Page 1 of 1

keep getting errors

Posted: Tue May 15, 2007 7:07 pm
by ekosoftco
i have this script, its supposed to log in, but i keep getting my own log in error and dont know why.
this is the login.php

Code: Select all

<?
// includes
include("config.php");

// check login and password
// connect and execute query
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
$query = "SELECT id, username, password from user WHERE username = '$frmuser' AND password = PASSWORD('$frmpass')";
$result = mysql_db_query($database, $query, $connection) or die ("Error in query: $query. " . mysql_error());

// if row exists - login/pass is correct
if (mysql_num_rows($result) == 1)
   {
   // initiate a session
   session_start();

   // register the user's ID
   session_register("SESSION_UID");
   list($id, $username, $password) = mysql_fetch_row($result);
   $SESSION_UID = $id;

   // redirect to main page
   header("Location:out.php");
   mysql_free_result ($result);   

   // close connection
   mysql_close($connection);
   }
else
   // login/pass check failed
   {
   mysql_free_result ($result);   
   mysql_close($connection);
   // redirect to error page
   header("Location: error.php?ec=0");
   exit;
   }
?>
and this is the config.php

Code: Select all

<?php
$database="988_polls";
$user = "988_polls";
$pass = "ea14325";
$hostname = "mysql";

// location of file repository
// this should ideally be outside the Web server root
// make sure the server has permissions to read/write files!
$dataDir = "/data/";

// list of allowed file types
$allowedFileTypes = array("image/gif", "text/html", "text/plain", "image/jpeg", "image/pjpeg", "image/png");

// function to format mySQL DATETIME values
function fixDate($val)
{
//split it up into components
$arr = explode(" ", $val);
$timearr = explode(":", $arr[1]);
$datearr = explode("-", $arr[0]);
// create a timestamp with mktime(), format it with date()
return date("d M Y (H:i)", mktime($timearr[0], $timearr[1], $timearr[2], $datearr[1], $datearr[2], $datearr[0]));
}
?>
and this is error.php

Code: Select all

<?

// includes
include("config.php");

switch ($ec)
{
// login failure
case 0:
$message = "There was an error logging you in. <a href=start.html>Please try again.</a>";
break;

// session problem
case 1:
$message = "Please <a href=start.html>log in</a> again.";
break;

// malformed variable/failed query
case 2:
$message = "There was an error performing the requested action. Please <a href=start.html>log in</a> again.";
break;

// file not uploaded
case 11:
$message = "Please upload a valid document.";
break;

// rights not assigned
case 12:
$message = "You must assign view/modify rights to at least one user.";
break;

// illegal file type
case 13:
$message = "That file type is not currently supported.<p>Please upload a document conforming to any of the following file types:<br><ul align=left>";

	foreach($allowedFileTypes as $line)
	{
	$message .= "<li>$line";
	}
$message .= "</ul>";
break;

default:
$message = "There was an error performing the requested action. Please <a href=start.html>log in</a> again.";
break;

}


?>
<html>
<head>
<basefont face="Verdana">
</head>

<body bgcolor="White">

<!-- main menu -->
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td align="left"><a href="/vault/start.html"><img src="images/logo.jpg" width=144 height=72 alt="The Vault" border=0></a></td>
</tr>
</table>


<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td bgcolor="#0000A0">
<b><font face="Arial" color="White">Error</font></b>
</td>
</tr>
</table>

<p>
<? echo $message; ?>
</body>
</html>
i dont know whats goin on, please help someone. :x
it keeps giving me my error[0]
and that means its not logging in, but it connects to the database because i dont get the sql error...so i dont know whats going on...

Posted: Tue May 15, 2007 7:25 pm
by feyd
Where on Earth did you get this script? It's using short tags, session_register(), PASSWORD(), and even appears to rely on register globals. If you found it somewhere, throw it away and keep looking for another. :)

Posted: Tue May 15, 2007 7:35 pm
by ekosoftco
a book i have has a link to it. is there any way to revise this? because its has really good features, unlike any other that is free, just doesnt let me log in -_-
i would really like to use this if i could, just dont see whats wrong with it, it all looks kinda weird from how i usually code though, any know a way to fix it to actually work?
thanks

Posted: Tue May 15, 2007 7:57 pm
by ekosoftco
ok, got the login to work. got another problem, i have this code to add a document.

Code: Select all

<?
/*
All source code copyright and proprietary Melonfire, 2001. All content, brand names and trademarks copyright and proprietary Melonfire, 2001. All rights reserved. Copyright infringement is a violation of law.

This source code is provided with NO WARRANTY WHATSOEVER. It is meant for illustrative purposes only, and is NOT recommended for use in production environments. 

Read more articles like this one at http://www.melonfire.com/community/columns/trog/ and http://www.melonfire.com/
*/

// add.php - add a new document to system

// check for valid session
session_start();
if (!session_is_registered("SESSION_UID"))
{
header("Location:error.php?ec=1");
exit;
}

// includes
include("config.php");
// open a connection to the database
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");

if(!$submit)
{
// form has not been submitted yet -> display form
?>
	<html>
	<head>
	<basefont face="Verdana">
	</head>
	
	<body bgcolor="white">
	<? include("menu.inc");?>
	
	<center>
	<table width="100%" border="0" cellspacing="0" cellpadding="3">
	<tr>
	<td bgcolor="#0000A0">
	<b><font face="Arial" color="White">Add New Document</font></b>
	</td>
	</tr>
	</table>
	
	<table border="0" cellspacing="5" cellpadding="5">
	<!-- for file upload, note ENCTYPE -->
	<form action="<? echo $PHP_SELF; ?>" method="POST" enctype="multipart/form-data">
	
	<tr>
	<td><b>Location</b></td>
	<td colspan=3><input name="file" type="file"></td>
	</tr>
	
	<tr>
	<td><b>Category</b></td>
	<td colspan=3><select name="category">
	<?
	
	// query to get a list of categories 
	$query = "SELECT id, name FROM category ORDER BY name";
	$result = mysql_db_query($database, $query, $connection) or die ("Error in query: $query. " . mysql_error());
	
		while(list($id, $name) = mysql_fetch_row($result)) 
		{ 
		echo "<option value=\"$id\">$name</option>"; 
		}
		
	mysql_free_result ($result);
	?>
	</select></td>
	</tr>
	
	<tr>
	<td valign="top">Description</td>
	<td colspan=3><input type="Text" name="description" size="50"></td>
	</tr>
	
	<tr>
	<td valign="top">Comment</td>
	<td colspan=3><textarea name="comment" rows="4"></textarea></td>
	</tr>
	
	<tr>
	<td valign="top"><b><i>View</i> rights</b></td>
	<td><select name="view[]" multiple>
	<?
	
	// query to get a list of available users
	$query = "SELECT id, username FROM user ORDER BY username";
	$result = mysql_db_query($database, $query, $connection) or die ("Error in query: $query. " . mysql_error());
	
		while(list($id, $username) = mysql_fetch_row($result))
		{
		$str = "<option value=\"$id\"";
		// pre-select logged-in user's name
		if ($id == $SESSION_UID) { $str .= " selected"; }
		$str .= ">$username</option>";
		echo $str;
		}
	?>
	</select></td>
	<td valign="top"><b><i>Modify</i> rights</b></td>
	<td><select name="modify[]" multiple>
	<?
	// same thing
	// don't need to query again!
	mysql_data_seek($result, 0);
	
		while(list($id, $username) = mysql_fetch_row($result))
		{
		$str = "<option value=\"$id\"";
		if ($id == $SESSION_UID) { $str .= " selected"; }
		$str .= ">$username</option>";
		echo $str;
		}
	mysql_free_result ($result);
	mysql_close($connection);
	?>
	</select></td>
	</tr>
	
	<tr>
	<td colspan="4" align="center"><input type="Submit" name="submit" value="Add Document"></td>
	</tr>
	
	</form>
	</table>
	</center>
	
	</body>
	</html>
<?
}
else
{
// form has been submitted -> process data

	// checks
	// no file!
	if ($file_size <= 0) { header("Location:error.php?ec=11"); exit; }
	
	// no users with view rights!
	if (sizeof($view) <= 0) { header("Location:error.php?ec=12"); exit; }
	
	// no users with modify rights!
	if (sizeof($modify) <= 0) { header("Location:error.php?ec=12"); exit; }
	
	// check file type
	foreach($allowedFileTypes as $this)
	{
		if ($file_type == $this) 
		{ 
		$allowedFile = 1;
		break; 
		} 
	}
	
	// illegal file type!
	if ($allowedFile != 1) { header("Location:error.php?ec=13"); exit; }
	
	// all checks completed, proceed!
	
	// INSERT into db
	$query = "INSERT INTO data (category, owner, realname, created, description, comment) VALUES('$category', '$SESSION_UID', '$file_name', NOW(), '$description', '$comment')";
	$result = mysql_db_query($database, $query, $connection) or die ("Error in query: $query. " . mysql_error());
	
	// get id from INSERT operation 
	$fileId = mysql_insert_id($connection);
	
	// INSERT user permissions - view
	for($x=0; $x<sizeof($view); $x++)
	{
	$query = "INSERT INTO perms (fid, uid, rights) VALUES('$fileId', '$view[$x]', '1')";
	$result = mysql_db_query($database, $query, $connection) or die ("Error in query: $query. " . mysql_error());
	}
	
	// INSERT user permissions - modify
	for($x=0; $x<sizeof($modify); $x++)
	{
	$query = "INSERT INTO perms (fid, uid, rights) VALUES('$fileId', '$modify[$x]', '2')";
	$result = mysql_db_query($database, $query, $connection) or die ("Error in query: $query. " . mysql_error());
	}
	
	// use id to generate a file name
	// save uploaded file with new name
	$newFileName = $fileId . ".dat";
	copy($file, $dataDir . $newFileName);
	
	// back to main page
	$message = "Document successfully added";
	header("Location: out.php?message=$message");
	mysql_close($connection);
}
?>
but i get this error

Code: Select all

Fatal error: Cannot re-assign $this in /hosted/subs/ulmb.com/e/k/ekosoftco/public_html/data/add.php on line 150
for this code

Code: Select all

// check file type
	foreach($allowedFileTypes as $this)
	{
		if ($file_type == $this) 
		{ 
		$allowedFile = 1;
		break; 
		} 
	}
its trying to search the file type's allowed in config.php, this is the file

Code: Select all

<?php
$database="988_polls";
$user = "988_polls";
$pass = "ea14325";
$hostname = "mysql";

// location of file repository
// this should ideally be outside the Web server root
// make sure the server has permissions to read/write files!
$dataDir = "/data/";

// list of allowed file types
$allowedFileTypes = array("image/gif", "text/html", "text/plain", "image/jpeg", "image/pjpeg", "image/png");

// function to format mySQL DATETIME values
function fixDate($val)
{
//split it up into components
$arr = explode(" ", $val);
$timearr = explode(":", $arr[1]);
$datearr = explode("-", $arr[0]);
// create a timestamp with mktime(), format it with date()
return date("d M Y (H:i)", mktime($timearr[0], $timearr[1], $timearr[2], $datearr[1], $datearr[2], $datearr[0]));
}
?>
can i replace $this with $line?
or maybe $lineArray?
i have no clue...

Posted: Tue May 15, 2007 8:08 pm
by Begby
As was said previously - That code is garbage. Is your book from the fifties or something?

If you really want to learn PHP, you should start from the beginning and code it from scratch. At least that way you will be able to learn how to do it correctly.

Posted: Tue May 15, 2007 9:42 pm
by ekosoftco
i have a general understanding of how to code in php, i just dont know where to start with anything, thats my problem, this books from 2005 i think, dunno why its so weird, the book itself teaches fine i made a cart buyer system learning from it, but these links it gives from the book to a webpage are garbage, like u said, i was just wondering if there was another way to pull from the array in the config, anyone know? not trying to be mean, but all ive got is its outdated, im not hugely worried about how old the code is right now, im just wondering how to fix the $this error.

Posted: Wed May 16, 2007 12:11 am
by ekosoftco
ive searched for a good 2 hours now and found nothing that can install on my webserver correctly that has a check in/out feature for files. I have found one, but it has its own system files which i cannot upload to my server because it doesnt allow them, the product is called owl, and it has .owl files. so consequently, i would like to fix this if its possible, im only getting that one error so far.

Posted: Wed May 16, 2007 1:22 am
by ekosoftco
*sigh*
i guess ill make my own,
ill be nice and post a tut. if its not too complicated and worth anything
xD