Page 4 of 5

Posted: Fri Dec 08, 2006 3:02 pm
by JustinMs66
ok i coded it and i thought i did everything right, but i guess not. when i try to login, it just basically refreshes the page. here is the code i used:

Code: Select all

<form method="POST" action="">
Type Username Here: <input type="text" name="username" size="15">
Type Password Here: <input type="password" name="password" size="15">
<input type="submit" value="submit" name="submit">
</form>

Code: Select all

<?php
// this is ALL new code, to do stuff when the submit button is pressed
include('connect2.php');
mysql_connect($dbhost2, $dbuser2, $dbpass2) or die('Error connecting to mysql');
mysql_select_db($dbname2) or die('Cannot select DB');

if (isset($submit)) // name of submit button
{ $query = "select * from usrauth1 where cuname='$username' and cpass='$password'";
$result = mysql_query($query) ;
$isAuth = false; //set to false originally
while($row = mysql_fetch_array($result))
{
if($row['cuname'] === $username)
{
$isAuth = true;
session_start();
session_register('cuname');
}
}
if($isAuth)
{
print "logged in successfully<br>";
print "<A href=\"" . basename($_SERVER['SCRIPT_FILENAME']) . "\">Refresh</a>";
}
else
print "Wrong username or password";
}
?>

Code: Select all

<?php
session_start();
// all the old code:
$dbhost = 'phpsql1.csscobalt.com';
$dbuser = 'phptest1';
$dbpass = 'phptest1';
$dbname = 'phptest1';
mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_select_db($dbname) or die('Cannot select DB');

$query  = "SELECT `cid`, `csubject`, `cmessage` FROM `deltest1`";
$result = mysql_query($query) or die('Error, query failed ##1');

if (isset($_GET['act']) && $_GET['act'] == 'del')
{
  if (isset($_GET['id']) && $_GET['id'] != null && is_numeric($_GET['id']))
  {
    $id = $_GET['id'];
    $sql_delete = "DELETE FROM `deltest1` WHERE `cid` = $id";
    mysql_query($sql_delete) or die(mysql_error()); // gives errors
    mysql_query("COMMIT") or die(mysql_error()); // gives errors 
    echo 'Record id ' . $id . ' has been deleted...<br />';
  }
} 
while ($row = mysql_fetch_array($result)) 
{
    $id = $row["cid"];
    echo $row["csubject"] . $row["cmessage"];

// and HERE is my new code:
session_start();
if (isset($_SESSION['username']))
{
echo '<a href="' . basename($_SERVER['SCRIPT_FILENAME']) . '?act=del&id=' . $id . '" title="Delete"><img src="http://image.fpsbanana.com/ico/del.gif"></a><br>';
}
else
{
print "Login Please<br>";
}
}
// End New Code
?>
and by the way, "phptest1" is my database, "usrauth1" is my table, and i have 3 rows: "cid", "cuname", "cpass".
little help?

Posted: Fri Dec 08, 2006 3:04 pm
by RobertGonzalez
You are relying on register_globals being on. If it is not, and you attempt to use a passed var in the global scope with out initializing it, your page will not do anything with the data.

Code: Select all

if (isset($submit))
will return false 100% of the time since PHP does not know what that var is.

Posted: Fri Dec 08, 2006 3:05 pm
by JustinMs66
ok so how do i fix that then?
or get arround it, rather?

Posted: Fri Dec 08, 2006 3:07 pm
by RobertGonzalez
You don't get around it, you code securely. Use the super global arrays $_GET, $_POST, $_COOKIE, $_SESSION, etc.

Posted: Fri Dec 08, 2006 3:14 pm
by JustinMs66
ok i changed:

Code: Select all

if (isset($submit))
to

Code: Select all

if (isset($_POST["username"]))
and now when i try to enter it in, it says "Wrong username and password", but i AM using the correct username and password.
any ideas?

Posted: Fri Dec 08, 2006 3:32 pm
by RobertGonzalez
it is just a guess, but I would suspect it has something to do with:

Code: Select all

<?php
if($isAuth)
{
  print "logged in successfully<br>";
  print "<A href=\"" . basename($_SERVER['SCRIPT_FILENAME']) . "\">Refresh</a>";
}
else
{ // You were missing this brace
  print "Wrong username or password";
} 
?>
What is $isAuth?

Posted: Fri Dec 08, 2006 3:52 pm
by JustinMs66
Everah wrote:What is $isAuth?
no idea, i got that code from a tutorial

Posted: Fri Dec 08, 2006 4:44 pm
by RobertGonzalez
Ok dude, I think we are at a point now that you might want to start trying to understand what you are doing. Read the code, line by line, and see if you can figure out what the code is doing.

A lot of members are helping you with stuff, but if we help you do things without you understanding what is happening, you will never get past that phase where you need help.

Try figuring out what the code is doing. Look at the logical progression of the code flow, then try to determine what is happening in it.

http://forums.devnetwork.net/posting.php?mode=reply&t=60

Posted: Mon Dec 11, 2006 3:06 pm
by JustinMs66
ok i tried for about 3 hours to get the mysql database username and password thing to work, but in the end i couldn't do it and i realised i could just have a built-in password without using ANY mysql at all, because i only needed 1, i didn't need multiple accounts or anything.

so here i have my form:

Code: Select all

<form method="POST" action="">
Type Password Here: <input type="password" name="cpass" size="15">
<input type="submit" value="submit" name="submit">
</form>
and in my current php code, where it goes and displays all the "comments" (mysql rows), i put this code in:

Code: Select all

$passvar1=(isset($_POST["cpass"]));
$password1="testpassword1";
if (isset($_POST['submit'])) {
}
if($passvar1 == $password1) {
echo '<a href="' . basename($_SERVER['SCRIPT_FILENAME']) . '?act=del&id=' . $id . '" title="Delete"><img src="http://image.fpsbanana.com/ico/del.gif"></a><br>';
}
else
print "Login to Access This!";
and it kinda works, except for that fact that you can put ANY word in for the password, and it will "login". and after you do "login", it does display everything correctly. but how do i fix it so that it will ONLY login if i have the password "testpassword1" ?

Posted: Mon Dec 11, 2006 5:47 pm
by John Cartwright

Code: Select all

$passvar1=(isset($_POST["cpass"]));
$password1="testpassword1";
You are setting $passvar1 to a boolean, and not the value of $_POST['cpass'].. I think what you wanted to do is

Code: Select all

if (isset($_POST['submit'])) 
{
   $passvar1=(isset($_POST["cpass"]) ? $_POST['cpass'] : '');
   $password1="testpassword1";

   if($passvar1 == $password1)  
   {
      echo '<a href="' . basename($_SERVER['SCRIPT_FILENAME']) . '?act=del&id=' . $id . '" title="Delete"><img src="http://image.fpsbanana.com/ico/del.gif"></a><br>';
   } 
   else 
   {
      print "Login to Access This!";
   }
}
Notice the flow of logic now.

Posted: Tue Dec 12, 2006 2:59 pm
by JustinMs66
wow ok THANKS!!!
it totally works now. but i kind of want to understand what you did :-P

on this line:

Code: Select all

$passvar1=(isset($_POST["cpass"]) ? $_POST['cpass'] : '');
you added:

Code: Select all

? $_POST['cpass'] :
but i'm not sure why or how. i mean what did that do? putt the question mark ("?") and then the same code again. can you try to explain why that made it work?

Posted: Tue Dec 12, 2006 6:04 pm
by AKA Panama Jack
ok wrote:You need to get it from the user or if you want to delete specific message, you can mention it in the PHP code.

Code: Select all

<?php
$sql_delete = "DELETE FROM `deltest1` WHERE `cmessage`=$_GET['cid']";
mysql_query($sql_delete) or die(mysql_error()); 
?>
P.S
`cmessage` most be UNIQUE, else it can delete more then one record(comment).
I assumed that `cmessage` is the message id.
I haven't read every reply yet but I would hope someone pointing out that you don't use single quotes in the array element with the above sql query. It will throw an error.

This is correct...

Code: Select all

<?php
$sql_delete = "DELETE FROM deltest1 WHERE cmessage=$_GET[cid]";
mysql_query($sql_delete) or die(mysql_error()); 
?>
Also using backticks is not needed on anything unless you have used reserved words for table or field names. So you shouldn't used them unless you absolutely have to.

Posted: Tue Dec 12, 2006 6:25 pm
by RobertGonzalez
This is just my opinion, but you should always wrap your array indexes in quotes. Always. The PHP Manual on arrays explains why $foo[bar] is bad. Instead of this...

Code: Select all

<?php
$sql_delete = "DELETE FROM deltest1 WHERE cmessage=$_GET[cid]";
mysql_query($sql_delete) or die(mysql_error());
?>
Might I suggest either

Code: Select all

<?php
$sql_delete = "DELETE FROM deltest1 WHERE cmessage='{$_GET['cid']}'";
mysql_query($sql_delete) or die(mysql_error());
?>
or

Code: Select all

<?php
$sql_delete = 'DELETE FROM deltest1 WHERE cmessage=\'' . $_GET['cid'] . '\'';
mysql_query($sql_delete) or die(mysql_error());
?>
I personally like the first of the two I posted best.

EDIT | I wrapped the searched variable in single quotes assuming that the cmessage field is a non-integer field. If it is an integer field, remove the single quotes around the search var, like this

Code: Select all

<?php
$sql_delete = "DELETE FROM deltest1 WHERE cmessage={$_GET['cid']}";
mysql_query($sql_delete) or die(mysql_error());
?>

Posted: Wed Dec 13, 2006 2:19 pm
by JustinMs66
oh ok thanks for that too.
ok so i got that to work and all, but now i realized that i need to know how to do it with mysql syncronization as well.
so im revisiting that part of it, and i thought i got it to work, but then something went wrong...
it gives me this error:

Code: Select all

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource
and i spent 2 FULL hours with my programming teacher who is pretty damn good with PHP and he couldn't figure it out!

and by the way i am simply trying to get it to work, the next step is getting the cookies + sessions to work, but i'l worry about that later.

oh and also i took the username out, i only need the password to work

here is my code:

Code: Select all

<form method="POST" action="">
Type Password Here: <input type="password" name="cpass" size="15">
<input type="submit" value="submit" name="submit">
</form>

Code: Select all

<?php
include('config.php')
$dbname2 = 'phptest1';

mysql_connect($dbhost2, $dbuser2, $dbpass2) or die('Error connecting to mysql');
mysql_select_db($dbname2) or die('Cannot select DB');

$password=$_POST['cpass'];
$isAuth = false; //set to false originally

// i have this just to test if it will output the password i enter into the password box, and it does!
echo $password . "<br>";

if (isset($_POST['submit']))
 { 
$result2 = mysql_query("SELECT * FROM `usrauth1` WHERE `cpass` = $password", $dbname2) or die('Error ID #3');

while ($row = mysql_fetch_array($result2))
{
if($row['cpass'] === $password)
{
$isAuth = true;
// again, i'l worry about the cookie stuff later.
session_start();
session_register('cpass');
}
}
if($isAuth)
{
print "logged in successfully   ";
print "<A href=''>Refresh</a>";
}
else
print "Wrong Pass ID1";
}
?>
and again, it gives me this error:

Code: Select all

// the password i entered: (temporary for developement use)
test

// mysql generated error:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource

// the error id i posted up above in my code:
Error ID #3
and just for review, i am trying to get it to take in the password i enter in that text field, compare it to the password in my mysql database (password is "test"), and if it is, basically say: yes, if not, say: no. (again, i'l work on the cookies later, im just trying to get this to work.

and if you want to test it, be my guest:
http://csscobalt.com/to_do_list_fpsb/t1/deleteauth8.php
(again, the correct password = "test")

oh and also, this is included in my code to display the comments. thats ok, correct?

little help?

Posted: Wed Dec 13, 2006 5:09 pm
by RobertGonzalez
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource
This error is caused when you either supply an incorrect link identifier or are not connected to the DB server.