Code doesn't do what I think it should but no error message

Beginners - Learning PHP
#1

Hi Guys,

Thank you for your help with my previous post. This problem is a carry on from that. My registration form now works perfectly and I will post the code below. Im now having trouble with my submit form.

The form Im using is very simple - message, screen name and password. First of all I would like to check to make sure all the necessary fields have been filled out.

I would then like to check the database agains the screen name for an existing record. If one doesn’t exist I would like to point them to the registration page, if it does I would like to check that the password entered is correct.

If the password is correct I would like the message “story” to be submitted to a separate table along with the screen name. This is what I have come up with…

Submit form
[php]<?php
//This makes sure they did not leave any fields blank

if (!$_POST[‘story’] | !$_POST[‘screen_name’] ) {

	die('You did not complete all of the required fields');

}

// Connection to database
$con = mysql_connect(“database”,“user”,“pass”);
if (!$con)
{
die('Could not connect: ’ . mysql_error());
}

mysql_select_db(“database”) or die(mysql_error());

$qry = “SELECT screen_name FROM login WHERE screen_name=’$screen_name’ AND pass=’”.addslashes($_POST[‘pass’])."’";
$result = mysql_query($qry);

if(mysql_num_rows($result) > 0) {
$sql=“INSERT INTO banter (story, screen_name)
VALUES
(’$_POST[story]’,’$_POST[screen_name]’)”;

if (!mysql_query($sql,$con))
{
die('Error: ’ . mysql_error());
}
echo “Thank You for posting”;

mysql_close($con);
}

?>[/php]

I know at the moment the code looks for the record where both the password and screen name match. Ideally I would like this to be separate so that the user can distinguish whether the username is incorrect or the password

Registration Form
[php]<?php
// Connection to database
$con = mysql_connect(“database”,“user”,“pass!”);
if (!$con)
{
die('Could not connect: ’ . mysql_error());
}

mysql_select_db(“database”) or die(mysql_error());

//This makes sure they did not leave any fields blank

if (!$_POST[‘screen_name’] | !$_POST[‘pass’] | !$_POST[‘pass2’] ) {

	die('You did not complete all of the required fields');

}

// checks if the username is in use

if (!get_magic_quotes_gpc()) {

	$_POST['screen_name'] = addslashes($_POST['screen_name']);

}

$usercheck = $_POST[‘screen_name’];

$check = mysql_query(“SELECT screen_name FROM login WHERE screen_name = ‘$usercheck’”)

or die(mysql_error());

$check2 = mysql_num_rows($check);

//if the name exists it gives an error

if ($check2 != 0) {

	die('Sorry, the username '.$_POST['screen_name'].' is already in use.');

			}

//this makes sure both passwords entered match

if ($_POST['pass'] != $_POST['pass2']) {

	die('Your passwords did not match. ');

}



//encrypt the password and add slashes if needed

$_POST['pass'] = md5($_POST['pass']);

if (!get_magic_quotes_gpc()) {

	$_POST['pass'] = addslashes($_POST['pass']);

	$_POST['screen_name'] = addslashes($_POST['screen_name']);

		}

// now we insert it into the database
$sql=“INSERT INTO login (title, forename, surname, dob, email, screen_name, pass)
VALUES
(’$_POST[title]’,’$_POST[forename]’,’$_POST[surname]’,’$_POST[dob]’,’$_POST[email]’,’$_POST[screen_name]donkey’,’$_POST[pass]’)”;

if (!mysql_query($sql,$con))
{
die('Error: ’ . mysql_error());
}
echo “Thank You for registering a screen name. You can now post freely :)”;

mysql_close($con);

?>[/php]

Many Thanks,

Sam

#2

I forgot to add whats happening at the moment. After I hit submit I just get a black white screen and no new entry is inserted in the database. I know the insert into statement is correct because if i just use this and fill the fields in it works perfectly.

Sam

#3

First of all sorry about my english.

You can use die function to print something.

you must use :
echo “XXXXXXXXXXXXXXXXXXX”;
die();

I think the problem was in if sentences :
if (!$_POST[‘story’] | !$_POST[‘screen_name’] ) {

i think you want to write an OR, in if sentences it’s write with “||”
you must write :
if (!$_POST[‘story’] || !$_POST[‘screen_name’] ) {

#4

Hi Kikesv,

Thank you for your suggestion but its not that. I dont understand why its not submitting to the database I know this bit as right as it works perfectly by itself

[php]<?php
// Connection to database
$con = mysql_connect(“database”,“user”,“pass”);
if (!$con)
{
die('Could not connect: ’ . mysql_error());
}

mysql_select_db(“database”) or die(mysql_error());

$qry = “SELECT screen_name FROM login WHERE screen_name=’$screen_name’ AND pass=’”.addslashes($_POST[‘pass’])."’";
$result = mysql_query($qry);

if(mysql_num_rows($result) > 0) {
$sql=“INSERT INTO banter (story, screen_name)
VALUES
(’$_POST[story]’,’$_POST[screen_name]’)”;

if (!mysql_query($sql,$con))
{
die('Error: ’ . mysql_error());
}
echo “Thank You for posting”;

mysql_close($con);
}

?>[/php]

Therefore i’m concluding that its not the submitting to the database part that the problem. It must be an issue verifying the existing data.

So confused!

Sam

#5

I cracked it guys,

[php]<?php
//This makes sure they did not leave any fields blank

if (!$_POST[‘story’] | !$_POST[‘screen_name’] ) {

	die('You did not complete all of the required fields');

}

// Connection to database
$con = mysql_connect(“database”,“user”,“pass”);
if (!$con)
{
die('Could not connect: ’ . mysql_error());
}

mysql_select_db(“database”) or die(mysql_error());

$result = mysql_query(“SELECT * FROM login
WHERE screen_name=’$_POST[screen_name]’”);

if(mysql_num_rows($result) > 0)

// I would like to add the password check here. I would like the code to take the row found from the initial search and check the password with that of the one entered on the submit form. Basically i want a function like “select password from result and check against password entered”

{
$sql=“INSERT INTO banter (story, screen_name)
VALUES
(’$_POST[story]’,’$_POST[screen_name]’)”;

if (!mysql_query($sql,$con))
{
die('Error: ’ . mysql_error());
}
echo “Thank You for posting”;

mysql_close($con);
}

else
echo “Your username does not match our records”;

?>[/php]

I just need to add the password check now any suggestions?

Sam

#6

if (!$_POST[‘story’] | !$_POST[‘screen_name’] ) {
SHOULD DEFINITELY BE:
if (!$_POST[‘story’] || !$_POST[‘screen_name’] ) {
As for the last part, I would set the action of the form to checker.php instead of checking then posting in this scenario. That’s because you can only post to one page with a form:
checker.php would be simply checking if the username/password combination exists and creates a cookie if it is wrong to send the user to the registration page. Otherwise it logs you in. That’s the easiest I can think of.

In my case, I know MYSQL databases are pretty much safe, but logging in is a difficult topic.
MY SOLUTION
Keep a table with 5 fields per row:
un
pass
ready
key
finder

On my site what I did was kept one row for each user and password and that would always stay the same. When logging in though, generate a random number and add it to the finder column with the username and password in the first two columns. Then generate a random key and add this to the key column (make sure nobody else is using either). You would set ready to 3 as soon as this is done. Now create three cookies. The first two cookies are encrypted with the key you generated. The third is the finder. Now all you have to do to check the user is logged in is:

  1. Use the finder to find the correct row
  2. Decrypt the username and password cookie with the key in that row
  3. Check if ready is 3 to see if he is logged in
  4. When logged out, leave the key the same but change the finder to 0 so it cannot be found but when hackers try to log in falsely the key will stop them in their tracks unless they used the actual log in page, also set ready to 2.

That should leave all the evidence that the user is logged in. It’s basically unhackable as long as nobody gets in the database (which they won’t). If you try to cipher the password in the cookie, you don’t know the key because it’s in the database. If a hacker tries to log in falsely, you would know because the username and password wouldn’t match with any in the database when they are decrypted, and ready wouldn’t be set to 3. You can let other users also check if somebody is online.

It’s the best I can think of although it may have workarounds because I thought of it myself, but if you want to use databases and cookies it’s the safest it gets…

#7

Hi Tomy,

Thank you for your reply. I completely understand what you are saying but I just want to tell you a little more about the site so you can give your comments on the best way to proceed. What i’m trying to create is basically a localised version of sites like fmylife.com and trulad.com. The whole site is public - the only point of the registration is to register a screen_name and the only point of the login is so we don’t get people posting under someone else’s screen name.

The simplest way i could think of doing this is to just make the user enter there screen_name and password every time they want to submit a post. Most people will only be posting once a day. That way no cookies would be required.

I have set everything up successfully now the only problem i’m having is matching the password when people submit a post with that stored in the database.

This topic explains the problem in more detail and contains the code i am using for the registration page and the submit page. If you are able to have a look and see if you can spot something i’d be extremely grateful. This is the last thing i need for the basic structure before I can begin on the customer side of stuff and its taking me hours! I don’t get whats wrong.

http://www.phphelp.com/forum/index.php/topic,13533.0.html

Many Thanks,

Sam

Sponsor our Newsletter | Privacy Policy | Terms of Service