pingeyeg
asked on
If...else statement is not returning what I want it to.
I have the following if...else statement, but I can't seem to figure out why it is not working. Do you mind taking a look and seeing what I am missing? Right now I am not getting any errors nor am I getting my friendly error message.
<?php
session_start;
include("includes/db.php");
include("includes/constants.php");
if($_POST['image-click']) {
$username = $_POST['username'];
$password = md5($_POST['password']);
$findUser = "SELECT username, password
FROM login
WHERE password = '" . $password . "'";
$user = mysql_query($findUser) or die("The error is: " . mysql_error());
if(mysql_num_rows($user) > 0) {
$_SESSION['username'] = $username;
header("location:/admin/index.php");
exit();
} else {
$result = "The information you typed in does not match the records in the database. Please try again.";
}
}
?>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Line 2, session_start; should be session_start();
Line 21, you are not outputing the message. Add this:
echo $result;
Line 21, you are not outputing the message. Add this:
echo $result;
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The user lookup query is weak, what if multiple users have the same password?
$findUser = "SELECT username, password
FROM login
WHERE username='$username' AND password = '$password'";ASKER
Well this is just plain weird. I have added the parens to session_start();. I have added the full URL to the header. I have added the output if the submit button was not clicked, but I am still not getting sent to the admin home page.
ASKER
cxr, I can understand where you are coming from, but since this is a test CMS for customers to check out on their own, I only require one username and password for everyone.
Can you post your login page code?
ASKER
<?php
session_start();
include("includes/db.php")
include("includes/constant
if($_POST['image-click']) {
$username = $_POST['username'];
$password = md5($_POST['password']);
$findUser = "SELECT username, password
FROM login
WHERE password = '" . $password . "' and username = '" . $username . "'";
$user = mysql_query($findUser) or die("The error is: " . mysql_error());
if(mysql_num_rows($user) > 0) {
$_SESSION['username'] = $username;
header("Location:http://cms.goodboyweb.com/admin/index.php");
exit();
} else {
$result = "The information you typed in does not match the records in the database. Please try again.";
}
} else {
echo "No image click was submitted";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title></title>
<link type="text/css" href="/admin/style/cmsadmi
</head>
<body>
<div class="wrapper">
<div class="header">
</div>
<div class="admin-top">
<img src="/admin/images/admin-t
</div>
<div class="admin-middle">
<div class="login-position">
<div class="login">
<div class="login-title">
<?= CMS_LOGIN ?>
</div>
<div class="login-instructions"
<?= CMS_INSTRUCTIONS ?>
<p><a href="/">Back to home page</a></p>
</div>
<div class="login-area">
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<table cellpadding="5">
<tr><td>
Username:
</td><td>
<input class="login-input" type="text" name="username">
</td></tr>
<tr><td>
Password:
</td><td>
<input class="login-input" type="password" name="password">
</td></tr>
<tr><td colspan="2" align="center">
<button class="button"><img src="/admin/images/enter-b
<input type="hidden" name="image-click" value="1">
</td></tr>
</table>
</form>
</div>
<?php
if(isset($_POST['image-cli
echo "<div class=error>$result</div>"
} elseif(!isset($_POST['imag
echo "";
}
?>
</div>
</div>
</div>
<div class="admin-bot">
<img src="/admin/images/admin-b
</div>
</div>
</body>
</html>
session_start();
include("includes/db.php")
include("includes/constant
if($_POST['image-click']) {
$username = $_POST['username'];
$password = md5($_POST['password']);
$findUser = "SELECT username, password
FROM login
WHERE password = '" . $password . "' and username = '" . $username . "'";
$user = mysql_query($findUser) or die("The error is: " . mysql_error());
if(mysql_num_rows($user) > 0) {
$_SESSION['username'] = $username;
header("Location:http://cms.goodboyweb.com/admin/index.php");
exit();
} else {
$result = "The information you typed in does not match the records in the database. Please try again.";
}
} else {
echo "No image click was submitted";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title></title>
<link type="text/css" href="/admin/style/cmsadmi
</head>
<body>
<div class="wrapper">
<div class="header">
</div>
<div class="admin-top">
<img src="/admin/images/admin-t
</div>
<div class="admin-middle">
<div class="login-position">
<div class="login">
<div class="login-title">
<?= CMS_LOGIN ?>
</div>
<div class="login-instructions"
<?= CMS_INSTRUCTIONS ?>
<p><a href="/">Back to home page</a></p>
</div>
<div class="login-area">
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<table cellpadding="5">
<tr><td>
Username:
</td><td>
<input class="login-input" type="text" name="username">
</td></tr>
<tr><td>
Password:
</td><td>
<input class="login-input" type="password" name="password">
</td></tr>
<tr><td colspan="2" align="center">
<button class="button"><img src="/admin/images/enter-b
<input type="hidden" name="image-click" value="1">
</td></tr>
</table>
</form>
</div>
<?php
if(isset($_POST['image-cli
echo "<div class=error>$result</div>"
} elseif(!isset($_POST['imag
echo "";
}
?>
</div>
</div>
</div>
<div class="admin-bot">
<img src="/admin/images/admin-b
</div>
</div>
</body>
</html>
header("Location: /admin/index.php");
space after the colon. Also add:
echo $result;
in the else clause.
space after the colon. Also add:
echo $result;
in the else clause.
change:
<button class="button"><img src="/admin/images/enter-btn.png"></button>
to:
<input type="image" src="/admin/images/enter-btn.png" />
ASKER
hielo, in your second to last remark, I'm not really following you on that one. What do you mean by place the $result after the colon?
do you have error reporting turned off? I think there is something else going on... also.. you don't actually need
else {
echo "No image click was submitted";
}
(only for testing purposes)
else {
echo "No image click was submitted";
}
(only for testing purposes)
ASKER
darron_chapman, I realize that. And yes, error reporting is turned on.
In the header() function call, there must be a space after "Location:" and before your URL. Full URL is recommended, though relative URL (starting with /admin) will work in most cases.
You are not outputing the error message:
You are not outputing the error message:
} else {
$result = "The information you typed in does not match the records in the database. Please try again.";
}
# change this to:
} else {
$result = "The information you typed in does not match the records in the database. Please try again.";
echo $result;
}<?php
session_start();
include("includes/db.php");
include("includes/constants.php");
if( isset($_POST['image-click']) && !empty($_POST['image-click']) ){
$username = $_POST['username'];
$password = md5($_POST['password']);
$findUser = "SELECT username, password
FROM login
WHERE password = '" . $password . "' and username = '" . $username . "'";
$user = mysql_query($findUser) or die("The error is: " . mysql_error());
if(mysql_num_rows($user) > 0) {
$_SESSION['username'] = $username;
header("Location: http://cms.goodboyweb.com/admin/index.php");
exit();
} else {
$result = "The information you typed in does not match the records in the database. Please try again.";
echo $result;
}
} else {
echo "No image click was submitted";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title></title>
<link type="text/css" href="/admin/style/cmsadmin.css" rel="stylesheet">
</head>
<body>
<div class="wrapper">
<div class="header">
</div>
<div class="admin-top">
<img src="/admin/images/admin-top.png">
</div>
<div class="admin-middle">
<div class="login-position">
<div class="login">
<div class="login-title">
<?= CMS_LOGIN ?>
</div>
<div class="login-instructions">
<?= CMS_INSTRUCTIONS ?>
<p><a href="/">Back to home page</a></p>
</div>
<div class="login-area">
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<table cellpadding="5">
<tr><td>
Username:
</td><td>
<input class="login-input" type="text" name="username">
</td></tr>
<tr><td>
Password:
</td><td>
<input class="login-input" type="password" name="password">
</td></tr>
<tr><td colspan="2" align="center">
<input type="image" src="/admin/images/enter-btn.png" />
<input type="hidden" name="image-click" value="1">
</td></tr>
</table>
</form>
</div>
<?php
if(isset($_POST['image-click'])) {
echo "<div class=error>$result</div>";
} elseif(!isset($_POST['image-click'])) {
echo "";
}
?>
</div>
</div>
</div>
<div class="admin-bot">
<img src="/admin/images/admin-bot.png">
</div>
</div>
</body>
</html>
the asker is outputting the error message here:
if(isset($_POST['image-cli
echo "<div class=error>$result</div>"
}
there is no need to echo $result right after setting it....
if(isset($_POST['image-cli
echo "<div class=error>$result</div>"
}
there is no need to echo $result right after setting it....
ASKER
heilo, as of right now when I click on the submit button, I am still getting the error friendly message "No image click was submitted". I'm not longer getting my other error friendly message stating their information was incorrect.
This seems to be one file containing both the html form and the php code. There should be no echo statements before the DOCTYPE. Remove "echo $result;" from line 22, and also the echo in line 25.
ASKER
darron_chapman, the reason I am doing that is to display the error message "Your information was entered incorrectly" if the submit button was clicked and the information was incorrect.
ASKER
cxr, those echo statments were only for testing purposes.
When I test your login page now, WITHOUT entering username or password, I get message "The information you typed in does not match the records in the database. Please try again." in a red box below the login box. It is also showed at the top of the page. You do not need those test echo statements anymore.
Try renaming your hidden field. Instead of:
name="image-click"
try:
name="imageClick"
you will need to also change all your
$_POST['image-click'] to $_POST['imageClick']
name="image-click"
try:
name="imageClick"
you will need to also change all your
$_POST['image-click'] to $_POST['imageClick']
ASKER
I just don't see why this is so difficult. It is a simple login page. I've done these several times before. WTF!
ASKER
cxr, I have taken those extra ones out.
ASKER
What appears to be happening is the username and password are correct, but the header is not doing its job.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is the only thing that would make that possible, but it appears to be correct. I took out the absolute URL only for anonymity sake.
session_start();
if(!isset($_SESSION['username'])) {
header("Location:/admin/login.php");
exit();
}
if(!isset($_SESSION['session_count'])) {
$_SESSION['session_count']=0;
$_SESSION['session_start']=time();
} else {
++$_SESSION['session_count'];
}
$session_timeout = 10000;
if(time() - $_SESSION['session_start'] > $session_timeout) {
header("Location:/admin/logout.php");
exit();
}
$_SESSION['session_start'] = time();
ASKER
Apparently I did have something to do with the index.php page. I removed everything off of it and just placed some text and it went through just fine. Thanks for everyone's help. I will be awarding the ones who gave the correct answer.
Open in new window