Page 1 of 1

Page Not Loading

Posted: Tue Nov 27, 2007 10:23 am
by 4Boredom
Were with a non profit org trying to send a notice of a new volunteer system out today... but the system is BROKEN

When you login here... http://www.nhforhealthcarepurplepoints.org/ .. NOTHING happens.. below is the process page

Code: Select all

<?php
ob_start();

require_once("/home/nhforhealthcare/public_html/main.php");
if(isset($_POST['remember'])){
	if($_POST['remember']!="checked"){
		setcookie('RememberMe', '',  time() - 3600);
		unset($_COOKIE['RememberMe']);
	} else {
		$inTwoMonths = 60 * 60 * 24 * 60 + time(); 
		setcookie('RememberMe', $_POST['username'], $inTwoMonths); 
	}
}
if(isset($_POST['destination'])){
	$destination = $_POST['destination'];
}

if(isset($_POST['username'])){
	if(!isset($_POST['password'])){
		print('That username/password combination is invalid. Either click here to log in as a different user or sign up and get an account at our signup page.');
		include 'login.php'; 
		exit;
	} elseif(empty($_POST['password']) || ""==$_POST['password']){
		print('That username/password combination is invalid. Either click here to log in as a different user or sign up and get an account at our signup page.');
		include 'login.php'; 
		exit;
	}
	
	$username = $_POST['username'];
	// Get Passwords (Submitted and In database)
	$get_pass = mysql_query("SELECT * FROM userbase WHERE username = '{$username}' ");
	if(!$get_pass){
		print("Error in database connection.");
	}
	$get_pass = mysql_fetch_array($get_pass);
	$database_pass = $get_pass['password'];
	$pass = $_POST['password'];
	//If password is not vaild display error message 
	if($pass != $database_pass){
		print('That username/password combination is invalid. Either click here to log in as a different user or sign up and get an account at our signup page.');
		include 'login.php'; 
		exit;
	} elseif($pass == $database_pass) {
	//Sign-in
	
	
	$date = date('m d, Y');
	$time = time();
	$_SESSION['username'] = $username;
	$_SESSION['password'] = $_POST['password'];
	$_SESSION['login_time'] = $time;
	$_SESSION['login_date'] = $date;
	$_SESSION['loggedin'] = 1;
	
	// Send to locaton
	if(!$destination){
		header("Location: usermenu.php");
		echo "<meta http-equiv=\"refresh\" content=\"0;url=usermenu.php\">";
	} else {
		$destination =  base64_decode($destination); 
		header("Location: $destination");
		echo "<meta http-equiv=\"refresh\" content=\"0;url=$destination\">";
	}
}


} else {
// Otherwise just show login.php
	include 'login.php'; 
	header("Location: login");
}
ob_flush();
?>

Posted: Tue Nov 27, 2007 11:10 am
by RobertGonzalez
Turn on error reporting and run it again.

Code: Select all

<?php
// Add this to the top of your code
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);
?>
As a side note, typically adding URGENT to your post or title will not garner you greater priority.

Posted: Tue Nov 27, 2007 11:39 am
by 4Boredom
thanks everah!

this is my error

Warning: main(/home/nhforhealthcare/public_html/main.php) [function.main]: failed to open stream: No such file or directory in /hermes/bosweb01/b141/sl.nhforhealthcare/public_html/process_login.php on line 6

Fatal error: main() [function.require]: Failed opening required '/home/nhforhealthcare/public_html/main.php' (include_path='.:/usr/local/lib/php-4.4.7/lib/php') in /hermes/bosweb01/b141/sl.nhforhealthcare/public_html/process_login.php on line 6

and on main it reported to an error opening my db.php file

im trying to work this with my host now, THANKS!

Re: Page Not Loading

Posted: Tue Nov 27, 2007 12:18 pm
by Chalks
4Boredom wrote:

Code: Select all

<?php
//...
	$username = $_POST['username'];
	// Get Passwords (Submitted and In database)
	$get_pass = mysql_query("SELECT * FROM userbase WHERE username = '{$username}' ");
	if(!$get_pass){
		print("Error in database connection.");
	}
	$get_pass = mysql_fetch_array($get_pass);
	$database_pass = $get_pass['password'];
	$pass = $_POST['password'];
	//If password is not vaild display error message 
	if($pass != $database_pass){
		print('That username/password combination is invalid. Either click here to log in as a different user or sign up and get an account at our signup page.');
		include 'login.php'; 
		exit;
	} elseif($pass == $database_pass) {
	//Sign-in
//...
?>
I have two issues with the above code snippet. First, it looks like you're not escaping the input before doing a mysql query. Check out mysql_real_escape_string(). Also, it looks like you're storing your passwords in your database in plaintext. It is a _much_ better idea to store them as a hash (I prefer feyd's sha256).

4Boredom wrote:Warning: main(/home/nhforhealthcare/public_html/main.php) [function.main]: failed to open stream: No such file or directory in /hermes/bosweb01/b141/sl.nhforhealthcare/public_html/process_login.php on line 6

Fatal error: main() [function.require]: Failed opening required '/home/nhforhealthcare/public_html/main.php' (include_path='.:/usr/local/lib/php-4.4.7/lib/php') in /hermes/bosweb01/b141/sl.nhforhealthcare/public_html/process_login.php on line 6
I _think_ that this means that you are looking in the wrong places for your include files. Double check the path.

Posted: Tue Nov 27, 2007 1:02 pm
by 4Boredom
yeah i called the host and they changed stuff on the servers and it all all wrong path.. thanks!

Posted: Tue Nov 27, 2007 1:27 pm
by RobertGonzalez
Just a small suggestion... if you can, code things like this locally on your computer so you can test with all error reporting maxed out. Then, in the live server you can do some quick testing before making sure error_reporting is a lower level and display_errors is off.

Posted: Tue Nov 27, 2007 1:38 pm
by 4Boredom
yeah you are right.. im looking to get a 2nd computer solely as a test server so i can get more dedicated to design now that im done college