If...else statement is not returning what I want it to.

I have the following if...else statement, but I can't seem to figure out why it is not working.  Do you mind taking a look and seeing what I am missing?  Right now I am not getting any errors nor am I getting my friendly error message.
<?php
	session_start;
	
	include("includes/db.php");
	include("includes/constants.php");
	
	if($_POST['image-click']) {
		$username = $_POST['username'];
		$password = md5($_POST['password']);
		
		$findUser = "SELECT username, password
			FROM login
			WHERE password = '" . $password . "'";
		$user = mysql_query($findUser) or die("The error is: " . mysql_error());
		
		if(mysql_num_rows($user) > 0) {
			$_SESSION['username'] = $username;
			header("location:/admin/index.php");
			exit();
		} else {
			$result = "The information you typed in does not match the records in the database.  Please try again.";
		}
	}
?>

Open in new window

LVL 1
pingeyegAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hieloCommented:
try this:
<?php
      session_start();
      
      include("includes/db.php");
      include("includes/constants.php");
      
      if( isset($_POST['image-click']) && !empty($_POST['image-click'])) {
            $username = $_POST['username'];
            $password = md5($_POST['password']);
            
            $findUser = "SELECT username, password
                  FROM login
                  WHERE password = '" . $password . "'";
            $user = mysql_query($findUser) or die("The error is: " . mysql_error());
            
            if(mysql_num_rows($user) > 0) {
                  $_SESSION['username'] = $username;
                  header("location:/admin/index.php");
                  exit();
            } else {
                  $result = "The information you typed in does not match the records in the database.  Please try again.";
            }
      }
	 else
	 {
	 	echo "No image-click submitted";
	 }
?>

Open in new window

0
darron_chapmanCommented:
session_start;  should be

session_start();

0
Roger BaklundCommented:
Line 2, session_start; should be session_start();

Line 21, you are not outputing the message. Add this:

echo $result;
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Roger BaklundCommented:
Line 18 is also wrong, you should include the full URL:

header("Location: http://yourdomain/admin/index.php");
0
Roger BaklundCommented:
The user lookup query is weak, what if multiple users have the same password?
$findUser = "SELECT username, password
                  FROM login
                  WHERE username='$username' AND password = '$password'";

Open in new window

0
pingeyegAuthor Commented:
Well this is just plain weird.  I have added the parens to session_start();.  I have added the full URL to the header.  I have added the output if the submit button was not clicked, but I am still not getting sent to the admin home page.
0
pingeyegAuthor Commented:
cxr, I can understand where you are coming from, but since this is a test CMS for customers to check out on their own, I only require one username and password for everyone.
0
darron_chapmanCommented:
Can you post your login page code?
0
pingeyegAuthor Commented:
<?php
      session_start();
      
      include("includes/db.php");
      include("includes/constants.php");
      
      if($_POST['image-click']) {
            $username = $_POST['username'];
            $password = md5($_POST['password']);
            
            $findUser = "SELECT username, password
                  FROM login
                  WHERE password = '" . $password . "' and username = '" . $username . "'";
            $user = mysql_query($findUser) or die("The error is: " . mysql_error());
            
            if(mysql_num_rows($user) > 0) {
                  $_SESSION['username'] = $username;
                  header("Location:http://cms.goodboyweb.com/admin/index.php");
                  exit();
            } else {
                  $result = "The information you typed in does not match the records in the database.  Please try again.";
            }
      } else {
            echo "No image click was submitted";
      }
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
        "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
      <title></title>
      <link type="text/css" href="/admin/style/cmsadmin.css" rel="stylesheet">
</head>
<body>
      <div class="wrapper">
            <div class="header">
                  
            </div>
            <div class="admin-top">
                  <img src="/admin/images/admin-top.png">
            </div>
            <div class="admin-middle">
                  <div class="login-position">
                        <div class="login">
                              <div class="login-title">
                                    <?= CMS_LOGIN ?>
                              </div>
                              <div class="login-instructions">
                                    <?= CMS_INSTRUCTIONS ?>
                                          <p><a href="/">Back to home page</a></p>
                              </div>
                              <div class="login-area">
                                    <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
                                          <table cellpadding="5">
                                                <tr><td>
                                                      Username:
                                                </td><td>
                                                      <input class="login-input" type="text" name="username">
                                                </td></tr>
                                                <tr><td>
                                                      Password:
                                                </td><td>
                                                      <input class="login-input" type="password" name="password">
                                                </td></tr>
                                                <tr><td colspan="2" align="center">
                                                      <button class="button"><img src="/admin/images/enter-btn.png"></button>
                                                      <input type="hidden" name="image-click" value="1">
                                                </td></tr>
                                          </table>
                                    </form>
                              </div>
                              <?php
                                    if(isset($_POST['image-click'])) {
                                          echo "<div class=error>$result</div>";
                                    } elseif(!isset($_POST['image-click'])) {
                                          echo "";
                                    }
                              ?>
                        </div>
                  </div>
            </div>
            <div class="admin-bot">
                  <img src="/admin/images/admin-bot.png">
            </div>
      </div>
</body>
</html>
0
hieloCommented:
header("Location: /admin/index.php");

space after the colon. Also add:
echo $result;

in the else clause.
0
hieloCommented:
change:
<button class="button"><img src="/admin/images/enter-btn.png"></button>
 
to:
<input type="image" src="/admin/images/enter-btn.png" />

Open in new window

0
pingeyegAuthor Commented:
hielo, in your second to last remark, I'm not really following you on that one.  What do you mean by place the $result after the colon?
0
darron_chapmanCommented:
do you have error reporting turned off?  I think there is something else going on... also.. you don't actually need

else {
            echo "No image click was submitted";
      }

(only for testing purposes)
0
pingeyegAuthor Commented:
darron_chapman, I realize that.  And yes, error reporting is turned on.
0
Roger BaklundCommented:
In the header() function call, there must be a space after "Location:" and before your URL. Full URL is recommended, though relative URL (starting with /admin) will work in most cases.

You are not outputing the error message:

            } else {
                  $result = "The information you typed in does not match the records in the database.  Please try again.";
            }
 
# change this to:
 
            } else {
                  $result = "The information you typed in does not match the records in the database.  Please try again.";
                  echo $result;
            }

Open in new window

0
hieloCommented:

<?php
      session_start();
      
      include("includes/db.php");
      include("includes/constants.php");
      
      if( isset($_POST['image-click']) && !empty($_POST['image-click']) ){
            $username = $_POST['username'];
            $password = md5($_POST['password']);
            
            $findUser = "SELECT username, password
                  FROM login
                  WHERE password = '" . $password . "' and username = '" . $username . "'";
            $user = mysql_query($findUser) or die("The error is: " . mysql_error());
            
            if(mysql_num_rows($user) > 0) {
                  $_SESSION['username'] = $username;
                  header("Location: http://cms.goodboyweb.com/admin/index.php");
                  exit();
            } else {
                  $result = "The information you typed in does not match the records in the database.  Please try again.";
			   echo $result;
            }
      } else {
            echo "No image click was submitted";
      }
?>
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
        "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
      <title></title>
      <link type="text/css" href="/admin/style/cmsadmin.css" rel="stylesheet">
</head>
<body>
      <div class="wrapper">
            <div class="header">
                  
            </div>
            <div class="admin-top">
                  <img src="/admin/images/admin-top.png">
            </div>
            <div class="admin-middle">
                  <div class="login-position">
                        <div class="login">
                              <div class="login-title">
                                    <?= CMS_LOGIN ?>
                              </div>
                              <div class="login-instructions">
                                    <?= CMS_INSTRUCTIONS ?>
                                          <p><a href="/">Back to home page</a></p>
                              </div>
                              <div class="login-area">
                                    <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
                                          <table cellpadding="5">
                                                <tr><td>
                                                      Username:
                                                </td><td>
                                                      <input class="login-input" type="text" name="username">
                                                </td></tr>
                                                <tr><td>
                                                      Password:
                                                </td><td>
                                                      <input class="login-input" type="password" name="password">
                                                </td></tr>
                                                <tr><td colspan="2" align="center">
                                                      <input type="image" src="/admin/images/enter-btn.png" />
                                                      <input type="hidden" name="image-click" value="1">
                                                </td></tr>
                                          </table>
                                    </form>
                              </div>
                              <?php
                                    if(isset($_POST['image-click'])) {
                                          echo "<div class=error>$result</div>";
                                    } elseif(!isset($_POST['image-click'])) {
                                          echo "";
                                    }
                              ?>
                        </div>
                  </div>
            </div>
            <div class="admin-bot">
                  <img src="/admin/images/admin-bot.png">
            </div>
      </div>
</body>
</html>

Open in new window

0
darron_chapmanCommented:
the asker is outputting the error message here:

if(isset($_POST['image-click'])) {
   echo "<div class=error>$result</div>";
}

there is no need to echo $result right after setting it....
0
pingeyegAuthor Commented:
heilo, as of right now when I click on the submit button, I am still getting the error friendly message "No image click was submitted".  I'm not longer getting my other error friendly message stating their information was incorrect.
0
Roger BaklundCommented:
This seems to be one file containing both the html form and the php code. There should be no echo statements before the DOCTYPE. Remove "echo $result;" from line 22, and also the echo in line 25.
0
pingeyegAuthor Commented:
darron_chapman, the reason I am doing that is to display the error message "Your information was entered incorrectly" if the submit button was clicked and the information was incorrect.
0
pingeyegAuthor Commented:
cxr, those echo statments were only for testing purposes.
0
Roger BaklundCommented:
When I test your login page now, WITHOUT entering username or password, I get message "The information you typed in does not match the records in the database. Please try again." in a red box below the login box. It is also showed at the top of the page. You do not need those test echo statements anymore.
0
hieloCommented:
Try renaming your hidden field. Instead of:
name="image-click"

try:
name="imageClick"

you will need to also change all your
$_POST['image-click'] to $_POST['imageClick']
0
pingeyegAuthor Commented:
I just don't see why this is so difficult.  It is a simple login page.  I've done these several times before.  WTF!
0
pingeyegAuthor Commented:
cxr, I have taken those extra ones out.
0
pingeyegAuthor Commented:
What appears to be happening is the username and password are correct, but the header is not doing its job.
0
hieloCommented:
>> but the header is not doing its job.
I suspect that when the page is redirected to admin/index.php, then admin/index.php incorrectly redirects back to the login page, making it seem as if though the login page is the one with the problem. Examine admin/index.php
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pingeyegAuthor Commented:
This is the only thing that would make that possible, but it appears to be correct.  I took out the absolute URL only for anonymity sake.
session_start();
 
if(!isset($_SESSION['username'])) {
	header("Location:/admin/login.php");
    exit();
}
 
if(!isset($_SESSION['session_count'])) {
	$_SESSION['session_count']=0;
    $_SESSION['session_start']=time();
} else {
    ++$_SESSION['session_count'];
} 
 
$session_timeout = 10000;
 
if(time() - $_SESSION['session_start'] > $session_timeout) {
	header("Location:/admin/logout.php");
    exit();
}
 
$_SESSION['session_start'] = time();

Open in new window

0
pingeyegAuthor Commented:
Apparently I did have something to do with the index.php page.  I removed everything off of it and just placed some text and it went through just fine.  Thanks for everyone's help.  I will be awarding the ones who gave the correct answer.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.