Page 1 of 1

php login and validating code

Posted: Sun Sep 21, 2008 2:34 pm
by yrstruly
For future posting reference, please use the special BBcode tags to enclose code that you post, as I have edited your post, below. This being PHP code, use [ php ] ... [ /php ] around your code (without the spaces). Also, eliminate multiple blank lines that only make your code longer. Your questions will receive much more attention when they are not so difficult to read. -Moderator

Hallo

I would like to build in a code that checks if the user has put in the right details. If i put in this code then it shows the sql code, instead of desplaying the webpage. Can somebody please help me? Here is the login code and the validating code follows.

Code: Select all

 
<?php
require_once("header.html");
?>
 
<?php
require_once('config.php');
if ($_POST['username'] != '' && $_POST['passwd'] != ''){
    
    $user = $_POST[username];
    $password = $_POST[passwd];
    
    $sql = "SELECT * from vehicle WHERE VE_Reg_Number = '$user' and VE_Password= '$password'";
    $result = mysql_query($sql) or die(mysql_error());
    $row = mysql_fetch_assoc($result);
    $num_rows = mysql_num_rows($result);
    
    if (!$num_rows){
        $errormessage = "Incorrect username OR password, please try again";
    }
        
    else{
    
        $_SESSION['veid']   = $user;
        $_SESSION['id']     = $row[VE_ID];
        header("location:ptransactions.php");
    }
}
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LOG BOOK TRACKER</title>
<link href="file:///C|/Documents and Settings/Anthony/Local Settings/Temporary Internet Files/Content.IE5/U2TC5HJO/styles/admin.css" rel="stylesheet" />
</head>
 
<body>
<form id="form1" name="form1" method="post" action="">
  <table width="200" align="center">
    <tr >
      <td colspan="2"><div align="center"><strong>TRACKING LOGIN</strong></div></td>
    </tr>
    <tr align="center" bgcolor="#008DC6">
      <td colspan="2" class="header">LOGIN</td>
    </tr>
      <tr bgcolor="#EEEEEE">
      <td>UserName</td>
      <td><input type="text" class="text" name="username" id="username" /></td>
    </tr>
    <tr bgcolor="#EEEEEE" >
      <td>PassWord</td>
      <td><input type="password" class="text" name="passwd" id="passwd" /></td>
    </tr>
    <tr bgcolor="#008DC6" >
    <td align="right">&nbsp;</td>
      <td><input type="submit" name="submit" class="button" id="button" value="Submit" /></td>
    </tr>
    <tr>
    <td colspan="2" class="loginbox" ><span class="orangebold"><?php print $errormessage;?></span></td>
  </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>
</div>
 
<?php
require_once("footer.html");
?>
</body>
</html>
 
Validating/or checking code/test code

Code: Select all

 
<?php
require_once('config.php');
$registration_number = $_REQUEST['username'];
$password  = $_REQUEST['password'];
 
//Check that password entered is correct and get the clients email address for this vehicle ID
$password_query = "SELECT VE_ID
FROM `vehicle` 
WHERE `VE_Reg_Number` = '$registration_number'
AND `VE_Password` = md5( '$password' ) " ;
echo $password_query;
echo "<br>";
if(!$password_result = mysql_query($password_query)) {
    die("Error with the database. Please try again later");
}
 
if(mysql_num_rows($password_result)== 0) {
    die("Password is incorrect. Please try again.");    
}
$row = mysql_fetch_assoc($password_result);
$Vehicle_ID = $row['VE_ID'];
echo "Vehicle id is $Vehicle_ID<br>";
 
//Get records for this vehicle_id from the 
$petrol_query = "SELECT `PE_Place` , `PE_Date_Time` , `PE_Total_KM` , `PE_KM_Travelled` , `PE_Litres_Used` 
FROM `petrol_entries` 
WHERE `VE_ID` =$Vehicle_ID
ORDER BY `petrol_entries`.`PE_Date_Time` ASC ";
echo $petrol_query;
echo "<br>";
 
if(!$petrol_result = mysql_query($petrol_query)) {
    die("Error with the database. Please try again later");
}
 
if(mysql_num_rows($petrol_result)== 0) {
    die("No records exist");    
}
while($row = mysql_fetch_assoc($petrol_result)) {
    $number_of_entries ++;
    echo "Date: ".$row['PE_Date_Time']."&nbsp;";
    echo "Place: ".$row['PE_Place']."&nbsp;";
    echo "PE_Total_KM: ".$row['PE_Total_KM']."&nbsp;";
    echo "PE_KM_Travelled: ".$row['PE_KM_Travelled']."&nbsp;";
    echo "PE_Litres_Used: ".$row['PE_Litres_Used']."&nbsp;";
    echo "<br>";
}
?>
 
Somebody please help.

Re: php login and validating code

Posted: Sun Sep 21, 2008 4:08 pm
by yacahuma
e then it shows the sql code
What code?

Re: php login and validating code

Posted: Sun Sep 21, 2008 5:24 pm
by califdon
If your raw SQL appears in the browser, it is because you have made a mistake in your PHP syntax, perhaps missing a double quotes or something, so the web server doesn't recognize it as code, but rather something to be sent to the browser.

As for integrating your validation code into the main script (which is what I think you are asking for), there are lots of ways to do that, so you'll have to hope that someone has an hour or two to spend figuring out what your script is all about and then rewriting it all for you and testing it. Good luck.

Re: php login and validating code

Posted: Sun Sep 21, 2008 5:30 pm
by 8ennett
your problem that i see so far is in the script
Validating/or checking code/test code

On line 8 you have $password_query = blah

Then on line 12 directly after the query you have 'echo $password_query'
That is your problem, you aren't running mysql_query($password_query) and just echoing the variable password_query instead!

Like i said, that's all i see so far, if it doesn't work then i'll look through the rest, but for now that's your lot due to tiredness!

Re: php login and validating code

Posted: Sun Sep 21, 2008 6:10 pm
by 8ennett
it is because you have made a mistake in your PHP syntax, perhaps missing a double quotes or something, so the web server doesn't recognize it as code, but rather something to be sent to the browser.
I don't want to seem too out of my depth with this because I am only a new guy at programming PHP (although experienced in other other languages so understand the structure) but the only way a PHP script can enter text in to the html environment is either through an ECHO/PRINT request or through some form of function error debug display, which would make it impossible to pronounce a single line of code, or even a whole list of errors unless the php server was configured to do so (which unless it's a test server is very rare). Are you thinking about how html works?

Re: php login and validating code

Posted: Sun Sep 21, 2008 6:33 pm
by califdon
8ennett wrote:
I don't want to seem too out of my depth with this because I am only a new guy at programming PHP (although experienced in other other languages so understand the structure) but the only way a PHP script can enter text in to the html environment is either through an ECHO/PRINT request or through some form of function error debug display, which would make it impossible to pronounce a single line of code, or even a whole list of errors unless the php server was configured to do so (which unless it's a test server is very rare)!
PHP is a web server preprocessing language, and the web server will send to the browser absolutely everything that it doesn't recognize as PHP code or HTML tags (or Javascript, etc.). So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.

Re: php login and validating code

Posted: Sun Sep 21, 2008 6:53 pm
by 8ennett
So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.
But in my own personal experience, using an apache, php, mysql and smtp capable test server ALWAYS (including web hosts too) give you a blank page if ANY syntax is wrong, UNLESS your php debug settings are active but that doesn't happen on a web host's config and is not default on apache or php installations.

Re: php login and validating code

Posted: Sun Sep 21, 2008 6:55 pm
by califdon
8ennett wrote:
So, for example, if you mangle the <?php tag (leave a space in it or something), it will spew out all the PHP code as if it were HTML text.
But in my own personal experience, using an apache, php, mysql and smtp capable test server ALWAYS (including web hosts too) give you a blank page if ANY syntax is wrong, UNLESS your php debug settings are active but that doesn't happen on a web host's config and is not default on apache or php installations.
Only if it recognizes it as PHP. Try using < ?php (extra space in tag) and see what comes out.

Re: php login and validating code

Posted: Sun Sep 21, 2008 7:17 pm
by 8ennett
between < and ? at the beginning = true but otherwise false, the man did not say it revealed all, only the query he input. if you do not miss out the space between < and ? it will not reveal the code in any case except debug enabled ini's, but is a mistake very rarely made (especially if you use a php recognisition editor) if at all.

Re: php login and validating code

Posted: Sun Sep 21, 2008 7:42 pm
by califdon
8ennett wrote:between < and ? at the beginning = true but otherwise false, the man did not say it revealed all, only the query he input. if you do not miss out the space between < and ? it will not reveal the code in any case except debug enabled ini's, but is a mistake very rarely made (especially if you use a php recognisition editor) if at all.
You've made a good point. Actually, there are a few other specific mistakes that can cause the same behavior, like missing the beginning bracket, but I admit that these are not common situations and if you use an editor that parses and color codes, you should easily spot it. Anyway, it was the first thing that occurred to me when he said that he was seeing raw SQL in his browser. If the web server doesn't recognize something as being within a php block and there's no actual php syntax error detected, it will render it as text. So I guess that boils down to a mangled opening php tag, a smaller exposure than my first comment would justify. Thanks for the discussion.

Re: php login and validating code

Posted: Mon Sep 22, 2008 9:43 am
by 8ennett
It was quite liberating actually lol thanks!

## EDIT ## Like i've said before I'm only a newbie and it's these types of debates that help me, so don't think of me as arrogant, just think of me as someone trying to learn more!