php login and validating code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
yrstruly
Forum Newbie
Posts: 1
Joined: Sun Sep 21, 2008 2:29 pm

php login and validating code

Post by yrstruly »

For future posting reference, please use the special BBcode tags to enclose code that you post, as I have edited your post, below. This being PHP code, use [ php ] ... [ /php ] around your code (without the spaces). Also, eliminate multiple blank lines that only make your code longer. Your questions will receive much more attention when they are not so difficult to read. -Moderator

Hallo

I would like to build in a code that checks if the user has put in the right details. If i put in this code then it shows the sql code, instead of desplaying the webpage. Can somebody please help me? Here is the login code and the validating code follows.

Code: Select all

 
<?php
require_once("header.html");
?>
 
<?php
require_once('config.php');
if ($_POST['username'] != '' && $_POST['passwd'] != ''){
    
    $user = $_POST[username];
    $password = $_POST[passwd];
    
    $sql = "SELECT * from vehicle WHERE VE_Reg_Number = '$user' and VE_Password= '$password'";
    $result = mysql_query($sql) or die(mysql_error());
    $row = mysql_fetch_assoc($result);
    $num_rows = mysql_num_rows($result);
    
    if (!$num_rows){
        $errormessage = "Incorrect username OR password, please try again";
    }
        
    else{
    
        $_SESSION['veid']   = $user;
        $_SESSION['id']     = $row[VE_ID];
        header("location:ptransactions.php");
    }
}
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LOG BOOK TRACKER</title>
<link href="file:///C|/Documents and Settings/Anthony/Local Settings/Temporary Internet Files/Content.IE5/U2TC5HJO/styles/admin.css" rel="stylesheet" />
</head>
 
<body>
<form id="form1" name="form1" method="post" action="">
  <table width="200" align="center">
    <tr >
      <td colspan="2"><div align="center"><strong>TRACKING LOGIN</strong></div></td>
    </tr>
    <tr align="center" bgcolor="#008DC6">
      <td colspan="2" class="header">LOGIN</td>
    </tr>
      <tr bgcolor="#EEEEEE">
      <td>UserName</td>
      <td><input type="text" class="text" name="username" id="username" /></td>
    </tr>
    <tr bgcolor="#EEEEEE" >
      <td>PassWord</td>
      <td><input type="password" class="text" name="passwd" id="passwd" /></td>
    </tr>
    <tr bgcolor="#008DC6" >
    <td align="right">&nbsp;</td>
      <td><input type="submit" name="submit" class="button" id="button" value="Submit" /></td>
    </tr>
    <tr>
    <td colspan="2" class="loginbox" ><span class="orangebold"><?php print $errormessage;?></span></td>
  </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>
</div>
 
<?php
require_once("footer.html");
?>
</body>
</html>
 
Validating/or checking code/test code

Code: Select all

 
<?php
require_once('config.php');
$registration_number = $_REQUEST['username'];
$password  = $_REQUEST['password'];
 
//Check that password entered is correct and get the clients email address for this vehicle ID
$password_query = "SELECT VE_ID
FROM `vehicle` 
WHERE `VE_Reg_Number` = '$registration_number'
AND `VE_Password` = md5( '$password' ) " ;
echo $password_query;
echo "<br>";
if(!$password_result = mysql_query($password_query)) {
    die("Error with the database. Please try again later");
}
 
if(mysql_num_rows($password_result)== 0) {
    die("Password is incorrect. Please try again.");    
}
$row = mysql_fetch_assoc($password_result);
$Vehicle_ID = $row['VE_ID'];
echo "Vehicle id is $Vehicle_ID<br>";
 
//Get records for this vehicle_id from the 
$petrol_query = "SELECT `PE_Place` , `PE_Date_Time` , `PE_Total_KM` , `PE_KM_Travelled` , `PE_Litres_Used` 
FROM `petrol_entries` 
WHERE `VE_ID` =$Vehicle_ID
ORDER BY `petrol_entries`.`PE_Date_Time` ASC ";
echo $petrol_query;
echo "<br>";
 
if(!$petrol_result = mysql_query($petrol_query)) {
    die("Error with the database. Please try again later");
}
 
if(mysql_num_rows($petrol_result)== 0) {
    die("No records exist");    
}
while($row = mysql_fetch_assoc($petrol_result)) {
    $number_of_entries ++;
    echo "Date: ".$row['PE_Date_Time']."&nbsp;";
    echo "Place: ".$row['PE_Place']."&nbsp;";
    echo "PE_Total_KM: ".$row['PE_Total_KM']."&nbsp;";
    echo "PE_KM_Travelled: ".$row['PE_KM_Travelled']."&nbsp;";
    echo "PE_Litres_Used: ".$row['PE_Litres_Used']."&nbsp;";
    echo "<br>";
}
?>
 
Somebody please help.
User avatar
yacahuma
Forum Regular
Posts: 870
Joined: Sun Jul 01, 2007 7:11 am

Re: php login and validating code

Post by yacahuma »

e then it shows the sql code
What code?
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: php login and validating code

Post by califdon »

If your raw SQL appears in the browser, it is because you have made a mistake in your PHP syntax, perhaps missing a double quotes or something, so the web server doesn't recognize it as code, but rather something to be sent to the browser.

As for integrating your validation code into the main script (which is what I think you are asking for), there are lots of ways to do that, so you'll have to hope that someone has an hour or two to spend figuring out what your script is all about and then rewriting it all for you and testing it. Good luck.
User avatar
8ennett
Forum Commoner
Posts: 63
Joined: Sat Sep 06, 2008 7:05 am

Re: php login and validating code

Post by 8ennett »

your problem that i see so far is in the script
Validating/or checking code/test code

On line 8 you have $password_query = blah

Then on line 12 directly after the query you have 'echo $password_query'
That is your problem, you aren't running mysql_query($password_query) and just echoing the variable password_query instead!

Like i said, that's all i see so far, if it doesn't work then i'll look through the rest, but for now that's your lot due to tiredness!
User avatar
8ennett
Forum Commoner
Posts: 63
Joined: Sat Sep 06, 2008 7:05 am

Re: php login and validating code

Post by 8ennett »

it is because you have made a mistake in your PHP syntax, perhaps missing a double quotes or something, so the web server doesn't recognize it as code, but rather something to be sent to the browser.
I don't want to seem too out of my depth with this because I am only a new guy at programming PHP (although experienced in other other languages so understand the structure) but the only way a PHP script can enter text in to the html environment is either through an ECHO/PRINT request or through some form of function error debug display, which would make it impossible to pronounce a single line of code, or even a whole list of errors unless the php server was configured to do so (which unless it's a test server is very rare). Are you thinking about how html works?
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: php login and validating code

Post by califdon »

8ennett wrote:
I don't want to seem too out of my depth with this because I am only a new guy at programming PHP (although experienced in other other languages so understand the structure) but the only way a PHP script can enter text in to the html environment is either through an ECHO/PRINT request or through some form of function error debug display, which would make it impossible to pronounce a single line of code, or even a whole list of errors unless the php server was configured to do so (which unless it's a test server is very rare)!
PHP is a web server preprocessing language, and the web server will send to the browser absolutely everything that it doesn't recognize as PHP code or HTML tags (or Javascript, etc.). So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.
User avatar
8ennett
Forum Commoner
Posts: 63
Joined: Sat Sep 06, 2008 7:05 am

Re: php login and validating code

Post by 8ennett »

So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.
But in my own personal experience, using an apache, php, mysql and smtp capable test server ALWAYS (including web hosts too) give you a blank page if ANY syntax is wrong, UNLESS your php debug settings are active but that doesn't happen on a web host's config and is not default on apache or php installations.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: php login and validating code

Post by califdon »

8ennett wrote:
So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.
But in my own personal experience, using an apache, php, mysql and smtp capable test server ALWAYS (including web hosts too) give you a blank page if ANY syntax is wrong, UNLESS your php debug settings are active but that doesn't happen on a web host's config and is not default on apache or php installations.
Only if it recognizes it as PHP. Try using < ?php (extra space in tag) and see what comes out.
User avatar
8ennett
Forum Commoner
Posts: 63
Joined: Sat Sep 06, 2008 7:05 am

Re: php login and validating code

Post by 8ennett »

between < and ? at the beginning = true but otherwise false, the man did not say it revealed all, only the query he input. if you do not miss out the space between < and ? it will not reveal the code in any case except debug enabled ini's, but is a mistake very rarely made (especially if you use a php recognisition editor) if at all.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: php login and validating code

Post by califdon »

8ennett wrote:between < and ? at the beginning = true but otherwise false, the man did not say it revealed all, only the query he input. if you do not miss out the space between < and ? it will not reveal the code in any case except debug enabled ini's, but is a mistake very rarely made (especially if you use a php recognisition editor) if at all.
You've made a good point. Actually, there are a few other specific mistakes that can cause the same behavior, like missing the beginning bracket, but I admit that these are not common situations and if you use an editor that parses and color codes, you should easily spot it. Anyway, it was the first thing that occurred to me when he said that he was seeing raw SQL in his browser. If the web server doesn't recognize something as being within a php block and there's no actual php syntax error detected, it will render it as text. So I guess that boils down to a mangled opening php tag, a smaller exposure than my first comment would justify. Thanks for the discussion.
User avatar
8ennett
Forum Commoner
Posts: 63
Joined: Sat Sep 06, 2008 7:05 am

Re: php login and validating code

Post by 8ennett »

It was quite liberating actually lol thanks!

## EDIT ## Like i've said before I'm only a newbie and it's these types of debates that help me, so don't think of me as arrogant, just think of me as someone trying to learn more!
Post Reply