site as? i have a few questions but i think the answers may create more and would like to set up a realtime discussion

what i need to be able to access (being done via cookies)
  • username (noted on certain pages, so it would be nice to be able to just take it from this)[/8]
  • access level (what pages aside form the personal control panels may be accesssed)
i'm thinking of the username in plaintext, and having the pw in an md5 hash and then checking if the pw and un match before getting to sensitive areas, but i don't know about access.. should i call that from the db every time? i'd like to hear from those with experience
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

Hello. I can't answer your first question, regarding step (I hosestly can't see an error, maybe I'm blind :? ), but I can give a shot at your second question regarding diffrenciating users.

You have a login page (right?). On that login page, you ask a user for his username and his password. You go and fetch it out of a database (or a file, doesn't matter, but I'll stick to MySQL in thi example). This is what your code should look like:

Code: Select all

//from a login form, you have passed the variable $username and $password.
//let's encrypt the password using the md5 algorithm for security measures
$password=md5($password);
//assuming your connection is established...

$sql="SELECT * FROM users WHERE username='$username' AND password = '$password'";
$result=mysql_query($sql, $connection);
if (mysql_num_rows($result)==1) { //if the username/password combo exists...
$row=mysql_fetch_assoc ($result);
session_start(); //start the session
//now after you pulled the data out of the database, you can assign it to the global variable $_SEESION. For example:
$_SESSION['username']=$row['username'];
$_SESSION['auth']=true; //there is an authorized session
$_SESSION['access_level']=$row['access_level']; //i.e. admin, user, etc.
}
else{
$_SESSION['auth'] = false; 
$_SESSION['username'] = ''; 
echo "Wrong username/password";
}
Now you can call $_SESSION from any script, for example:

Code: Select all

session_start();
//this is a totally different script
if ($_SESSION===true){
echo "You are logged in as ".$_SESSION['username'];
echo "Your access level is ".$_SESSION['access_level'];
//etc...
}
else {
echo "You are not logged in";
}

Code: Select all

//you may just as easily destroy a session
$_SESSION['username'] = ''; 
session_destroy();
Hope this helps.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

actually this is the signup, and want the forums sand such to be able to be bookmarked, and not forced to go via a form for links, so i decided to use cookies and do sessions manually. also...from elsewhere....
Originally posted by nikolai
[br]Okay -- look closely at your phpinfo() output. What's the value of "file_uploads"?

No value! PHP isn't configured to handle or allow file uploads. My guess is that PHP sees an incoming file, knows it's not configured to handle it, so throws away the incoming data.

The only thing to do is to ask the system administrator to enable file uploads in PHP. For security reasons, they should also upgrade PHP to the latest stable version.


Take care,

Nik
http://www.bigaction.org/
nice to know that. since it works without the file uploads, it should work when i move off this.

that means i've been playing with this for a few weeks pointlessly. oh well. it helped me tweak a bunch of things prior to getting to the db
Post Reply