Page 1 of 1

PHP Syntax

Posted: Fri Aug 05, 2005 3:51 pm
by quadoc
I've the following code, when I logged in as either an "admin" or an user, it didn't do anything. It supposed to load either an "admin" page or "member" page like in the script but it doesn't. Could someone take a look and see what I'm missing. Thanks... :?

Code: Select all

<?php

ob_start();
include("config.php");

/* $connection = mysql_connect($hostname, $sqlname, $sqlpass) or die("Couldn't select database.");
$db = mysql_select_db($mysqldb, $connection) or die("Couldn't select database.");
*/

MSSQL_CONNECT($hostname,$username,$password) or DIE("DATABASE FAILED TO RESPOND."); 
mssql_select_db($dbName) or DIE("Table unavailable"); 

if(isset($_POST["submit"])){
	$email = htmlspecialchars($_POST["user"]);
	$email = strtolower($email);
	$tkey = htmlspecialchars($_POST["tkey"]);
	$tkey = strtoupper($tkey);

	if ($email == ""){

			header('Location: index.php?x=login&error=Error, You have entered an invalid email or tix key1');
	
	}else{
	
/*		$userinfo = mysql_query("SELECT * FROM `users` WHERE email='$email' LIMIT 1");
		$row = mysql_fetch_array($userinfo);
*/

		$query = "SELECT * FROM users WHERE email ='".$email."'"; 
		
		$result = MSSQL_QUERY($query); 

        $nRow = MSSQL_NUM_ROWS($result); 
       echo "Number of rows returned: ", mssql_num_rows($result);
	   //$tbl_key = mssql_result($result,"1","tkey");

	   
       while ($row = mssql_fetch_array($result)) {
         $tbl_tkey = $row["tkey"];
		 $tbl_admin = $row["admin"];
       }


		if($nRow == 0){
		
			header('Location: index.php?x=login&error=Error, You have entered an invalid email or tix key2');
		} else {

//			if($row["tkey"] == $tkey) {
			if($tbl_tkey == $tkey) {
				$_SESSION["email"] = $email;
				$_SESSION["admin"] = $row["admin"];
				$_SESSION["name"] = $row["name"];
				$_SESSION["tkey"] = $tkey;
				$_SESSION["logged_in"] = true;

				if($_SESSION["admin"] == 1)
				{

					//header('Location: index.php?x=admin&a=show&dep=1&tixstatus=1');
					header('Location: index.php?x=admin&a=show&dep=-1&tixstatus=1');
				}
				else
				{
					header('Location: index.php?x=member');
				}
			} else {

				header('Location: index.php?x=login&error=deepdoo, You have entered an invalid email or tix key3');
			}
		}
	}
}

ob_end_flush();
	
	?>
feyd | you can start using

Code: Select all

tags at any time now...[/color]

Posted: Fri Aug 05, 2005 4:03 pm
by feyd
  1. Your header redirects need some adjustment. The error ones specifically.. you need to have URL safe escaped text: RawUrlEncode()
  2. If you are testing this in IE, which I imagine you are, and you hit enter, instead of clicking/thumping the submit button, you won't see $_POST['submit']. Instead of looking for that, look for a field that will always be submitted with the form..

Posted: Fri Aug 05, 2005 4:14 pm
by quadoc
"you won't see $_POST['submit']. Instead of looking for that, look for a field that will always be submitted with the form.."

How do I look for fields? I'm lost... :?

Posted: Fri Aug 05, 2005 4:16 pm
by feyd
$_POST['submit'] is a field name (in this case a button) on the form you are using. The username input, or a hidden input may be good to look for... post your form HTML code..

Posted: Fri Aug 05, 2005 4:21 pm
by quadoc
Ok, here is my form code.

Code: Select all

table width="600" border="0" align="center" cellpadding="1" cellspacing="1">
  <tr> 
	  <td><table width="600" border="0" cellspacing="0" cellpadding="0">
        <tr> 
          <td><strong>Please log in<br>
            </strong><img src="images/login.png" width="54" height="54"></td>
          <td width="45" align="center" valign="top"><a href="index.php?x=home"><img src="images/back.png" width="54" height="54" border="0"><br>
            Back</a></td>
        </tr>
      </table></td>
	</tr>
	<tr> 
	  <td><font color="#FF0000"><?php if(isset($_GET["error"])) { echo htmlspecialchars($_GET["error"]); } ?></font><form name="login" method="post" action="logon.php">
        <table width="300" border="0" cellspacing="0" cellpadding="0">
          <tr> 
            <td>E-mail</td>
            <td><input name="user" type="text" id="user2" value="<?php if(isset($_SESSION["email"])){ echo $_SESSION["email"]; } ?>"></td>
          </tr>
          <tr> 
            <td>Password</td>
            <td><input name="tkey" type="password" id="pass2" value="<?php if(isset($_SESSION["tkey"])){ echo $_SESSION["tkey"]; } ?>"></td>
          </tr>
          <tr> 
            <td>&nbsp;</td>
            <td><input name="submit" type="submit" id="submit" value="Submit"></td>
          </tr>
        </table>
        <p>Forgot your password? (<a href="index.php?x=pwdforgot">Click Here</a>)</p>
      </form></td>
	</tr>
</table>

feyd | seriously, start posting php code in

Code: Select all

tags. [/color][/size]

Posted: Fri Aug 05, 2005 4:31 pm
by feyd
use $_POST['user'] instead of $_POST['submit']