PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hi, I'm pretty new to PHP. I am trying to create a site that takes in a person's username and password. Checks to see if the account exists in the database, and then obtains the user's level (fldUserLevel) to determine which website to send them to. Here is the code I have :
<?php
// initialize my variables
$userName="";
$passWord="";
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// if form has been submitted, validate the information
if (isset($_POST["cmdLogIn"])){
include ("validation_functions.php");
$url="http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
if(!formOK($url)){
die("<p>I am sorry there has been a problem</p>");
}
// initialize my variables to the forms posting
$userName = $_POST["userName"];
$passWord = $_POST["passWord"];
// initialize my variables to the forms posting
$userName = htmlentities($_POST["userName"], ENT_QUOTES);
$passWord = htmlentities($_POST["passWord"], ENT_QUOTES);
$errorMsg=array();
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// begin testing each form element
if($userName==""){
$errorMsg[]="Please enter your username";
} elseif (!verifyAlphaNum ($userName)){
$errorMsg[]="Your Username must be letters and numbers only.";
}
if($passWord==""){
$errorMsg[]="Please enter your password";
} elseif (!verifyAlphaNum ($passWord)){
$errorMsg[]="Your password must be letters and numbers only.";
}
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
if($errorMsg){
echo "<ul>\n";
foreach($errorMsg as $err){
echo "<li style='color: #ff6666'>" . $err . "</li>\n";
}
echo "</ul>\n";
} else {
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// form is valid now we need to save information to the database
// encrypt the password and add slashes if needed
$passWord = md5($passWord);
if (!get_magic_quotes_gpc()) {
$userName = addslashes($userName);
$passWord = addslashes($passWord);
}
$timeStamp = time();
$sql = "SELECT fldUserLevel FROM ";
$sql .="tblUsers WHERE ";
$sql .= "fldUserName='" . htmlentities($_POST['userName']) . "' and ";
$sql .= "fldpassWord='" . $passWord . "';";
//print "<p>SQL: " . $sql;
//reset values in case we redisplay form
$passWord=htmlentities($_POST["passWord"], ENT_QUOTES);
include("connect.inc");
//check to see if you will have any records
$results = $myDatabase->select($sql);
if($results){
$userLevel = $results[0]['fldUserLevel'];
print "<p>userLevel: " . $userLevel;
if($userLevel=0){
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/god.php');
}elseif($userLevel=3){
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/manager.php');
}elseif($userLevel=6){
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/member.php');
}
} else {
print "<p>The username and password you entered is invalid.</p>";
}
}
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Log In</legend>
<label for="userName">Username:</label>
<input type="text" name="userName" maxlength="60" value="<? print $userName; ?>" />
<br />
<label for="passWord">Password:</label>
<input type="password" name="passWord" maxlength="10" value="<? print $passWord; ?>" />
<br />
<input type="submit" name="cmdLogIn" value="Log In" />
</fieldset>
</form>
However the header function is not working the way I have it. Any ideas?
Last edited by Burton333 on Wed Apr 01, 2009 9:26 pm, edited 1 time in total.
In that code it displays the log in menu. When I type in a username and password that are in the database and click log in, depending on the user level(fldUserLevel) it should redirect the user to the assigned page. I had to add =="0" in order for it to enter those if and elseif statements.(Thanks Joel24) Why won't the header methods work though? Should I be entering exit(); somewhere else?
and when I type in a username and password that exists it prints the correct user level assigned to each account. However, I have yet to get the header() method to work. Can I have html code before it all? I have nothing printed, just the !DOCTYPE, title, meta, head and body tags before.
<?
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// set up files to connect to your database
include("db.inc");
include("error.inc");
include("mydb.inc");
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// initialize my variables
$userName="";
$passWord="";
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// if form has been submitted, validate the information
if (isset($_POST["cmdLogIn"])){
include ("validation_functions.php");
$url="http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
if(!formOK($url)){
die("<p>I am sorry there has been a problem</p>");
}
// initialize my variables to the forms posting
$userName = $_POST["userName"];
$passWord = $_POST["passWord"];
// initialize my variables to the forms posting
$userName = htmlentities($_POST["userName"], ENT_QUOTES);
$passWord = htmlentities($_POST["passWord"], ENT_QUOTES);
$errorMsg=array();
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// begin testing each form element
if($userName==""){
$errorMsg[]="Please enter your username";
} elseif (!verifyAlphaNum ($userName)){
$errorMsg[]="Your Username must be letters and numbers only.";
}
if($passWord==""){
$errorMsg[]="Please enter your password";
} elseif (!verifyAlphaNum ($passWord)){
$errorMsg[]="Your password must be letters and numbers only.";
}
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
if($errorMsg){
echo "<ul>\n";
foreach($errorMsg as $err){
echo "<li style='color: #ff6666'>" . $err . "</li>\n";
}
echo "</ul>\n";
} else {
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// form is valid now we need to save information to the database
// encrypt the password and add slashes if needed
$passWord = md5($passWord);
if (!get_magic_quotes_gpc()) {
$userName = addslashes($userName);
$passWord = addslashes($passWord);
}
$timeStamp = time();
$sql = "SELECT fldUserLevel FROM ";
$sql .="tblUsers WHERE ";
$sql .= "fldUserName='" . htmlentities($_POST['userName']) . "' and ";
$sql .= "fldpassWord='" . $passWord . "';";
//print "<p>SQL: " . $sql;
//reset values in case we redisplay form
$passWord=htmlentities($_POST["passWord"], ENT_QUOTES);
include("connect.inc");
//check to see if you will have any records
$results = $myDatabase->select($sql);
if($results){
$userLevel = $results[0]['fldUserLevel'];
//print "<p>userLevel: " . $userLevel;
if($userLevel== "0"){
print "<p>I made it! userLevel: " . $userLevel;
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/god.php');
}elseif($userLevel== "3"){
print "<p>I made it! userLevel: " . $userLevel;
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/manager.php');
}elseif($userLevel== "6"){
print "<p>I made it! userLevel: " . $userLevel;
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/member.php');
}
} else {
print "<p>The username and password you entered is invalid.</p>";
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="author" content="Thomas Lia" />
<meta name="description" content="confirmation page" />
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Log In</legend>
<label for="userName">Username:</label>
<input type="text" name="userName" maxlength="60" value="<? print $userName; ?>" />
<br />
<label for="passWord">Password:</label>
<input type="password" name="passWord" maxlength="10" value="<? print $passWord; ?>" />
<br />
<input type="submit" name="cmdLogIn" value="Log In" />
</fieldset>
</form>
</body>
</html>
It prints out the right user level for each account when I log in, however when I comment that out the header() method still does not work on log in. It just remains on the same page. Any ideas?
when I attempt to log in as any of the accounts in the database. So it is making it to the if statements and entering the correct one when log in is clicked. However, it just does not go to the new page that the header() method references. Why is that?
I found a method that actually printed out the exact file and line number that the headers were already sent on. It turned out to be a space after the ?> at the end of one of my .inc files. I don't think I would have ever been able to find that just by looking. If anyone needs it for future reference it is:
that is just marvelous! a simple routine to test that line numbers are within range of expected line numbers for header would ensure no phantom 'headers' appear. a simply great debugging tool !
it would be next to impossible to check for it otherwise, other than using experience, and indeed saves tons of precious time. thank you.
I got that logIn screen to work and bring the user to the correct page. The page should allow the user to delete certain accounts depending on their user level. However, if they were to delete their own account they should lose access immediately. Also if they were to delete it in one browser, and already be in the page on the same account in another browser, when they click refresh they should be kicked out because their account has been deleted. How do I accomplish this? I believe it has something to do with session variables.
use sesssioning, yes. once you destroy the session used by one browser, the next access, ( by the same or another browser on the same page ) will lead to your login again. a simple session management will do this.