Page 1 of 2
logic question
Posted: Wed Jul 18, 2007 11:59 pm
by krraleigh
In this code:
Code: Select all
if(!$_POST['username'] | !$_POST['pass']) {
$loginErr1 = "One or more of the password fields needs to be filled in.!";
header('Location: login.php');
}
If I read this code correctly a blank field for either username or pass establishes the login error?
Then I am redirected to the login page again right?
If this is true how does my $loginErr1 find it's way down here:
Code: Select all
if($loginErr1 || $loginErr2 || $loginErr3 || $loginErr4){
if($loginErr1){
$_SESSION['loginErr'] = $loginErr1;
}else if(loginErr2){
$_SESSION['loginErr'] = $loginErr2;
}else if ($loginErr3) {
$_SESSION['loginErr'] = $loginErr3;
header('location: login.php');
} else if ($loginErr4) {
$_SESSION['loginErr'] = $loginErr4;
header('location: login.php');
}else{
unset($_SESSION['loginErr']);
}
}//if $loginErr
Because the only way my loginErr1 can be stored in the session variable is if it makes it down the page to the above if() statement. So I guess I must misunderstand how the header(location) works?
What is happening is that if $loginErr1 occurs it is echo'd to my page using a session variable.
And if this error does occur it does echo, so does $loginErr2, but loginErr3, and 4 don't work for some reason. Here is the complete code, but I should probably say that might have to completely rewrite this page as it stands as something is very amiss.
The complete code less the html:
Code: Select all
<?php
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
$loginErr1 = "One or more of the password fields needs to be filled in.!";
header('Location: login.php');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$check = mysql_query("SELECT * FROM user WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$loginErr2 = "Please try again! Either you mistyped or your username or password is not on file!";
header('location: login.php');
}
while($info = mysql_fetch_array( $check ))
{
$formpass = stripslashes($_POST['pass']);
$formpass = md5($formpass);
$dbpass = stripslashes($info['password']);
$confirmIDFlag = $info['confirmIDFlag'];
}
//gives error if the password is wrong
if ($formpass != $dbpass){
$loginErr3 = "Please try again! Either you mistyped or your username or password are not on file";
}else if (!$confirmIDFlag){
$loginErr4 = "You have completed registration but have not been added to the database, please be patient!";
}else{
$_SESSION['visitor'] = $info['fName'];
setcookie("userId", $info['id'], time()+60480000);
header('Location: index.php');
}
if($loginErr1 || $loginErr2 || $loginErr3 || $loginErr4){
if($loginErr1){
$_SESSION['loginErr'] = $loginErr1;
}else if(loginErr2){
$_SESSION['loginErr'] = $loginErr2;
}else if ($loginErr3) {
//echo "hello world"; exit;
$_SESSION['loginErr'] = $loginErr3;
header('location: login.php');
} else if ($loginErr4) {
$_SESSION['loginErr'] = $loginErr4;
header('location: login.php');
}else{
unset($_SESSION['loginErr']);
}
}//if $loginErr
} else { // if (!isset($_POST['submit'])) display the webpage
?>
The call on the echo to display the session contents is here:
Code: Select all
<div align="center"><strong><?php echo $_SESSION['loginErr']; ?></strong></div>
Can anyone clarify?
Kevin Raleigh
Posted: Thu Jul 19, 2007 12:02 am
by Benjamin
You should have the entire path in the header location, not a relative path.
You are relying on PHP behavior to control your logic, rather than explicity testing values of variables. I would discourage this. Research the functions empty(), trim() and strlen().
logic error
Posted: Thu Jul 19, 2007 12:11 am
by krraleigh
astions wrote:You should have the entire path in the header location, not a relative path.
You are relying on PHP behavior to control your logic, rather than explicity testing values of variables. I would discourage this. Research the functions empty(), trim() and strlen().
I understand what your saying about the relative path, but you are losing me on explicitly testing values of variables. Can you give me an example?
Also how do empty(), trim(), and strlen() come into play here. I have used strlen() before but I am not sure how you are recommending that I would use any of the functions above. I posted my entire code against my better judgement as I didn't think anyone would want to deal with that much code.
I could use some insight here as my logic must be flawed in several areas?
Thank You
Kevin Raleigh
Posted: Thu Jul 19, 2007 12:13 am
by jmut
Code: Select all
if(!$_POST['username'] | !$_POST['pass']) {
Are you sure you want to use bitwise operator?
I think you are looking for the logical operator Or "||"
logic error
Posted: Thu Jul 19, 2007 12:17 am
by krraleigh
Thanx for the catch
I some example code for login and have been reworking it to fit my needs.
I missed that one.
Thank You
Kevin
logic error
Posted: Thu Jul 19, 2007 12:38 am
by krraleigh
Is this what you are refering to when you say I should use empty()?
Code: Select all
$submit = $_POST['submit'];
if(!empty(submit)){
instead of:
if(isset($_POST['submit']))
Thank You
Kevin
Posted: Thu Jul 19, 2007 12:53 am
by Benjamin
When you use empty, you don't have to check if it's set. empty will return false if the variable is 0, false, null, unset, or an empty string.
When your checking to see if data has been posted, it's best to check for a hidden field. For example..
Code: Select all
<form name="name" action="#" method="post">
<input type="text" name="username" value="" />
<input type="password" name="userpass" value="" />
<input type="hidden" name="perform" value="login" />
<input type="submit" value="login" />
</form>
In which case you can process the submit via..
Code: Select all
<?php
if (!empty($_POST['perform']) && $_POST['perform'] == 'login')
{
// process login..
}
Although I have never ran into it, I understand that it's possible the value of submit may not be posted in some browsers if the user presses enter instead of clicking submit.
Now, when your validating the post data, your code is if($x)
This conditional statement will return true if $x is anything but a non-zero, false value and apparently empty string. I never code this way. What if they post just a single space. This behavior might not be what you want.
I would use regex instead.
For example, I want to make sure the user posts a username that contains nothing but letters, numbers and underscores. The minimum length of the username is 4 characters and the maximum length is 18. Hence I can use the following code..
Code: Select all
if (!empty($_POST['username']) && preg_match('^[a-z\d_]{4,18}$i', $_POST['username']))
{
// the username is ok
}
This gives you much more fine grain control over what is happening in your code. These are a few of the keys to becoming a good programmer. Have you downloaded a copy of the PHP manual yet?
If you use windows there is one in CHM format, otherwise they have one on their site and a downloadable HTML version as well.
I would install linux as well. Linux is cool

logic error
Posted: Thu Jul 19, 2007 1:06 am
by krraleigh
I went in and repaired the errors that you have shown with empty() and set full url paths for my header(location:) but their are errors in my logic that prevent:
1)loginErr3, and 4 from doing their jobs.
I am still puzzeled as to why I have this behavior.
If header(location:) redirects me to another webpage then how am I moving half way down my page of code to a session variable that loads the error message?
This is what really confuses me?
Thank You
Kevin Raleigh
updated code:
Code: Select all
$submit = $_POST['submit'];
$username = $_POST['username'];
$pass = $_POST['pass'];
if(!empty(submit)){//if form has been submitted
// makes sure they filled it in
if(!empty($username) || !empty($pass)) {
$loginErr1 = "One or more of the password fields needs to be filled in.!";
header('Location: login.php');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
}
$check = mysql_query("SELECT * FROM user WHERE username = '".$username."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if (empty($check2)) {
$loginErr2 = "Please try again! Either you mistyped or your username or password is not on file!";
header('location: http://www.1purpose-bethel.org/login.php');
}
while($info = mysql_fetch_array( $check ))
{
$formpass = stripslashes($_POST['pass']);
$formpass = md5($formpass);
$dbpass = stripslashes($info['password']);
$confirmIDFlag = $info['confirmIDFlag'];
}
//gives error if the password is wrong
if ($formpass !== $dbpass){
$loginErr3 = "Please try again! Either you mistyped or your username or password are not on file";
}else if (!$confirmIDFlag){
$loginErr4 = "You have completed registration but have not been added to the database, please be patient!";
}else{
$_SESSION['visitor'] = $info['fName'];
setcookie("userId", $info['id'], time()+60480000);
header('Location: http://www.1purpose-bethel.org/index.php');
}
if(!empty($loginErr1) || !empty($loginErr2) || !empty($loginErr3) || !empty($loginErr4)){
if($loginErr1){
$_SESSION['loginErr'] = $loginErr1;
}else if(loginErr2){
$_SESSION['loginErr'] = $loginErr2;
}else if ($loginErr3) {
//echo "hello world"; exit;
$_SESSION['loginErr'] = $loginErr3;
header('location: http://www.1purpose-bethel.org/login.php');
} else if ($loginErr4) {
$_SESSION['loginErr'] = $loginErr4;
header('location: http://www.1purpose-bethel.org/login.php');
}else{
unset($_SESSION['loginErr']);
}
}//if $loginErr
} else { // if (!isset($_POST['submit'])) display the webpage
?>
Posted: Thu Jul 19, 2007 1:08 am
by Benjamin
Call exit(); after the redirect.
Posted: Thu Jul 19, 2007 1:52 am
by jmut
logic
Posted: Thu Jul 19, 2007 3:56 pm
by krraleigh
I have this:
Code: Select all
$check2 = 0;//mysql_num_rows($check);
if ($check2==0) {
$_SESSION['loginErr'] = "Either you mistyped or your username or password is not on file!";
header('location: http://www.1purpose-bethel.org/login.php');
exit;
}
Now I echo $check2 it comes up 0, but this block of code never executes.
Will you advise?
I read up on the link you provided but
insight appreciated
thank you
Kevin Raleigh
Posted: Thu Jul 19, 2007 4:00 pm
by Benjamin
I just tested the code you posted and it works fine.
logic
Posted: Thu Jul 19, 2007 4:13 pm
by krraleigh
Then how can it possibly fail here?
I deliberately use a username that is not in the db and it never prints my error message:
"Either you mistyped or your username or password is not on file!";
Look for the highlighted block of code around line 25:
if($check2=0) should always execute
Code: Select all
<?php
//if the login form is submitted
$submit = $_POST['submit'];
$username = $_POST['username'];
$pass = $_POST['pass'];
if(!empty($submit)){//if form has been submitted
// makes sure they filled it in
if(empty($username) || empty($pass)) {// increase validation check utilizing validation functions
$_SESSION['loginErr'] = "One or more of your fields needs to be filled in!";
header('location: http://www.1purpose-bethel.org/login.php');
exit;
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
}
$check = mysql_query("SELECT * FROM user WHERE username = '".$username."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
//********************************************************************
if ($check2=0) {
$_SESSION['loginErr'] = "Either you mistyped or your username or password is not on file!";
header('location: http://www.1purpose-bethel.org/login.php');
exit;
}
//************************************************************************
while($info = mysql_fetch_array( $check ))
{
$formpass = stripslashes($_POST['pass']);
$formpass = md5($formpass);
$dbpass = stripslashes($info['password']);
$confirmIDFlag = $info['confirmIDFlag'];
}
//gives error if the password is wrong
if ($formpass != $dbpass){
$_SESSION['loginErr'] = "Please try again! Either you mistyped or your username or password are not on file";
header('location: http://www.1purpose-bethel.org/login.php');
exit;
}else if (empty($confirmIDFlag)){
$_SESSION['loginErr'] = "You have completed registration but have not been added to the database, please be patient!";
header('location: http://www.1purpose-bethel.org/login.php');
exit;
}else{
unset($_SESSION['loginErr']);
$_SESSION['visitor'] = $info['fName'];
setcookie("userId", $info['id'], time()+60480000);
header('Location: http://www.1purpose-bethel.org/index.php');
}
} else { // if (!isset($_POST['submit'])) display the webpage
?>
Kevin

am I asking the wrong question
Posted: Thu Jul 19, 2007 4:37 pm
by krraleigh
This code works as expected:
Code: Select all
$check2 = mysql_num_rows($check);
if (empty($check2)) {
echo '$var is either 0, empty, or not set at all';
exit;
}
This code doesn't evaluate as expected.
Code: Select all
$check = mysql_query("SELECT * FROM user WHERE username = '".$username."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if (empty($check2)) {
$_SESSION['loginErr'] = "Either you mistyped or your username or password is not on file!";
header('location: http://www.1purpose-bethel.org/login.php');
exit;
}
sometimes I get no error message at all and sometimes I get this error message from further down the page when I deliberately use the wrong username and as you can see if the username is wrong it should be caught in the check above:
Code: Select all
if ($formpass != $dbpass){
$_SESSION['loginErr'] = "Please try again! Either you mistyped or your username or password are not on file";
header('location: http://www.1purpose-bethel.org/login.php');
exit;
}
Have to tell you I am very confused as to how this behavior is possible.
Kevin
logic errors
Posted: Thu Jul 19, 2007 5:38 pm
by krraleigh
I found the problem. My code is doing what it is supposed to do, but my messages are not displaying
the way they did in my registration.php file.
Here is what I have:
Code: Select all
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if (empty($check2)) {
$_SESSION['loginErr'] = "your username or password is not in the system";
echo $_SESSION['loginErr']; exit;
header('location: http://www.1purpose-bethel.org/login.php');
}
Now the echo works, but I call the session variable in the body of my page like so:
Code: Select all
<div align="center"><strong><?php echo $_SESSION['loginErr']; ?></strong></div>
But for some reason It won't display my error message in the body of my page consistently.
What is really strange is sometimes it will display the message when I hit f12 to reload the page after making some changes to my code
Is there another way of displaying my errors above my form so that the user won't have to hit the back button if I use die(). die() is really annoying for users.
insight appreciated
thank you
Kevin