Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Apr 2006
    Posts
    111
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Need help, login just redirects to host homepage

    I am unsure what happens in the code. Maybe one of you can see what's wrong with it?

    Code:
    <?php
    
    if (isset($_POST['submitted'])) {
    
    	$user = $_POST['userlog'];
    	$pass = $_POST['passlog'];
    
    	$abc = mysqli_connect('mysql16.***************','a2527189_main2','fusiongtxo0');
    
    	mysqli_select_db($abc, 'a2527189_main2');
    
    	$query = mysqli_query($abc, "SELECT * FROM MEMBERS WHERE USERNAME ='" . $user . "'") or die ("User does not exist!");
    
    	$query2 = mysqli_num_rows($query);
    
    		if ($query2 == 0) {
    
    				echo "Username does not exist";
    
    				echo "<form action=\"{$_SERVER['PHP_SELF']}\" method=\"POST\">
    
    					<input type=\"username\" size=\"18\" value=\"username\" id=\"userlog\" name=\"userlog\" />
    					<input type=\"password\" size=\"18\" value=\"password\" id=\"passlog\" name=\"passlog\" />
    					<input type=\"submit\" value=\"Submit\" id=\"submitted\" />
    
    				     </form>";
    
    		}
    
    		else {
    
    			while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
    
    			if ($user == $row['USERNAME'] && $pass == $row['PASSWORD']) {
    
    				echo "Welcome: " . $user . "";
    				setcookie('user',$user,time()+3600);
    				setcookie('pass',$pass,time()+3600);
    
    
    
    			}
    
    			else {
    
    				echo "Username or Password does not exist";
    
    				echo "<form action=\"{$_SERVER['PHP_SELF']}\" method=\"POST\">
    
    					<input type=\"username\" size=\"18\" value=\"username\" id=\"userlog\" name=\"userlog\" />
    					<input type=\"password\" size=\"18\" value=\"password\" id=\"passlog\" name=\"passlog\" />
    					<input type=\"submit\" value=\"Submit\" id=\"submitted\" />
    
    				     </form>";
    			}
    		}
    	}
    }
    
    else {
    
    ?>
    
    <form action="{$_SERVER['PHP_SELF']}" method="POST">
    
    <input type="username" size="18" value="username" id="userlog" name="userlog" />
    <input type="password" size="18" value="password" id="passlog" name="passlog"  />
    <input type="submit" value="Submit" id="submitted" />
    
    </form>
    
    <?php
    
    }
    
    ?>

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,091
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Code:
    <form action="{$_SERVER['PHP_SELF']}" method="POST">

    Try printing / echo'ing that in php for a start..

    PHP Code:
    <form action="<? print $_SERVER['PHP_SELF']; ?>" method="POST">
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #3
    Regular Coder
    Join Date
    Apr 2005
    Location
    Ohio
    Posts
    254
    Thanks
    1
    Thanked 63 Times in 63 Posts
    Quoted from http://php.net/manual/en/reserved.variables.php by "Typer85 at gmail dot com"
    Note the manual entry for PHP_SELF states the following:

    "The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar."

    However I did some vigorous testing on three different machines and this note is not always true. The results are given below:

    Given a URL of http://www.example.com/Info.php/Page/Home

    Apache 2.2.4/Win32/PHP 5.2.2/Apache 2.0 Handler
    ----> PHP_SELF = Info.php/Page/Home

    Apache 1.3.37/Unix/PHP 5.2.2/CGI
    ----> PHP_SELF = Info.php

    Apache 1.3.33/Unix/5.1.4/FastCGI
    ----> PHP_SELF = Info.php

    To be completely honest, I am not sure why this is the case; perhaps there is a setting in Apache to modify this option, but in either case take careful consideration of this note.
    Seems like you fall in the last 2 categories. If that's the case, replace $_SERVER['PHP_SELF'] in your code with an absolute path.

    Also, pls look into securing your code.

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,091
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Also please don't show us your mysql connection user and password as you have above - just leave those blank or put something like <username> <password> in their place.

    Next:
    PHP Code:
    //PHP.net manual doesn't appear to have this function - use mysql_select_db() instead or see:
    //http://uk.php.net/manual/en/mysqli.select-db.php
    mysqli_select_db($abc'a2527189_main2');

    //Secondly, $abc is passed as an optional 2nd parameter:
    mysql_select_db('a2527189_main2'$abc); 
    Even more:
    PHP Code:
    //Again, unable to find mysqli_query on php.net - use mysql_query() instead or see:
    //http://uk.php.net/manual/en/mysqli.query.php
    $query mysqli_query($abc"SELECT * FROM MEMBERS WHERE USERNAME ='" $user "'") or die ("User does not exist!");

    //Note we don't need the mysql resource parameter - You can use it but not needed
    $query mysql_query("SELECT * FROM MEMBERS WHERE USERNAME ='" $user "'") or die ("User does not exist!"); 
    Next up: Queries

    A Query is the actual SQL string: select from <table> where ..
    PHP Code:
    //This is a result so call it a $Result not a $query - otherwise you'll get confused
    $query mysqli_query($abc"SEL");

    //Same again - this isn't a query it's a returned result
    $query2 mysqli_num_rows($query); 
    The reason i say about the name of queries is that quite easy to use another variable inside a loop called $query and then overwrite the $query variable that the loop was working from - EG:

    PHP Code:
    while ($row mysql_fetch_array($query))
    {
    //Do lots of stuff here and then..
     
    $query "select * from somewhere_else";
     
    $query mysql_query($query); //Hang, we've just broken our loop

    Finally mysqli is in the format of an object so you need to create and use like this:
    PHP Code:
    $mysqli = new mysqli("localhost""my_user""my_password""test");

    /* check connection */
    if (mysqli_connect_errno()) {
        
    printf("Connect failed: %s\n"mysqli_connect_error());
        exit();
    }

    /* return name of current default database */
    if ($result $mysqli->query("SELECT DATABASE()")) {
        
    $row $result->fetch_row();
        
    printf("Default database is %s.\n"$row[0]);
        
    $result->close();

    Last edited by tangoforce; 05-27-2011 at 10:25 PM.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #5
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,091
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by shadowmaniac View Post
    Seems like you fall in the last 2 categories. If that's the case, replace $_SERVER['PHP_SELF'] in your code with an absolute path.
    No it just wasn't in <? ?> tags and had no print / echo statement.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •