logic question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

logic question

Post by krraleigh »

In this code:

Code: Select all

if(!$_POST['username'] | !$_POST['pass']) {
		$loginErr1 = "One or more of the password fields needs to be filled in.!";
		header('Location: login.php');	   
	}
If I read this code correctly a blank field for either username or pass establishes the login error?
Then I am redirected to the login page again right?

If this is true how does my $loginErr1 find it's way down here:

Code: Select all

if($loginErr1 || $loginErr2 || $loginErr3 || $loginErr4){
		if($loginErr1){
			$_SESSION['loginErr'] = $loginErr1;			
		}else if(loginErr2){
			$_SESSION['loginErr'] = $loginErr2;			
		}else if ($loginErr3) {					
			 $_SESSION['loginErr'] = $loginErr3;
			 header('location: login.php');
        } else if ($loginErr4) {
			 $_SESSION['loginErr'] = $loginErr4;
			 header('location: login.php');
    	}else{
        	 unset($_SESSION['loginErr']);
	    }
    }//if $loginErr
Because the only way my loginErr1 can be stored in the session variable is if it makes it down the page to the above if() statement. So I guess I must misunderstand how the header(location) works?

What is happening is that if $loginErr1 occurs it is echo'd to my page using a session variable.
And if this error does occur it does echo, so does $loginErr2, but loginErr3, and 4 don't work for some reason. Here is the complete code, but I should probably say that might have to completely rewrite this page as it stands as something is very amiss.
The complete code less the html:

Code: Select all

<?php 
//if the login form is submitted 
if (isset($_POST['submit'])) { // if form has been submitted 

	// makes sure they filled it in 
	if(!$_POST['username'] | !$_POST['pass']) {
		$loginErr1 = "One or more of the password fields needs to be filled in.!";
		header('Location: login.php');	   
	}

	// checks it against the database 
	if (!get_magic_quotes_gpc()) { 
	   $_POST['username'] = addslashes($_POST['username']); 
	} 

	$check = mysql_query("SELECT * FROM user WHERE username = '".$_POST['username']."'")or die(mysql_error()); 

	//Gives error if user dosen't exist 
	$check2 = mysql_num_rows($check); 
	if ($check2 == 0) {	  
	  $loginErr2 = "Please try again! Either you mistyped or your username or password is not on file!";
	   header('location: login.php');
	} 

	while($info = mysql_fetch_array( $check ))    
	{ 
	   $formpass = stripslashes($_POST['pass']); 
	   $formpass = md5($formpass); 
	   $dbpass = stripslashes($info['password']); 
	   $confirmIDFlag = $info['confirmIDFlag'];
	}	
		//gives error if the password is wrong 
	   if ($formpass != $dbpass){ 		  
		  $loginErr3 = "Please try again! Either you mistyped or your username or password are not on file";		 
		 }else if (!$confirmIDFlag){
			$loginErr4 = "You have completed registration but have not been added to the database, please be patient!";			
	   	 }else{ 
		  $_SESSION['visitor'] = $info['fName'];
          setcookie("userId", $info['id'], time()+60480000);
		  header('Location: index.php');
	   }
	
	if($loginErr1 || $loginErr2 || $loginErr3 || $loginErr4){
		if($loginErr1){
			$_SESSION['loginErr'] = $loginErr1;			
		}else if(loginErr2){
			$_SESSION['loginErr'] = $loginErr2;			
		}else if ($loginErr3) {
		//echo "hello world"; exit;				
			 $_SESSION['loginErr'] = $loginErr3;
			 header('location: login.php');
        } else if ($loginErr4) {
			 $_SESSION['loginErr'] = $loginErr4;
			 header('location: login.php');
    	}else{
        	 unset($_SESSION['loginErr']);
	    }
    }//if $loginErr
	
	
} else { // if (!isset($_POST['submit'])) display the webpage

?>
The call on the echo to display the session contents is here:

Code: Select all

<div align="center"><strong><?php echo $_SESSION['loginErr']; ?></strong></div>
Can anyone clarify?
Kevin Raleigh
Last edited by krraleigh on Thu Jul 19, 2007 12:14 am, edited 2 times in total.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

You should have the entire path in the header location, not a relative path.

You are relying on PHP behavior to control your logic, rather than explicity testing values of variables. I would discourage this. Research the functions empty(), trim() and strlen().
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

logic error

Post by krraleigh »

astions wrote:You should have the entire path in the header location, not a relative path.

You are relying on PHP behavior to control your logic, rather than explicity testing values of variables. I would discourage this. Research the functions empty(), trim() and strlen().
I understand what your saying about the relative path, but you are losing me on explicitly testing values of variables. Can you give me an example?

Also how do empty(), trim(), and strlen() come into play here. I have used strlen() before but I am not sure how you are recommending that I would use any of the functions above. I posted my entire code against my better judgement as I didn't think anyone would want to deal with that much code.

I could use some insight here as my logic must be flawed in several areas?

Thank You
Kevin Raleigh
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

Code: Select all

if(!$_POST['username'] | !$_POST['pass']) {

Are you sure you want to use bitwise operator?
I think you are looking for the logical operator Or "||"
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

logic error

Post by krraleigh »

Thanx for the catch
I some example code for login and have been reworking it to fit my needs.
I missed that one.

Thank You
Kevin
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

logic error

Post by krraleigh »

Is this what you are refering to when you say I should use empty()?

Code: Select all

$submit = $_POST['submit'];
if(!empty(submit)){

instead of:
if(isset($_POST['submit']))
Thank You
Kevin
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

When you use empty, you don't have to check if it's set. empty will return false if the variable is 0, false, null, unset, or an empty string.

When your checking to see if data has been posted, it's best to check for a hidden field. For example..

Code: Select all

<form name="name" action="#" method="post">
  <input type="text" name="username" value="" />
  <input type="password" name="userpass" value="" />
  <input type="hidden" name="perform" value="login" />  
  <input type="submit" value="login" />  
</form>
In which case you can process the submit via..

Code: Select all

<?php
if (!empty($_POST['perform']) && $_POST['perform'] == 'login')
{
    // process login..
}

Although I have never ran into it, I understand that it's possible the value of submit may not be posted in some browsers if the user presses enter instead of clicking submit.

Now, when your validating the post data, your code is if($x)

This conditional statement will return true if $x is anything but a non-zero, false value and apparently empty string. I never code this way. What if they post just a single space. This behavior might not be what you want.

I would use regex instead.

For example, I want to make sure the user posts a username that contains nothing but letters, numbers and underscores. The minimum length of the username is 4 characters and the maximum length is 18. Hence I can use the following code..

Code: Select all

if (!empty($_POST['username']) && preg_match('^[a-z\d_]{4,18}$i', $_POST['username']))
{
    // the username is ok
}
This gives you much more fine grain control over what is happening in your code. These are a few of the keys to becoming a good programmer. Have you downloaded a copy of the PHP manual yet?

If you use windows there is one in CHM format, otherwise they have one on their site and a downloadable HTML version as well.

I would install linux as well. Linux is cool :)
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

logic error

Post by krraleigh »

I went in and repaired the errors that you have shown with empty() and set full url paths for my header(location:) but their are errors in my logic that prevent:

1)loginErr3, and 4 from doing their jobs.
I am still puzzeled as to why I have this behavior.

If header(location:) redirects me to another webpage then how am I moving half way down my page of code to a session variable that loads the error message?

This is what really confuses me?

Thank You
Kevin Raleigh

updated code:

Code: Select all

$submit = $_POST['submit'];
$username = $_POST['username'];
$pass = $_POST['pass'];

if(!empty(submit)){//if form has been submitted 

	// makes sure they filled it in 
	if(!empty($username) || !empty($pass)) {
		$loginErr1 = "One or more of the password fields needs to be filled in.!";
		header('Location: login.php');	   
	}

	// checks it against the database 
	if (!get_magic_quotes_gpc()) { 
	   $username = addslashes($username); 
	} 

	$check = mysql_query("SELECT * FROM user WHERE username = '".$username."'")or die(mysql_error()); 

	//Gives error if user dosen't exist 
	$check2 = mysql_num_rows($check); 
	if (empty($check2)) {	  
	  $loginErr2 = "Please try again! Either you mistyped or your username or password is not on file!";
	   header('location: http://www.1purpose-bethel.org/login.php');
	} 

	while($info = mysql_fetch_array( $check ))    
	{ 
	   $formpass = stripslashes($_POST['pass']); 
	   $formpass = md5($formpass); 
	   $dbpass = stripslashes($info['password']); 
	   $confirmIDFlag = $info['confirmIDFlag'];
	}	
		//gives error if the password is wrong 
	   if ($formpass !== $dbpass){ 		  
		  $loginErr3 = "Please try again! Either you mistyped or your username or password are not on file";		 
		 }else if (!$confirmIDFlag){
			$loginErr4 = "You have completed registration but have not been added to the database, please be patient!";			
	   	 }else{ 
		  $_SESSION['visitor'] = $info['fName'];
          setcookie("userId", $info['id'], time()+60480000);
		  header('Location: http://www.1purpose-bethel.org/index.php');
	   }
	
	if(!empty($loginErr1) || !empty($loginErr2) || !empty($loginErr3) || !empty($loginErr4)){
		if($loginErr1){
			$_SESSION['loginErr'] = $loginErr1;			
		}else if(loginErr2){
			$_SESSION['loginErr'] = $loginErr2;			
		}else if ($loginErr3) {
		//echo "hello world"; exit;				
			 $_SESSION['loginErr'] = $loginErr3;
			 header('location: http://www.1purpose-bethel.org/login.php');
        } else if ($loginErr4) {
			 $_SESSION['loginErr'] = $loginErr4;
			 header('location: http://www.1purpose-bethel.org/login.php');
    	}else{
        	 unset($_SESSION['loginErr']);
	    }
    }//if $loginErr
	
	
} else { // if (!isset($_POST['submit'])) display the webpage

?>
Last edited by krraleigh on Thu Jul 19, 2007 1:09 am, edited 1 time in total.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Call exit(); after the redirect.
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

logic

Post by krraleigh »

I have this:

Code: Select all

$check2 = 0;//mysql_num_rows($check); 
	
	if ($check2==0) {
	   $_SESSION['loginErr'] = "Either you mistyped or your username or password is not on file!";
	   header('location: http://www.1purpose-bethel.org/login.php');
	   exit;
	}
Now I echo $check2 it comes up 0, but this block of code never executes.

Will you advise?

I read up on the link you provided but :roll:

insight appreciated
thank you
Kevin Raleigh
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I just tested the code you posted and it works fine.
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

logic

Post by krraleigh »

Then how can it possibly fail here?
I deliberately use a username that is not in the db and it never prints my error message:
"Either you mistyped or your username or password is not on file!";

Look for the highlighted block of code around line 25:
if($check2=0) should always execute

Code: Select all

<?php 
//if the login form is submitted 
$submit = $_POST['submit'];
$username = $_POST['username'];
$pass = $_POST['pass'];

if(!empty($submit)){//if form has been submitted 

	// makes sure they filled it in 
	if(empty($username) || empty($pass)) {// increase validation check utilizing validation functions
		$_SESSION['loginErr'] = "One or more of your fields needs to be filled in!";	
		header('location: http://www.1purpose-bethel.org/login.php');
		exit;
	}	
		
	// checks it against the database 
	if (!get_magic_quotes_gpc()) { 
	   $username = addslashes($username); 
	} 

	$check = mysql_query("SELECT * FROM user WHERE username = '".$username."'")or die(mysql_error()); 
		
	//Gives error if user dosen't exist 
	$check2 = mysql_num_rows($check); 
//********************************************************************	
	if ($check2=0) {
	   $_SESSION['loginErr'] = "Either you mistyped or your username or password is not on file!";
	   header('location: http://www.1purpose-bethel.org/login.php');
	   exit;
	} 
//************************************************************************
	while($info = mysql_fetch_array( $check ))    
	{ 	   
	   $formpass = stripslashes($_POST['pass']); 
	   $formpass = md5($formpass); 
	   $dbpass = stripslashes($info['password']); 
	   $confirmIDFlag = $info['confirmIDFlag'];
	}	
	//gives error if the password is wrong 
   if ($formpass != $dbpass){ 
	  $_SESSION['loginErr'] = "Please try again! Either you mistyped or your username or password are not on file";
	  header('location: http://www.1purpose-bethel.org/login.php');
	  exit;
	 }else if (empty($confirmIDFlag)){
	 	$_SESSION['loginErr'] = "You have completed registration but have not been added to the database, please be patient!";	
		header('location: http://www.1purpose-bethel.org/login.php');
	  	exit;
	 }else{ 
	  unset($_SESSION['loginErr']);
	  $_SESSION['visitor'] = $info['fName'];
	  setcookie("userId", $info['id'], time()+60480000);
	  header('Location: http://www.1purpose-bethel.org/index.php');
   	}
	

	
	
} else { // if (!isset($_POST['submit'])) display the webpage

?>
Kevin :roll:
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

am I asking the wrong question

Post by krraleigh »

This code works as expected:

Code: Select all

$check2 = mysql_num_rows($check); 
	if (empty($check2)) {
    echo '$var is either 0, empty, or not set at all';
	exit;
}
This code doesn't evaluate as expected.

Code: Select all

$check = mysql_query("SELECT * FROM user WHERE username = '".$username."'")or die(mysql_error()); 
		
	//Gives error if user dosen't exist 
	$check2 = mysql_num_rows($check); 
	
	if (empty($check2)) {
	   $_SESSION['loginErr'] = "Either you mistyped or your username or password is not on file!";
	   header('location: http://www.1purpose-bethel.org/login.php');
	   exit;
	}
sometimes I get no error message at all and sometimes I get this error message from further down the page when I deliberately use the wrong username and as you can see if the username is wrong it should be caught in the check above:

Code: Select all

if ($formpass != $dbpass){ 
	  $_SESSION['loginErr'] = "Please try again! Either you mistyped or your username or password are not on file";
	  header('location: http://www.1purpose-bethel.org/login.php');
	  exit;
	 }
Have to tell you I am very confused as to how this behavior is possible.

Kevin
krraleigh
Forum Commoner
Posts: 86
Joined: Tue Jul 17, 2007 2:52 pm

logic errors

Post by krraleigh »

I found the problem. My code is doing what it is supposed to do, but my messages are not displaying
the way they did in my registration.php file.

Here is what I have:

Code: Select all

//Gives error if user dosen't exist
  $check2 = mysql_num_rows($check);
  if (empty($check2)) {
  $_SESSION['loginErr'] = "your username or password is not in the system";
  echo $_SESSION['loginErr']; exit;
   header('location: http://www.1purpose-bethel.org/login.php');
  }
Now the echo works, but I call the session variable in the body of my page like so:

Code: Select all

<div align="center"><strong><?php echo $_SESSION['loginErr']; ?></strong></div>
But for some reason It won't display my error message in the body of my page consistently.
What is really strange is sometimes it will display the message when I hit f12 to reload the page after making some changes to my code

Is there another way of displaying my errors above my form so that the user won't have to hit the back button if I use die(). die() is really annoying for users.

insight appreciated
thank you
Kevin
Post Reply