Page 1 of 1

Displaying the articles when it is not suppose to???

Posted: Wed Aug 09, 2006 11:31 pm
by cturner
My code is displaying the articles regardless of what I type into the form fields and it is not suppose to. Can someone please tell me why this is happening? Thanks in advance. :?
Here is the code that I am working with:

Code: Select all

require "config2.php";

//Only validate if the Submit button was clicked.
if (!empty($_POST['Submit'])) {
$_POST['password'] = md5($_POST['password']);
$login_check = "SELECT * FROM users WHERE username='". mysql_real_escape_string($_POST['username']) . "' AND password ='". mysql_real_escape_string($_POST['password']) . "'";

$login_query = mysql_query ( $login_check ) or die ( 'Query failed. ' . mysql_error () );
$login_result = mysql_result ( $login_query, 0, 0 );

if ($login_result != 1) {
		setcookie ("username", $_POST['username']);
		setcookie ("password", $_POST['password']);
		header('Location: articles.php');
		exit;
} else {
        echo "<center>Sorry, you don't know who you are!</center>";
}
}
mysql_close();

Posted: Thu Aug 10, 2006 12:41 am
by RobertGonzalez
Because your only prevention is checking whether $_POST['Submit'] is empty, which if it is a button, it will never be empty unless it says nothing.

Posted: Thu Aug 10, 2006 12:59 am
by cturner
Made the change Everah and still am having the same problem.
Here is the updated code:

Code: Select all

require "config2.php";

//Only validate if the Submit button was clicked.
if (isset($_POST['Submit'])) {
$_POST['password'] = md5($_POST['password']);
$login_check = "SELECT * FROM users WHERE username='". mysql_real_escape_string($_POST['username']) . "' AND password ='". mysql_real_escape_string($_POST['password']) . "'";

$login_query = mysql_query ( $login_check ) or die ( 'Query failed. ' . mysql_error () );
$login_result = mysql_result ( $login_query, 0, 0 );

if ($login_result != 1) {
		setcookie ("username", $_POST['username']);
		setcookie ("password", $_POST['password']);
		header('Location: articles.php');
		exit;
} else {
        echo "<center>Sorry, you don't know who you are!</center>";
}
}
mysql_close();

Posted: Thu Aug 10, 2006 1:00 am
by RobertGonzalez
Lets get into the logic a little bit... what triggers whether a user can see the articles?

Posted: Thu Aug 10, 2006 2:13 am
by cturner
This is the code for the output below:

Code: Select all

require "config2.php";

if (isset($_COOKIE['username']) && ($_COOKIE['password'])) {
	print "Logged in as: ".$_COOKIE['username']. "<br />";
	print "<a href=logout.php>log out?</a>";
}
// the rest of the code isn't relevant
This is the output:

Code: Select all

Logged in as: cturner
log out?

26 July, 2006                              Other Articles
Testing 123                                Archives
                 Previous 1 2 3 4 Next

Posted: Thu Aug 10, 2006 2:28 am
by RobertGonzalez

Code: Select all

<?php
// If there is a cookie set named 'username' and ...
// If there is a cookie set named 'password' (I really hope this is not what I think it is)
if (isset($_COOKIE['username']) && ($_COOKIE['password'])) {
        // Output the username in the cookie to the browser
        print "Logged in as: ".$_COOKIE['username']. "<br />";

        // Dispay a link
        print "<a href=logout.php>log out?</a>";
}
/**
 * Do you see how your validation check looks for 
 * a 'username' and 'password' cookie, then if there 
 * are two cookies set with those names, it displays 
 * the user name? 
 *
 * The only way the username gets shown is within 
 * the check for set cookies. This would be a nice 
 * little area to do what you want to do.
 **/
?>