Page 1 of 1

Include() cannot see variables

Posted: Tue Mar 02, 2010 5:40 pm
by jackponte
Hi,
I have a login form in a page. I want to display errors in a formated page. I had to place all the PHP caode in the top of the page due to header functions. The code works but no variables are sent to the included page. Here is the code:

Here is the form in index.php

Code: Select all

 
      <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
        <table border="0" align="center">
          <tr>
            <td width="144" align="center"><p>Username:</p></td>
          </tr>
          <tr>
            <td><input type="text" name="username" maxlength="15"></td>
          </tr>
          <tr>
            <td align="center">Password:</td>
          </tr>
          <tr>
            <td><input type="password" name="pass" maxlength="15"></td>
          </tr>
          <tr>
            <td align="right"><center>
                <input type="submit" name="submit" value="Login">
              </center></td>
          </tr>
        </table>
      </form>
      <?php
}
 
Here is part of the error checking in index.php

Code: Select all

 
//if the login form is submitted
if (isset($_POST['submit']))
{
 
    //Gives error if user doesnt exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0) {
    //die('That user does not exist in our database.');
    $no_file = "<center><br>Sorry that file could not be found</center>";
    $message = $no_file;
    $testval = 5;
    include("errorpage.php");
    exit;
    }
 
 
and here is the code in errorpage.php

Code: Select all

 
<P><?php 
$no_access = "<center><br>Sorry could not connect to the Database</center>";
$no_file = "<center><br>Sorry that file could not be found</center>";
 
echo $testval; 
echo "Error: $message"; 
echo "<br>look for the error ";
?>
 
The $message does not print anthing nor the $testval. I think I did everything correctly.

Let me know if you see the error,

JP

Re: Include() cannot see variables

Posted: Tue Mar 02, 2010 8:57 pm
by kzenman
Not sure why you have a curly bracketr on line 25?

You have some duplicate variables but it should still work

Unless

If it's inside a function then you need to pass it through the function or make the values global

If you have functions please post them as well.

-Kzen

Re: Include() cannot see variables

Posted: Wed Mar 03, 2010 11:22 am
by jackponte
Hi,
Thanks for your help.

Here is the PHP from my index.php

Code: Select all

 
<?php 
 
ob_start();
 
// Connects to your Database
mysql_connect("localhost", "root", "escrma") or die(mysql_error());
mysql_select_db("rma_portal") or die(mysql_error());
 
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
 
//if there is, it logs you in and directes you to the members page
{
    $username = $_COOKIE['ID_my_site'];
    $pass = $_COOKIE['Key_my_site'];
    $check = mysql_query("SELECT * FROM cust_info WHERE Cust_Username = '$username'")or die(mysql_error());
    while($info = mysql_fetch_array( $check ))
    {
        if ($pass != $info['Cust_Password'])
        {
        }
        else
        {
        ob_start();
        header("Location: form0.php");
        ob_end_flush();
        }
    }
}
 
//if the login form is submitted
if (isset($_POST['submit']))
{
 
    // makes sure they filled it in
    if(!$_POST['username'] | !$_POST['pass']) {
    //die('You did not fill in a required field.');
    $message = $no_access;
    include("errorpage.php");
    exit;
    }
 
    // checks it against the database 
    if (!get_magic_quotes_gpc()) {
    $_POST['username'] = addslashes($_POST['username']);
    }
    
    $check = mysql_query("SELECT * FROM cust_info WHERE Cust_Username = '".$_POST['username']."'")or die(mysql_error());
 
    //Gives error if user doesnt exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0) {
    //die('That user does not exist in our database.');
    $no_file = "<center><br>Sorry that file could not be found</center>";
    $message = $no_file;
    $testval = 5;
    include("errorpage.php");
    exit;
    }
        while($info = mysql_fetch_array( $check ))
        {
        $_POST['pass'] = stripslashes($_POST['pass']);
        $info['Cust_Password'] = stripslashes($info['Cust_Password']);
        $_POST['pass'] = md5($_POST['pass']);
 
            //gives error if the password is wrong
            if ($_POST['pass'] != $info['Cust_Password']) {
            die('Incorrect password, please try again.');
            }
            else
            {
            // if login is ok then we add a cookie
            $_POST['username'] = stripslashes($_POST['username']);
            $hour = time() + 3600;
            setcookie(ID_my_site, $_POST['username'], $hour);
            setcookie(Key_my_site, $_POST['pass'], $hour);
 
 
            //Redirects to form page 
            header("Location: form0.php");
            
            //logged in, register the session..
            session_register("username");
            session_register("pass");
            }
        }
    }
    else
    {
// if they are not logged in
?>
 
I do not have any functions. Just a whole bunch of if statements

Thanks,

JP

Re: Include() cannot see variables

Posted: Wed Mar 03, 2010 12:37 pm
by flying_circus
Hi Jackponte,

I have many concerns about your script. There is not a single place in your code where input is validated, your script is open to SQL injection attacks, and you display error messages to the end user. You store user credentials in cookies, which is a HUGE no-no. Why bother writing a login script?

Your index.php contains a parse error. The final else statement is not closed at the end of the file.

To answer your question, I believe the root of the problem you are asking about is including the files in the incorrect order.

For example:

Code: Select all

if(!$_POST['username'] | !$_POST['pass']) {
  //die('You did not fill in a required field.');
  $message = $no_access;
  include("errorpage.php");
  exit;
}
You cannot assign the $no_access error message to $message, because you have not declared $no_access yet. The file containing $no_access does not get included until the following line.