Showing information that shoudn't be showed.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
NiGHTFiRE
Forum Contributor
Posts: 156
Joined: Sun May 14, 2006 10:36 am
Location: Sweden

Showing information that shoudn't be showed.

Post by NiGHTFiRE »

Hey,
I'm doing a script that shows diffrent things depending on if you're logged in or not. But it shows the same thing twice.
This is a basic code example (without all design code):

Code: Select all

<?php 
session_start(); // Alltid överst på sidan 
 
include "connect.php"; // Databasanslutningen 
 
// Inloggning 
if (isset($_POST['submit'])){ 
 
  $_POST = db_escape($_POST); 
  
  $sql = "SELECT id FROM members 
         WHERE username='{$_POST['username']}' 
         AND password='".md5($_POST['password'])."'"; 
  $result = mysql_query($sql) or die(mysql_error());
  $sql2 = "SELECT level FROM members 
         WHERE username='{$_POST['username']}' 
         AND password='".md5($_POST['password'])."'"; 
  $result2 = mysql_query($sql2) or die(mysql_error());
  $medlemskap = mysql_fetch_array($result2) or die(mysql_error());
  
  // Hittades inte användarnamn och lösenord 
  // skicka till formulär med felmeddelande 
  if (mysql_num_rows($result) == 0){ 
    header("Location: index.php?badlogin="); 
    exit; 
  } 
  
  // Sätt sessionen med unikt index 
  $_SESSION['sess_id'] = mysql_result($result, 0, 'id'); 
  $_SESSION['sess_user'] = $_POST['user']; 
  $_SESSION['level'] = mysql_result($result, 0, 'level'); 
  header("Location: welcome.php"); 
  exit; 
} 
 
// Utloggning 
if (isset($_GET['logout'])){ 
  session_unset(); 
  session_destroy(); 
  header("Location: index.php"); 
  exit; 
} 
?> 
<?php 
// Om inte inloggad visa formulär, annars logga ut-länk 
if (!isset($_SESSION['sess_user'])){ 
echo "design #1";
} else { 
echo "diffrent design";
}
?>
Why does it show twice?
Page you can see:
http://wmegn.mine.nu/afterdarkdate/

Thanks
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Can you show us the design code? There's nothing wrong with what you've shown so far. I'm betting you're just outputing a variable twice.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

what's "it" ?
NiGHTFiRE
Forum Contributor
Posts: 156
Joined: Sun May 14, 2006 10:36 am
Location: Sweden

Post by NiGHTFiRE »

I meant it as: design.
So why does the design show twice.
Okey here is my full code with design:

Code: Select all

<?php 
session_start(); // Alltid överst på sidan 
 
include "connect.php"; // Databasanslutningen 
 
// Inloggning 
if (isset($_POST['submit'])){ 
 
  $_POST = db_escape($_POST); 
  
  $sql = "SELECT id FROM members 
         WHERE username='{$_POST['username']}' 
         AND password='".md5($_POST['password'])."'"; 
  $result = mysql_query($sql) or die(mysql_error());
  $sql2 = "SELECT level FROM members 
         WHERE username='{$_POST['username']}' 
         AND password='".md5($_POST['password'])."'"; 
  $result2 = mysql_query($sql2) or die(mysql_error());
  $medlemskap = mysql_fetch_array($result2) or die(mysql_error());
  
  // Hittades inte användarnamn och lösenord 
  // skicka till formulär med felmeddelande 
  if (mysql_num_rows($result) == 0){ 
    header("Location: index.php?badlogin="); 
    exit; 
  } 
  
  // Sätt sessionen med unikt index 
  $_SESSION['sess_id'] = mysql_result($result, 0, 'id'); 
  $_SESSION['sess_user'] = $_POST['user']; 
  $_SESSION['level'] = mysql_result($result, 0, 'level'); 
  header("Location: welcome.php"); 
  exit; 
} 
 
// Utloggning 
if (isset($_GET['logout'])){ 
  session_unset(); 
  session_destroy(); 
  header("Location: index.php"); 
  exit; 
} 
?> 
<?php 
// Om inte inloggad visa formulär, annars logga ut-länk 
if (!isset($_SESSION['sess_user'])){ 
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />
<link href=\"stylesheet.css\" type=\"text/css\" rel=\"stylesheet\" />

<title>After Dark Date - AfterDarkDate.se</title>
</head>

<body>
<div id=\"wrap\">
	<div id=\"top\">
		<div class=\"t_left\"><a href=\"index.php\"><img src=\"img/logo_387x72.jpg\" alt=\"G&aring; till f&ouml;rstasidan. (AfterDarkDate)\" width=\"387\" height=\"72\" border=\"0\" /></a></div>
		<div class=\"t_right\">
			<form action=\"index.php\" method=\"post\">
					Användanamn:<br />
					<input name=\"username\" class=\"login_input\" type=\"text\" /><br />
					Lösenord:<br />
					<input class=\"login_input\" type=\"password\" name=\"password\" />
					<br />
					<input type=\"submit\" value=\"Logga in\" />
			</form>
			<a href=\"#\">Glömt lösenordet?</a><br />
			<a href=\"register.php\">Registrera dig här!</a>
		</div>
	</div>
	<div id=\"topmenu\">
		<ul id=\"t_menu\">
			<li><a href=\"#\">Länk</a></li>
			<li><a id=\"t_current\" href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
		</ul>
	</div>
	<div id=\"main\">
		<div id=\"left\">
			<div id=\"searchbar\">
				<form action=\"\" method=\"get\">
					<input name=\"\" id=\"s_input\" type=\"text\" />
					<input name=\"S&ouml;k\" type=\"button\" id=\"s_button\" value=\"S&ouml;k\" />
				</form>
			</div>
			
			<h4>Normal text </h4>
			<!-- Content -->
			<div class=\"content\">
				<div class=\"c_top\"></div>
				<div class=\"c_main\">
					<p>";
  echo "Du måste logga in uppe till höger om du vill vara en del av AfterDarkDate's underbara värld"; 
  
  // Visa felmeddelande vid felaktig inloggning 
  if (isset($_GET['badlogin'])){ 
    echo "Fel användarnamn eller lösenord!<br>\n"; 
    echo "Försök igen!\n"; 
  } 
echo "
					</p>
				</div>
				<div class=\"c_bottom\"></div>
			</div>
			<br />
			<!-- End of Content -->
			<h4>Form</h4>
			<!-- Content -->
			<div class=\"content\">
				<div class=\"c_top\"></div>
				<div class=\"c_main\">
					<table width=\"480\" cellspacing=\"3\">
						<tr>
							<td width=\"97\">Textf&auml;lt:</td>
							<td width=\"377\"><input name=\"Input\" type=\"text\" size=\"60\" /></td>
						</tr>
						<tr>
							<td>Submitknapp:</td>
							<td><input name=\"button\" type=\"button\" value=\"Knapp\" /></td>
						</tr>
						<tr>
							<td>Checkbox:</td>
							<td><input type=\"checkbox\" class=\"checkbox\" name=\"checkbox\" value=\"checkbox\" /></td>
						</tr>
						<tr>
							<td>Radioknapp:</td>
							<td><input name=\"radiobutton\" class=\"radiobutton\" type=\"radio\" value=\"radiobutton\" /></td>
						</tr>
						<tr>
							<td>Lista:</td>
							<td><select name=\"select\">
									<option>Lista</option>
								</select>
							</td>
						</tr>
					</table>
				</div>
				<div class=\"c_bottom\"></div>
			</div>
			<br />
			<!-- End of Content -->
			
			<!-- Stor annons -->	
			<a href=\"#\"><img src=\"img/adds/annons_stor_450x60.jpg\" width=\"450\" height=\"60\" border=\"0\" class=\"storannons\" /></a>	
			<!-- End of Stor annons -->
		</div>
		<div id=\"right\">
		
			<!-- Right Menu -->
			<div id=\"right_menu\">
				<div id=\"r_menu\">
					<ul>
						<li><a href=\"#\">Länk</a></li>
						<li><a href=\"#\">Länk</a></li>
						<li><a id=\"r_current\" href=\"#\">Länk</a></li>
						<li><a href=\"#\">Länk</a></li>
						<li><a href=\"#\">Länk</a></li>
						<li><a href=\"#\">Länk</a></li>
					</ul>
				</div>
			<div id=\"r_bottom_graph\"></div>
			</div>
			<!-- End of Right Menu -->
			
			<div>
				<div class=\"r_headline\">
					<h6>Exercition</h6>
				</div>
				<div class=\"r_content\">
				Unt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed.</div>
			</div>
			
			<div>
				<div class=\"r_headline\">
					<h6>Exercition</h6>
				</div>
				<div class=\"r_content\">
				Unt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed.</div>
			</div>
			
			<!-- Liten annons -->
			<a href=\"#\"><img src=\"img/adds/annons_liten_200x150.jpg\" width=\"200\" height=\"150\" border=\"0\" class=\"litenannons\" /></a>
			<!-- End of Liten annons -->
		</div>
		<br class=\"clear\" />
	</div>

	<div id=\"footer\">
		<div class=\"floatleft\">All Right Reserved Copyright &copy; 2006-2007 AfterDarkDate.se</div>
		<div class=\"floatright\"><a href=\"#\">Om oss</a> | <a href=\"#\">Personuppgifts Policy</a> | <a href=\"#\">Kontakta oss</a></div>
	</div>
</div>
</body>
</html>";
 
} else { 

echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />
<link href=\"stylesheet.css\" type=\"text/css\" rel=\"stylesheet\" />

<title>After Dark Date - AfterDarkDate.se</title>
</head>

<body>
<div id=\"wrap\">
	<div id=\"top\">
		<div class=\"t_left\"><a href=\"index.php\"><img src=\"img/logo_387x72.jpg\" alt=\"G&aring; till f&ouml;rstasidan. (AfterDarkDate)\" width=\"387\" height=\"72\" border=\"0\" /></a></div>
		<div class=\"t_right\">";
		 echo "<a href=\"index.php?logout=\">Logga ut</a><br><br><br>\n"; 
		 echo "Kronor: ";
		 echo "<br>";
		 echo "Medlemskap: ";
		 if($medlemskap == 0) {
		 echo "Vanlig Medlem";
		 } elseif($medlemskap == 1) {
		 echo "Plus Medlem";
		 } else {
		 echo "Administratör";
		 }
		 echo "<br>";
 
} 
echo "
		</div>
	</div>
	<div id=\"topmenu\">
		<ul id=\"t_menu\">
			<li><a href=\"#\">Länk</a></li>
			<li><a id=\"t_current\" href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
			<li><a href=\"#\">Länk</a></li>
		</ul>
	</div>
	<div id=\"main\">
		<div id=\"left\">
			<div id=\"searchbar\">
				<form action=\"\" method=\"get\">
					<input name=\"\" id=\"s_input\" type=\"text\" />
					<input name=\"S&ouml;k\" type=\"button\" id=\"s_button\" value=\"S&ouml;k\" />
				</form>
			</div>
			
			<h4>Normal text </h4>
			<!-- Content -->
			<div class=\"content\">
				<div class=\"c_top\"></div>
				<div class=\"c_main\">
					<p>";
  echo "Du måste logga in uppe till höger om du vill vara en del av AfterDarkDate's underbara värld"; 
  
  // Visa felmeddelande vid felaktig inloggning 
  if (isset($_GET['badlogin'])){ 
    echo "Fel användarnamn eller lösenord!<br>\n"; 
    echo "Försök igen!\n"; 
  } 
echo "
					</p>
				</div>
				<div class=\"c_bottom\"></div>
			</div>
			<br />
			<!-- End of Content -->
			<h4>Form</h4>
			<!-- Content -->
			<div class=\"content\">
				<div class=\"c_top\"></div>
				<div class=\"c_main\">
					<table width=\"480\" cellspacing=\"3\">
						<tr>
							<td width=\"97\">Textf&auml;lt:</td>
							<td width=\"377\"><input name=\"Input\" type=\"text\" size=\"60\" /></td>
						</tr>
						<tr>
							<td>Submitknapp:</td>
							<td><input name=\"button\" type=\"button\" value=\"Knapp\" /></td>
						</tr>
						<tr>
							<td>Checkbox:</td>
							<td><input type=\"checkbox\" class=\"checkbox\" name=\"checkbox\" value=\"checkbox\" /></td>
						</tr>
						<tr>
							<td>Radioknapp:</td>
							<td><input name=\"radiobutton\" class=\"radiobutton\" type=\"radio\" value=\"radiobutton\" /></td>
						</tr>
						<tr>
							<td>Lista:</td>
							<td><select name=\"select\">
									<option>Lista</option>
								</select>
							</td>
						</tr>
					</table>
				</div>
				<div class=\"c_bottom\"></div>
			</div>
			<br />
			<!-- End of Content -->
			
			<!-- Stor annons -->	
			<a href=\"#\"><img src=\"img/adds/annons_stor_450x60.jpg\" width=\"450\" height=\"60\" border=\"0\" class=\"storannons\" /></a>	
			<!-- End of Stor annons -->
		</div>
		<div id=\"right\">
		
			<!-- Right Menu -->
			<div id=\"right_menu\">
				<div id=\"r_menu\">
					<ul>
						<li><a href=\"#\">Länk</a></li>
						<li><a href=\"#\">Länk</a></li>
						<li><a id=\"r_current\" href=\"#\">Länk</a></li>
						<li><a href=\"#\">Länk</a></li>
						<li><a href=\"#\">Länk</a></li>
						<li><a href=\"#\">Länk</a></li>
					</ul>
				</div>
			<div id=\"r_bottom_graph\"></div>
			</div>
			<!-- End of Right Menu -->
			
			<div>
				<div class=\"r_headline\">
					<h6>Exercition</h6>
				</div>
				<div class=\"r_content\">
				Unt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed.</div>
			</div>
			
			<div>
				<div class=\"r_headline\">
					<h6>Exercition</h6>
				</div>
				<div class=\"r_content\">
				Unt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed.</div>
			</div>
			
			<!-- Liten annons -->
			<a href=\"#\"><img src=\"img/adds/annons_liten_200x150.jpg\" width=\"200\" height=\"150\" border=\"0\" class=\"litenannons\" /></a>
			<!-- End of Liten annons -->
		</div>
		<br class=\"clear\" />
	</div>

	<div id=\"footer\">
		<div class=\"floatleft\">All Right Reserved Copyright &copy; 2006-2007 AfterDarkDate.se</div>
		<div class=\"floatright\"><a href=\"#\">Om oss</a> | <a href=\"#\">Personuppgifts Policy</a> | <a href=\"#\">Kontakta oss</a></div>
	</div>
</div>
</body>
</html>"; 
?>
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Whoa! You should really consider putting your page into a template - that's pretty difficult to look through.

Nonetheless, I did. After your "Visa felmeddelande vid felaktig inloggning" comment (I'm not even going to pretend I know what it says), you output the whole page again. I've gone through and simplified the page so you can see what I mean:

Code: Select all

<?php
session_start(); // Alltid överst på sidan
 
include "connect.php"; // Databasanslutningen
 
// Inloggning
if (isset($_POST['submit']))
{
  $_POST = db_escape($_POST);
  $sql = "SELECT id FROM members
         WHERE username='{$_POST['username']}'
         AND password='".md5($_POST['password'])."'";
  $result = mysql_query($sql) or die(mysql_error());
  $sql2 = "SELECT level FROM members
         WHERE username='{$_POST['username']}'
         AND password='".md5($_POST['password'])."'";
  $result2 = mysql_query($sql2) or die(mysql_error());
  $medlemskap = mysql_fetch_array($result2) or die(mysql_error());
  
  // Hittades inte användarnamn och lösenord
  // skicka till formulär med felmeddelande
  if (mysql_num_rows($result) == 0){
    header("Location: index.php?badlogin=");
    exit;
  }
  
  // Sätt sessionen med unikt index
  $_SESSION['sess_id'] = mysql_result($result, 0, 'id');
  $_SESSION['sess_user'] = $_POST['user'];
  $_SESSION['level'] = mysql_result($result, 0, 'level');
  header("Location: welcome.php");
  exit;
}
 
// Utloggning
if (isset($_GET['logout'])){
  session_unset();
  session_destroy();
  header("Location: index.php");
  exit;
}
?>
<?php
// Om inte inloggad visa formulär, annars logga ut-länk
if (!isset($_SESSION['sess_user']))
{
  echo "Start document";

  // Visa felmeddelande vid felaktig inloggning
  if (isset($_GET['badlogin']))
  {
    echo "error";
  }
  echo "end document";
} 
else 
{
  echo "Start document";
}
echo "links"

// Visa felmeddelande vid felaktig inloggning
if (isset($_GET['badlogin']))
{
  echo "errors";
}
echo "page a second time";
?>
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
NiGHTFiRE
Forum Contributor
Posts: 156
Joined: Sun May 14, 2006 10:36 am
Location: Sweden

Post by NiGHTFiRE »

I took away the last // Visa felmeddelande vid felaktig inloggning

Code: Select all

if (isset($_GET['badlogin'])) 
{ 
  echo "errors"; 
}
but i still get the same error.

Yeah, i know i need to use templates but first i gotta learn howto use them in a smart way.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Remove the echo "page a second time"; code.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
NiGHTFiRE
Forum Contributor
Posts: 156
Joined: Sun May 14, 2006 10:36 am
Location: Sweden

Post by NiGHTFiRE »

Thanks works now :)
Post Reply