Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

beginner php/html with small problem

  • 11-02-2011 2:39am
    #1
    Closed Accounts Posts: 5,824 ✭✭✭


    Hi guys, learning sql, php, html and css slowly here.

    ive got the basics of sql, html and css covered. im able to develop databases with sql commands and sites with html and css easily.

    however, ive started on php recently and im having a good time with it.

    hit a small snag tonight.

    im writing a login script for a basic site.

    here's what ive done so far.

    created the sql database with xampp, added a few users etc.
    created my index.php
    <html>
    
        <form action='login.php' method='POST'>
           Username: <input type='text' name='username'> <br>
           Password: <input type='password' name='password'> <br>
            <input type='submit' value='Log in'>
        </form>
    </html>
    

    and when i click log in button it takes to the next page called login.

    however, something is afowl here as no matter what i change on the login.php page, it still shows up as a blank document.
    i know its finiding the file as if i remove it, it says page cannot be displayed, so im sure its a coding error.

    here's the code from the login.php
    <?php
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    if ($username&&$password)
    
    
    {
    
    $connect = mysql_connect("localhost", "root", "") or die("couldn't connect!");
    mysql_select_db("phplogin") or die("Couldn't find db");
    
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    
    $numrows = mysql_num_rows($query);
    
    if ($numrows!=0)
    {
      
      while ($row = mysql_fetch_assoc($query))
      {
        
            $dbusername = $row['username'];
            $dbpassword = $row['password'];
    
      }
      
      // check to see if they match!
      if ($username==$dbusername&&$password==$dbpassword)
      {
        
        echo "You're in!";
    
      }
      else
          echo "Incorrect password!";
    
    
    }
    else
        die("that user doesnt exist!");
    
    }
    else
        die("Please enter a username and password!");
    
    
    ?>
    

    im following a youtube guide and its pretty handy. however, ive done exactly as i saw and its still not working...

    someone help me!


Comments

  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    You have $$ before $$numrows = mysql_num_rows($query); as opposed to $
    As for the query itself,
    $query = mysql_query("SELECT * FROM users WHERE username='".$username."'");
    Bit of advice, you're running this on your own PC which is fine but it's good practice to escape the input using mysql_real_escape_string($string), though you have to be connected to the database in order to use this function first!
    Hope this helps!


  • Registered Users, Registered Users 2 Posts: 981 ✭✭✭fasty


    You can set warnings to be outputted to the screen either in code of the PHP.ini for development purposes.

    Have a look at the error_reporting function. It'll make your life so much easier when confronted with blank pages like that!


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    You have $$ before $$numrows = mysql_num_rows($query); as opposed to $
    As for the query itself,
    $query = mysql_query("SELECT * FROM users WHERE username='".$username."'");
    Bit of advice, you're running this on your own PC which is fine but it's good practice to escape the input using mysql_real_escape_string($string), though you have to be connected to the database in order to use this function first!
    Hope this helps!

    removed the $ from numrows, cheers.
    however, even with that line removed the problem still occours.

    and yeah im just running it on localmachine, just trying to get the basics done first.
    fasty wrote: »
    You can set warnings to be outputted to the screen either in code of the PHP.ini for development purposes.

    Have a look at the error_reporting function. It'll make your life so much easier when confronted with blank pages like that!

    checked that link out, and ive no clue what to do with the error reporting...
    i assume its like catch exceptions in java?

    still baffled as to why my code doesnt work tho.


  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    Did you fix the quotes around the username variable?
    Try adding or die(mysql_error()); after all your MySQL queries.


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    Did you fix the quotes around the username variable?
    Try adding or die(mysql_error()); after all your MySQL queries.

    aye ive added the quotes around username, but still no change.

    ive uploaded the files, maybe someone can see whats going on.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    You need to keep the ' before and after the "; so like this, ' ".$username." '
    ' ' lets the query know you are putting in a value from the database, but puting in '$username' means it will look for a row which contains $username as a value, hence you must break the query with " " and insert .$username. between them.
    $query = mysql_query("SELECT * FROM users WHERE username= ' ".$username." ' ");


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    ahh i see.

    nice one.

    still loading into a blank page however.


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    removed the $ from numrows, cheers.
    however, even with that line removed the problem still occours.

    and yeah im just running it on localmachine, just trying to get the basics done first.



    checked that link out, and ive no clue what to do with the error reporting...
    i assume its like catch exceptions in java?

    still baffled as to why my code doesnt work tho.
    No, you will see errors/warnings outputted by PHP on the page so you are bound to see something (that is if PHP is actually working).

    Open the PHP.INI file and set error reporting on by changing:
    error_reporting = E_ALL

    Alternatively you can place this at the start of your PHP file:
    ini_set('display_errors',1);
    error_reporting(E_ALL|E_STRICT);

    But if I were you, I'd create a basic PHP page and see if PHP is even working.

    [php]
    <?php
    echo phpinfo();
    ?>
    [/php]


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    Webmonkey wrote: »
    No, you will see errors/warnings outputted by PHP on the page so you are bound to see something (that is if PHP is actually working).

    Open the PHP.INI file and set error reporting on by changing:
    error_reporting = E_ALL

    Alternatively you can place this at the start of your PHP file:
    ini_set('display_errors',1);
    error_reporting(E_ALL|E_STRICT);

    But if I were you, I'd create a basic PHP page and see if PHP is even working.

    [php]
    <?php
    echo phpinfo();
    ?>
    [/php]

    ok, ive edited the .ini file and set error_reporting = E_ALL

    and ive removed almost everything from my php file, so now all i have is.

    index.php
    <html>
    
        <form action='login.php' method='POST'>
           Username: <input type='text' name='username'> <br>
           Password: <input type='password' name='password'> <br>
            <input type='submit' value='Log in'>
        </form>
    </html>
    

    and my login.php
    <?php
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    if ($username&&$password)
    {
    
    $connect = mysql_connect("localhost", "root", "") or die("Couldn't connect!");
    mysql_select_db("phplogin") or die("Couldnt find db");
    
    
    }
    else
        die("please enter a username and a password!");
    
    ?>
    

    now, that SHOULD do 1 of 2 things.

    when i enter my username and password from the sql database, it should just load a blank page.
    when i just click login, it should give a line of text saying "please enter a username and password"

    but it doesnt...

    so i removed everything in my login.php and placed this in there
    <?php
    echo phpinfo();
    ?> 
    

    and it still loads a blank page..


  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    That's really odd :-(, other then the fact that (in the script you uploaded) you're missing a . after $username, I cannot see anything wrong with it.
    The full stops keep the query stuck together, so they are necessary when you break a query to insert a variable on both ends (i.e., .$var.)


  • Advertisement
  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    as web monkey said, it looks like php isnt running?


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    XAMPP must not be configured correctly. Can you look at the Apache error log. You could try reinstalling XAMPP.

    This is not a problem with your script. The problem is in server configuration.


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    ok, im confused now.

    i went to

    http://localhost/mike/

    which is the folder i have my php pages in.

    it loaded the index.php automatically, so it displayed my login screen.

    i clicked the login button, and it loaded the login.php with the phpinfo code i put in there, and it worked fine.
    then changed the login.php to my own info, and it showed the correct text etc.

    i think i might have been doing something wrong.
    i was just double clicking index.php from the folder on c:/etc and going through it that way


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    You must go via the web server, ie: by going through http://localhost in order for Apache to ask PHP to interpret the page.

    If you load it straight into browser from file, you will see nothing as the web browser sees the literal PHP code and won't output it as it's wrapped in tags. If you go view source the way you 've being doing it before, you'd have seen the PHP code in your source, not interpreted.

    Nothing to be confused about :)


  • Registered Users, Registered Users 2 Posts: 1,763 ✭✭✭ShatterProof


    Just having a quick look at you code and you shouldn't really display the message "that user doesnt exist!" if the user enters an invalid username.

    you would be better off using something like "username / password combination is incorrect"

    Your message lets any potential hacker know that they have a valid username , now they just have to concentrate on the password.


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Just having a quick look at you code and you shouldn't really display the message "that user doesnt exist!" if the user enters an invalid username.

    you would be better off using something like "username / password combination is incorrect"

    Your message lets any potential hacker know that they have a valid username , now they just have to concentrate on the password.
    +1 on this!

    But I assume OP this is just practice for yourself and won't be a real production site.


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    thanks shatterproof, good idea.

    but dont worry, this is 100% strictly being used to just learn the basics of php. Ive no intention of using something this basic online.


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    im having another problem lately.

    ive made a "register.php" page, to let people register, but this happens...
    Notice: Undefined variable: POST in C:\xampp\htdocs\mike\register.php on line 5
    
    Notice: Undefined index: fullname in C:\xampp\htdocs\mike\register.php on line 8
    
    Notice: Undefined index: username in C:\xampp\htdocs\mike\register.php on line 9
    
    Notice: Undefined index: password in C:\xampp\htdocs\mike\register.php on line 11
    
    Notice: Undefined index: repeatpassword in C:\xampp\htdocs\mike\register.php on line 12
    

    here's the register.php code
    <?php
    
    echo "<h1>Register</h1>";
    
    $submit = $POST['submit'];
    
    // form data
    $fullname = $_POST['fullname'];
    $username = $_POST['username'];
    
    $password = $_POST['password'];
    $repeatpassword = $_POST['repeatpassword'];
    
    if ($submit)
    {
    
    
    
    }
    
    ?>
    
    <html>
    
    <form action='register.php' method='POST'>
          <Table>
               <tr>
                   <td>
                   Your full name:
                   </td>
                   <td>
                   <input type='text' name='fullname'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Choose a username:
                   </td>
                   <td>
                   <input type='text' name='username'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Choose a password:
                   </td>
                   <td>
                   <input type='password' name='password'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Repeat your password:
                   </td>
                   <td>
                   <input type='password' name='repeatpassword'>
                   </td>
               </tr>
          </table>
          <p>
          <input type='submit' name='submit' value='Register'>
    </form>
    

    i know its a warning message which is caused by having strict warnings enabled,
    but what can i do to fix it?

    remember, ive only started using php since last night.. but i think im making good progress!


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    The warning says exactly what the problem is.

    [php]$submit = $POST;[/php]

    is wrong.

    [php]$submit = $_POST;[/php]

    When this is fixed, you will end up with a similar error 'submit' index error not defined as the ones below.
    These errors are because you havn't posted/submitted at that stage so the indexes in the $_POST array are not valid.

    Try this:

    [php]
    if (isset($_POST))
    {
    // form data
    $fullname = $_POST;
    $username = $_POST;

    $password = $_POST;
    $repeatpassword = $_POST;
    }
    [/php]


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    ahh i see now. it was reading regardless of wether the submit button had been clicked.

    so, with the if (isset($_POST))

    it will wait until the submit button is clicked.

    nice one dude. really helped me there!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    ahh i see now. it was reading regardless of wether the submit button had been clicked.

    so, with the if (isset($_POST))

    it will wait until the submit button is clicked.

    nice one dude. really helped me there!
    Yeah, isset checks if the variable exists and has a value. It does as a side affect of submitting the form. It's good to check if a variable is set before trying to read it. This will avoid the warnings.

    No prob, must be a fun time when you are learning. Enjoy it while you can :p


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    ok, getting on very well so far.

    hit 3 small problems.

    first problem.
    this.

    Notice: Undefined variable: name in C:\xampp\htdocs\mike\register.php on line 57

    Notice: Undefined variable: date in C:\xampp\htdocs\mike\register.php on line 59

    getting this on this code
    <?php
    
    echo "<h1>Register</h1>";
    
    if (isset($_POST['submit']))
    {
    // form data
    $fullname = strip_tags($_POST['fullname']);
    $username = strtolower(strip_tags($_POST['username']));
    $password = strip_tags($_POST['password']);
    $repeatpassword = strip_tags($_POST['repeatpassword']);
    //$date = .date("Y-m-d");
    
            // open database
            $connect = mysql_connect("localhost", "root", "password");
            mysql_select_db("phplogin"); // select database
    
            $namecheck = mysql_query("Select username FROM users WHERE username='$username'");
            $count = mysql_num_rows($namecheck);
    
            if ($count!=0)
    
            {
               die("Username already taken <br><a href='register.php'>Return to registration page</a>");
            }
    
    
    // check for existence
    if ($fullname&&$username&&$password&&$repeatpassword)
    {
    
    
      if ($password==$repeatpassword)
      {
         if (strlen($username)>25||strlen($fullname)>25)
         {
          echo "length of username or fullname is too long!";
         }
    
         else
         {
    
          if (strlen($password)>25||strlen($password)<6)
           {
            echo "password must be between 6 and 25 charachters";
           }
    
           else
           {
              // register the user!
              // encrypt password
             $password = md5($password);
             $repeatpassword = md5($repeatpassword);
    
            $queryreg = mysql_query("
    
            INSERT INTO users VALUES ('','$name','$username','$password', '$date')
    
            ");
    
            die("You have been registered! <a href='index.php'>Return to login page</a>");
           }
    
    
         }
    
      }
    
      else
          echo "Your passwords do not match!";
    
    }
    else
        echo "please fill in <b>all</b> fields!";
    }
    
    ?>
    
    <html>
    
    <form action='register.php' method='POST'>
          <Table>
               <tr>
                   <td>
                   Your full name:
                   </td>
                   <td>
                   <input type='text' name='fullname' value='<?php echo $fullname ?>'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Choose a username:
                   </td>
                   <td>
                   <input type='text' name='username' value='<?php echo $username ?>'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Choose a password:
                   </td>
                   <td>
                   <input type='password' name='password'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Repeat your password:
                   </td>
                   <td>
                   <input type='password' name='repeatpassword'>
                   </td>
               </tr>
          </table>
          <p>
          <input type='submit' name='submit' value='Register'>
    </form>
    
    

    second problem,

    when i go to the registration page, there is a load of text in the username and fullname box.
    <br /> <b>Notice</b>: Undefined variable: fullname in <b>C:\xampp\htdocs\mike\register.php</b> on line <b>88</b><br />
    <br /> <b>Notice</b>: Undefined variable: username in <b>C:\xampp\htdocs\mike\register.php</b> on line <b>96</b><br />

    ^^ this appears in the text entry box for some reason.

    third problem, when i create a user, it adds it to the database, despite the above problems, but it does not add their name only their nickname and password etc.

    i know all the problems are to do with undefined variables, but i cant figure out how to fix them :(

    any suggestions?


  • Registered Users, Registered Users 2 Posts: 981 ✭✭✭fasty


    $name and $date are undefined apart from in your query
    INSERT INTO users VALUES ('','$name','$username','$password', '$date')
    

    If you declare a name and date in your script and set them to be the values you want you should be fine. I'm assuming you should use $fullname instead of $name and the sql NOW() function for date?

    The 2nd issue is because when you output your registration form, you set the value of the form fields to be stuff that only exists when you post to the form. This code implies that you want to populate the name field of the registration form with a name that the user hasn't registered yet!
    <input type='text' name='fullname' value='<?php echo $fullname ?>'
    


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    ok,

    problem 1:

    changed from "name" to "fullname"

    and removed the date function for now.

    that solved that problem.

    problem 2.

    i also removed
    value='<?php echo $username ?>'>
    and that solved the problem of the code appearing in the text box.

    however, now it doesnt seem to store any registered users to the database?

    edit: not sure what i changed, if anything, but it seems to be storing them correctly now.
    fullname, nickname and password going through just fine.

    i think ill abandon the date function for now, and leave the echo $username out of the content box until i learn more about them.


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    What's your code now?

    The code about dies right after attempting an insert. You probably should or die... - must be something wrong with your query.

    What'd I'd do is just print out the query to browser and inspect it. maybe a field isn't getting through.


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    ok, here's all the code im using now.

    seems to be working perfectly now that ive removed the date and echo for the content fields.

    index.php
    <html>
    
        <form action='login.php' method='POST'>
           Username: <input type='text' name='username'> <br>
           Password: <input type='password' name='password'> <br>
            <input type='submit' value='Log in'>
        </form> <p>
        
        
        <a href='register.php'>Register?</a>
    </html>
    

    register.php
    <?php
    
    echo "<h1>Register</h1>";
    
    if (isset($_POST['submit']))
    {
    // form data
    $fullname = strip_tags($_POST['fullname']);
    $username = strtolower(strip_tags($_POST['username']));
    $password = strip_tags($_POST['password']);
    $repeatpassword = strip_tags($_POST['repeatpassword']);
    //$date = .date("Y-m-d");
    
            // open database
            $connect = mysql_connect("localhost", "root", "password");
            mysql_select_db("phplogin"); // select database
    
            $namecheck = mysql_query("Select username FROM users WHERE username='$username'");
            $count = mysql_num_rows($namecheck);
    
            if ($count!=0)
    
            {
               die("Username already taken <br><a href='register.php'>Return to registration page</a>");
            }
    
    
    // check for existence
    if ($fullname&&$username&&$password&&$repeatpassword)
    {
    
    
      if ($password==$repeatpassword)
      {
         if (strlen($username)>25||strlen($fullname)>25)
         {
          echo "length of username or fullname is too long!";
         }
    
         else
         {
    
          if (strlen($password)>25||strlen($password)<6)
           {
            echo "password must be between 6 and 25 charachters";
           }
    
           else
           {
              // register the user!
              // encrypt password
             $password = md5($password);
             $repeatpassword = md5($repeatpassword);
    
            $queryreg = mysql_query("
    
            INSERT INTO users VALUES ('','$fullname','$username','$password')
    
            ");
    
            die("You have been registered! <a href='index.php'>Return to login page</a>");
           }
    
    
         }
    
      }
    
      else
          echo "Your passwords do not match!";
    
    }
    else
        echo "please fill in <b>all</b> fields!";
    }
    
    ?>
    
    <html>
    
    <form action='register.php' method='POST'>
          <Table>
               <tr>
                   <td>
                   Your full name:
                   </td>
                   <td>
                   <input type='text' name='fullname'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Choose a username:
                   </td>
                   <td>
                   <input type='text' name='username'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Choose a password:
                   </td>
                   <td>
                   <input type='password' name='password'>
                   </td>
               </tr>
                <tr>
                   <td>
                   Repeat your password:
                   </td>
                   <td>
                   <input type='password' name='repeatpassword'>
                   </td>
               </tr>
          </table>
          <p>
          <input type='submit' name='submit' value='Register'>
    </form>
    

    login.php
    <?php
    
    session_start();
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    if ($username&&$password)
    {
    
    $connect = mysql_connect("localhost", "root", "alex12345") or die("Couldn't connect!");
    mysql_select_db("phplogin") or die("Couldn't find Database!");
    
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    
    $numrows = mysql_num_rows($query);
    
    if ($numrows!=0)
    {
    
      while ($row = mysql_fetch_assoc($query))
      {
            $dbusername = $row['username'];
            $dbpassword = $row['password'];
      }
    
      // check to see if they match!
    
      if ($username==$dbusername&&md5($password)==$dbpassword)
      {
         echo "You're in! Click <a href='member.php'>here</a> to enter the member page";
         $_SESSION['username']=$username;
      }
      else
          echo "Invalid Username or Password <br> Click <a href='index.php'>return to login page</a>";
    
    }
    else
        die("Invalid Username or Password <br> Click <a href='index.php'>return to login page</a>");
    
    }
    else
        die("please enter a username and password! <br> Click <a href='index.php'>return to login page</a>");
    
    
    ?>
    

    logout.php
    <?php
    
    session_start();
    
    session_destroy();
    
    echo "You've been logged out. <br> Click <a href='index.php'>here</a> to return to login page"
    
    ?>
    

    member.php
    <?php
    
    session_start();
    
    if(isset($_SESSION['username']))
       echo "Welcome, ".$_SESSION['username']."!<br /><a href='logout.php'>Logout.</a>";
    else
       die ("You must be logged in!<br> Click <a href='index.php'>here.</a> to return to the login page");
    ?>
    


  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    The echo was missing a ;
    A good idea for getting the date would be to just create a field with a timestamp and set it to Current_Timestamp


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    thanks dale.

    quick question for someone.

    when i add a record to the database through the registration page, they log in, and go to a member page.
    I want to give them the option to delete their account, which should then log them out and remove the record from the database.

    cant seem to figure out how to get this to work.
    <?php
    
    session_start();
    
    if(isset($_SESSION['username']))
    {
    $connect = mysql_connect("localhost","root","password");
    mysql_select_db("phplogin", $connect);
    if (!$connect)
      {
      die('Could not connect: ' . mysql_error());
      }
    
    mysql_query("DELETE FROM users WHERE username ='username'");
    
    mysql_close($connect);
    
    echo "Your account has been terminated";
    
    }
    else
       die ("You must be logged in!<br> Click <a href='index.php'>here.</a> to return to the login page");
    ?>
    

    i know where the problem is, its the
    mysql_query("DELETE FROM users WHERE username ='username'");

    i just dont know what needs to be there?


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Should those square brackets be there? - I don't think so. Least in my experience I've never seen such a thing.


  • Advertisement
  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    Webmonkey wrote: »
    Should those square brackets be there? - I don't think so. Least in my experience I've never seen such a thing.

    heh, removed them now :o

    this is what i get back when try it.

    Notice: Undefined variable: username in C:\xampp\htdocs\mike\terminate.php on line 14
    Your account has been terminated

    ive updated it to mysql_query("DELETE FROM users WHERE username ='username' ");


  • Registered Users, Registered Users 2 Posts: 399 ✭✭teddy b123


    can i please quickly hijack this thread? (i said please ;) )

    why does

    [PHP]if ($username && $password)
    {
    }[/PHP]

    work? do strings always evaluate to true? what would happen if someone had a username of false?


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    heh, removed them now :o

    this is what i get back when try it.

    Notice: Undefined variable: username in C:\xampp\htdocs\mike\terminate.php on line 14
    Your account has been terminated

    ive updated it to mysql_query("DELETE FROM users WHERE username ='username' ");
    It must be $username however. Otherwise you will be deleting a username named 'username' literaly.


  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    i just dont know what needs to be there?
    Try this;
    <?php
    session_name("mysession");
    session_start();
    $username = $_SESSION['username'];
    
    
    if(isset($username))
    {
    $connect = mysql_connect("localhost","root","password");
    mysql_select_db("phplogin", $connect);
    if (!$connect)
      {
      die('Could not connect: ' . mysql_error());
      }
    
    mysql_query("DELETE FROM users WHERE username ='".$username."'");
    
    mysql_close($connect);
    
    echo "Your account has been terminated";
    
    }
    else
       die ("You must be logged in!<br> Click <a href='index.php'>here.</a> to return to the login page");
    ?>
    


  • Closed Accounts Posts: 6,281 ✭✭✭Ricky91t


    teddy b123 wrote: »
    can i please quickly hijack this thread? (i said please ;) )

    why does

    [PHP]if ($username && $password)
    {
    }[/PHP]

    work? do strings always evaluate to true? what would happen if someone had a username of false?

    It only returns true if the strings contains data.

    If you try this:

    [PHP]<?php
    $username ='false';
    $password ='false';
    if ($username && $password)
    {
    echo "strings with data, return true";
    }
    else{
    echo "strings with data,return false!";
    }

    $username1 ='';
    $password1 ='';
    if ($username1 && $password1)
    {
    echo "empty strings, return true";
    }
    else{
    echo "empty strings,return false";
    }
    ?>[/PHP]


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    Try this;
    <?php
    session_name("mysession");
    session_start();
    $username = $_SESSION['username'];
    
    
    if(isset($username))
    {
    $connect = mysql_connect("localhost","root","password");
    mysql_select_db("phplogin", $connect);
    if (!$connect)
      {
      die('Could not connect: ' . mysql_error());
      }
    
    mysql_query("DELETE FROM users WHERE username ='".$username."'");
    
    mysql_close($connect);
    
    echo "Your account has been terminated";
    
    }
    else
       die ("You must be logged in!<br> Click <a href='index.php'>here.</a> to return to the login page");
    ?>
    

    cheers dude, that worked perfectly without the
    session_name("mysession");

    :)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    Oops, I should have mentioned that you give the session name to each page which will use that session :pac:


  • Closed Accounts Posts: 27,857 ✭✭✭✭Dave!


    I'm learning PHP too, so this thread has been informative :) I'm not doing as good as the OP, but getting there! Any tuts you'd recommend, OP?

    Cheers


  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    Dave! wrote: »
    I'm learning PHP too, so this thread has been informative :) I'm not doing as good as the OP, but getting there! Any tuts you'd recommend, OP?

    Cheers
    TBH I'm still only learning PHP as well, going into my 3rd month now. I found the best help was definitely w3schools,a projects & trial and error


  • Closed Accounts Posts: 6,281 ✭✭✭Ricky91t


    Just on a side note royal marine, Use the php MD5 encryption so if your website got hacked the users passwords would be safely encrypted and the hacker should not be able to find out when their password was!(There's no way to decrypt, But you can populate a database with randomly generated strings and then compare the encrypted passwords and possibly find out what it was.)

    It would be abit like this
    [PHP]registration.php

    <?php
    $username = $_GET;
    $password = $_GET;
    $md5password = md5($password);

    $registrationQuery = mysql_query("INSERT into users (username,password)
    VALUES ('{$username}', '{$password}')");
    ?>[/PHP]
    etc

    And then when you login it would be:
    [PHP]login.php
    <?php
    $username = $_GET;
    $password = $_GET;
    $md5password = md5($password);
    $loginQuery = mysql_query("SELECT * FROM users
    WHERE username ='{$username}'
    AND password ='{$md5password}'");
    ?>[/PHP]

    You'd need to put this in your code(if you want to use it) and I think that should work, it's off the top of my head though!


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    Dave! wrote: »
    I'm learning PHP too, so this thread has been informative :) I'm not doing as good as the OP, but getting there! Any tuts you'd recommend, OP?

    Cheers

    Were starting it in college soon, so i wanted to get a headstart. I went to w3schools.com. best place to begin.

    then i went to phpacademy on youtube, and he's an excellent source. very clear instructions and easy to follow.

    http://www.youtube.com/user/phpacademy?blend=1&ob=4

    and then of course, trial and error. any error i came up to i was able to fix by either google or ask on here. cant beat boards.ie for the helpful people that get you out of a spot of bother!
    Ricky91t wrote: »
    Just on a side note royal marine, Use the php MD5 encryption so if your website got hacked the users passwords would be safely encrypted and the hacker should not be able to find out when their password was!(There's no way to decrypt, But you can populate a database with randomly generated strings and then compare the encrypted passwords and possibly find out what it was.)

    It would be abit like this
    [PHP]registration.php

    <?php
    $username = $_GET;
    $password = $_GET;
    $md5password = md5($password);

    $registrationQuery = mysql_query("INSERT into users (username,password)
    VALUES ('{$username}', '{$password}')");
    ?>[/PHP]
    etc

    And then when you login it would be:
    [PHP]login.php
    <?php
    $username = $_GET;
    $password = $_GET;
    $md5password = md5($password);
    $loginQuery = mysql_query("SELECT * FROM users
    WHERE username ='{$username}'
    AND password ='{$md5password}'");
    ?>[/PHP]

    You'd need to put this in your code(if you want to use it) and I think that should work, it's off the top of my head though!

    im using md5 in my registration script, not the same as yours above, but i think mine is secure.
    <?php
    
    echo "<h1>Register</h1>";
    
    if (isset($_POST['submit']))
    {
    // form data
    $fullname = strip_tags($_POST['fullname']);
    $username = strtolower(strip_tags($_POST['username']));
    $password = strip_tags($_POST['password']);
    $repeatpassword = strip_tags($_POST['repeatpassword']);
    //$date = .date("Y-m-d");
    
            // open database
            $connect = mysql_connect("localhost", "root", "**********");
            mysql_select_db("phplogin"); // select database
    
            $namecheck = mysql_query("Select username FROM users WHERE username='$username'");
            $count = mysql_num_rows($namecheck);
    
            if ($count!=0)
    
            {
               die("Username already taken <br><a href='register.php'>Return to registration page</a>");
            }
    
    
    // check for existence
    if ($fullname&&$username&&$password&&$repeatpassword)
    {
    
    
      if ($password==$repeatpassword)
      {
         if (strlen($username)>25||strlen($fullname)>25)
         {
          echo "length of username or fullname is too long!";
         }
    
         else
         {
    
          if (strlen($password)>25||strlen($password)<6)
           {
            echo "password must be between 6 and 25 charachters";
           }
    
           else
           {
              // register the user!
              // encrypt password
             $password = md5($password);
             $repeatpassword = md5($repeatpassword);
    
            $queryreg = mysql_query("
    
            INSERT INTO users VALUES ('','$fullname','$username','$password')
    
            ");
    
            die("You have been registered! <a href='index.php'>Return to login page</a>");
           }
    
    
         }
    
      }
    


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 894 ✭✭✭Dale Parish


    I suggest that you should escape the string as well, trim() and stripslashes (if magic quotes is off) since they can always drop your table


  • Closed Accounts Posts: 6,281 ✭✭✭Ricky91t


    Were starting it in college soon, so i wanted to get a headstart. I went to w3schools.com. best place to begin.

    then i went to phpacademy on youtube, and he's an excellent source. very clear instructions and easy to follow.

    http://www.youtube.com/user/phpacademy?blend=1&ob=4

    and then of course, trial and error. any error i came up to i was able to fix by either google or ask on here. cant beat boards.ie for the helpful people that get you out of a spot of bother!



    im using md5 in my registration script, not the same as yours above, but i think mine is secure.
    <?php
    
    echo "<h1>Register</h1>";
    
    if (isset($_POST['submit']))
    {
    // form data
    $fullname = strip_tags($_POST['fullname']);
    $username = strtolower(strip_tags($_POST['username']));
    $password = strip_tags($_POST['password']);
    $repeatpassword = strip_tags($_POST['repeatpassword']);
    //$date = .date("Y-m-d");
    
            // open database
            $connect = mysql_connect("localhost", "root", "**********");
            mysql_select_db("phplogin"); // select database
    
            $namecheck = mysql_query("Select username FROM users WHERE username='$username'");
            $count = mysql_num_rows($namecheck);
    
            if ($count!=0)
    
            {
               die("Username already taken <br><a href='register.php'>Return to registration page</a>");
            }
    
    
    // check for existence
    if ($fullname&&$username&&$password&&$repeatpassword)
    {
    
    
      if ($password==$repeatpassword)
      {
         if (strlen($username)>25||strlen($fullname)>25)
         {
          echo "length of username or fullname is too long!";
         }
    
         else
         {
    
          if (strlen($password)>25||strlen($password)<6)
           {
            echo "password must be between 6 and 25 charachters";
           }
    
           else
           {
              // register the user!
              // encrypt password
             $password = md5($password);
             $repeatpassword = md5($repeatpassword);
    
            $queryreg = mysql_query("
    
            INSERT INTO users VALUES ('','$fullname','$username','$password')
    
            ");
    
            die("You have been registered! <a href='index.php'>Return to login page</a>");
           }
    
    
         }
    
      }
    

    Ah right, that's good, I've noticed you're putting an empty string into the database.

    Instead of that you can do this:
    [PHP]<?php
    INSERT INTO users (name, username, password)VALUES ('$fullname','$username','$password');
    ?>
    [/PHP]
    Where name, username, password are the names of the columns in you table where you store the data.


  • Closed Accounts Posts: 5,824 ✭✭✭RoyalMarine


    cheers guys,

    having a problem today....

    i cant access mysql from xampp?

    when i start the mysql and apache service from the xampp control panel, they both start fine. then i click admin.
    it loads the xampp splash screen, i then click phpmyadmin on the left pane, and i get

    error: cannot connect : invalid settings.
    access denied.
    phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should check the host, username and password in your configuration and make sure that they correspond to the information given by the administrator of the MySQL server.

    ive changed nothing since last night, and i cant log in today.

    any suggestions?


Advertisement