PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
ok I'm posting the whole code so you can see the full routine, the problem I'm having is that when you go to login and enter the correct password and such, after you submit the form it is not going including the loggedin.php but is defaulting to the notloggedin.php, here's my script:
<?php
// database connect script.
require_once 'db_connect.php';
include("header.html");
if (isset($_POST['submit'])) { // if form has been submitted
/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
die('<center><font color=white>You did not fill in a required field(s).</font></center>');
}
// authenticate.
if (!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}
$check = $db_object->query("SELECT username, password FROM users WHERE username = '".$_POST['uname']."'");
if (DB::isError($check) || $check->numRows() == 0) {
die('<center><font color=white>That username does not exist in our database.</font></center>');
}
$info = $check->fetchRow();
// check passwords match
$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);
if ($_POST['passwd'] != $info['password']) {
die('<center><font color=white>Incorrect password, please try again.</font></center>');
}
// if we get here username and password are correct,
//register session variables and set last login time.
$date = date('m d, Y');
$update_login = $db_object->query("UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'");
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
$db_object->disconnect();
include("loggedin.php");
} else { // if form hasn't been submitted
include("notloggedin.php");
echo "<br>";
include("footer.html");
}
?>
I have no idea why this isn't working, any ideas, thanks guys
Just a heads up: it's generally not a good idea to look for the submit button in the post unless that's the only way the page could be submitted. For instance, say you have some text fields. I could hit enter to submit the form, this would not pass the submit button, yet the form would be properly formatted. I would get annoyed that I have to click submit for it to work and would consider it broken functionality as well if I were a tester...
I personally use $_SERVER['REQUEST_METHOD'] to tell me if the page is being posted to. If there are multiple forms that could submit to this page, I look for something unique within each of them (if differing processing is needed.) Additionally, to make sure the page doesn't break badly, I check for the existance of each variable I'm expecting for the given form I'm processing using something similar to:
ohh, so just add a hidden link that identifys which form it comes from and check for that instead??? hmm... good idea, I never thought about that... thanks...
oh yeah that maybe the problem, it must have gotten edited out on accident, when I was integrating it into another project, thanks I'll try that
I dont think ur supposed to stripslashes on a md5 encrypted password. Because if there was something inthere that gets stripped ur passes would not match.
an md5'd string (not binary) is 32 hex characters, there's nothing to strip slashes from.. However, it is a good idea to check [php_man]get_magic_quotes_gpc[/php_man]() to see if you need to run a stripslashes or not..
feyd Im trying to do what you said but it isn't working for me:
I tried making a hidden tag with the name submit and it doesn't work, so I made a submit button and named it submit and it worked then.... but I don't want to use that horrid looking html button, so is there some way of doing this with a link:
the magic submit button. it does whatever you want by reading your mind and applying itself accordingly. it costs soul points, just like any powerful tool, because using it can give you the upperhand over other developers who actually work for what they want. but don't worry, your soul points can be rejuvinated by drinking hawaiian punch.
trying to call the submit function inside a form which has a field or button named submit will fail, as it resolves the name first, before the method..