beginner php/html with small problem

RoyalMarine

Hi guys, learning sql, php, html and css slowly here.

ive got the basics of sql, html and css covered. im able to develop databases with sql commands and sites with html and css easily.

however, ive started on php recently and im having a good time with it.

hit a small snag tonight.

im writing a login script for a basic site.

here's what ive done so far.

created the sql database with xampp, added a few users etc.
created my index.php

<html>

    <form action='login.php' method='POST'>
       Username: <input type='text' name='username'> <br>
       Password: <input type='password' name='password'> <br>
        <input type='submit' value='Log in'>
    </form>
</html>

and when i click log in button it takes to the next page called login.

however, something is afowl here as no matter what i change on the login.php page, it still shows up as a blank document.
i know its finiding the file as if i remove it, it says page cannot be displayed, so im sure its a coding error.

here's the code from the login.php

<?php

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)


{

$connect = mysql_connect("localhost", "root", "") or die("couldn't connect!");
mysql_select_db("phplogin") or die("Couldn't find db");

$query = mysql_query("SELECT * FROM users WHERE username='$username'");

$numrows = mysql_num_rows($query);

if ($numrows!=0)
{
  
  while ($row = mysql_fetch_assoc($query))
  {
    
        $dbusername = $row['username'];
        $dbpassword = $row['password'];

  }
  
  // check to see if they match!
  if ($username==$dbusername&&$password==$dbpassword)
  {
    
    echo "You're in!";

  }
  else
      echo "Incorrect password!";


}
else
    die("that user doesnt exist!");

}
else
    die("Please enter a username and password!");


?>

im following a youtube guide and its pretty handy. however, ive done exactly as i saw and its still not working...

someone help me!

Dale Parish

You have $$ before $$numrows = mysql_num_rows($query); as opposed to $
As for the query itself,
$query = mysql_query("SELECT * FROM users WHERE username='".$username."'");
Bit of advice, you're running this on your own PC which is fine but it's good practice to escape the input using mysql_real_escape_string($string), though you have to be connected to the database in order to use this function first!
Hope this helps!

fasty

You can set warnings to be outputted to the screen either in code of the PHP.ini for development purposes.

Have a look at the error_reporting function. It'll make your life so much easier when confronted with blank pages like that!

RoyalMarine

Dale Parish wrote: »

You have $$ before $$numrows = mysql_num_rows($query); as opposed to $
As for the query itself,
$query = mysql_query("SELECT * FROM users WHERE username='".$username."'");
Bit of advice, you're running this on your own PC which is fine but it's good practice to escape the input using mysql_real_escape_string($string), though you have to be connected to the database in order to use this function first!
Hope this helps!

removed the $ from numrows, cheers.
however, even with that line removed the problem still occours.

and yeah im just running it on localmachine, just trying to get the basics done first.

fasty wrote: »

You can set warnings to be outputted to the screen either in code of the PHP.ini for development purposes.

Have a look at the error_reporting function. It'll make your life so much easier when confronted with blank pages like that!

checked that link out, and ive no clue what to do with the error reporting...
i assume its like catch exceptions in java?

still baffled as to why my code doesnt work tho.

Dale Parish

Did you fix the quotes around the username variable?
Try adding or die(mysql_error()); after all your MySQL queries.

RoyalMarine

Dale Parish wrote: »

Did you fix the quotes around the username variable?
Try adding or die(mysql_error()); after all your MySQL queries.

aye ive added the quotes around username, but still no change.

ive uploaded the files, maybe someone can see whats going on.

Dale Parish

You need to keep the ' before and after the "; so like this, ' ".$username." '
' ' lets the query know you are putting in a value from the database, but puting in '$username' means it will look for a row which contains $username as a value, hence you must break the query with " " and insert .$username. between them.
$query = mysql_query("SELECT * FROM users WHERE username= ' ".$username." ' ");

RoyalMarine

ahh i see.

nice one.

still loading into a blank page however.

Webmonkey

RoyalMarine wrote: »

removed the $ from numrows, cheers.
however, even with that line removed the problem still occours.

and yeah im just running it on localmachine, just trying to get the basics done first.



checked that link out, and ive no clue what to do with the error reporting...
i assume its like catch exceptions in java?

still baffled as to why my code doesnt work tho.

No, you will see errors/warnings outputted by PHP on the page so you are bound to see something (that is if PHP is actually working).

Open the PHP.INI file and set error reporting on by changing:
error_reporting = E_ALL

Alternatively you can place this at the start of your PHP file:
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);

But if I were you, I'd create a basic PHP page and see if PHP is even working.

[php]
<?php
echo phpinfo();
?>
[/php]

RoyalMarine

Webmonkey wrote: »

No, you will see errors/warnings outputted by PHP on the page so you are bound to see something (that is if PHP is actually working).

Open the PHP.INI file and set error reporting on by changing:
error_reporting = E_ALL

Alternatively you can place this at the start of your PHP file:
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);

But if I were you, I'd create a basic PHP page and see if PHP is even working.

[php]
<?php
echo phpinfo();
?>
[/php]

ok, ive edited the .ini file and set error_reporting = E_ALL

and ive removed almost everything from my php file, so now all i have is.

index.php

<html>

    <form action='login.php' method='POST'>
       Username: <input type='text' name='username'> <br>
       Password: <input type='password' name='password'> <br>
        <input type='submit' value='Log in'>
    </form>
</html>

and my login.php

<?php

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{

$connect = mysql_connect("localhost", "root", "") or die("Couldn't connect!");
mysql_select_db("phplogin") or die("Couldnt find db");


}
else
    die("please enter a username and a password!");

?>

now, that SHOULD do 1 of 2 things.

when i enter my username and password from the sql database, it should just load a blank page.
when i just click login, it should give a line of text saying "please enter a username and password"

but it doesnt...

so i removed everything in my login.php and placed this in there

<?php
echo phpinfo();
?> 

and it still loads a blank page..

Dale Parish

That's really odd :-(, other then the fact that (in the script you uploaded) you're missing a . after $username, I cannot see anything wrong with it.
The full stops keep the query stuck together, so they are necessary when you break a query to insert a variable on both ends (i.e., .$var.)

RoyalMarine

as web monkey said, it looks like php isnt running?

Webmonkey

XAMPP must not be configured correctly. Can you look at the Apache error log. You could try reinstalling XAMPP.

This is not a problem with your script. The problem is in server configuration.

RoyalMarine

ok, im confused now.

i went to

http://localhost/mike/

which is the folder i have my php pages in.

it loaded the index.php automatically, so it displayed my login screen.

i clicked the login button, and it loaded the login.php with the phpinfo code i put in there, and it worked fine.
then changed the login.php to my own info, and it showed the correct text etc.

i think i might have been doing something wrong.
i was just double clicking index.php from the folder on c:/etc and going through it that way

Webmonkey

You must go via the web server, ie: by going through http://localhost in order for Apache to ask PHP to interpret the page.

If you load it straight into browser from file, you will see nothing as the web browser sees the literal PHP code and won't output it as it's wrapped in tags. If you go view source the way you 've being doing it before, you'd have seen the PHP code in your source, not interpreted.

Nothing to be confused about

ShatterProof

Just having a quick look at you code and you shouldn't really display the message "that user doesnt exist!" if the user enters an invalid username.

you would be better off using something like "username / password combination is incorrect"

Your message lets any potential hacker know that they have a valid username , now they just have to concentrate on the password.

Webmonkey

ShatterProof wrote: »

Just having a quick look at you code and you shouldn't really display the message "that user doesnt exist!" if the user enters an invalid username.

you would be better off using something like "username / password combination is incorrect"

Your message lets any potential hacker know that they have a valid username , now they just have to concentrate on the password.

+1 on this!

But I assume OP this is just practice for yourself and won't be a real production site.

RoyalMarine

thanks shatterproof, good idea.

but dont worry, this is 100% strictly being used to just learn the basics of php. Ive no intention of using something this basic online.

RoyalMarine

im having another problem lately.

ive made a "register.php" page, to let people register, but this happens...

Notice: Undefined variable: POST in C:\xampp\htdocs\mike\register.php on line 5

Notice: Undefined index: fullname in C:\xampp\htdocs\mike\register.php on line 8

Notice: Undefined index: username in C:\xampp\htdocs\mike\register.php on line 9

Notice: Undefined index: password in C:\xampp\htdocs\mike\register.php on line 11

Notice: Undefined index: repeatpassword in C:\xampp\htdocs\mike\register.php on line 12

here's the register.php code

<?php

echo "<h1>Register</h1>";

$submit = $POST['submit'];

// form data
$fullname = $_POST['fullname'];
$username = $_POST['username'];

$password = $_POST['password'];
$repeatpassword = $_POST['repeatpassword'];

if ($submit)
{



}

?>

<html>

<form action='register.php' method='POST'>
      <Table>
           <tr>
               <td>
               Your full name:
               </td>
               <td>
               <input type='text' name='fullname'>
               </td>
           </tr>
            <tr>
               <td>
               Choose a username:
               </td>
               <td>
               <input type='text' name='username'>
               </td>
           </tr>
            <tr>
               <td>
               Choose a password:
               </td>
               <td>
               <input type='password' name='password'>
               </td>
           </tr>
            <tr>
               <td>
               Repeat your password:
               </td>
               <td>
               <input type='password' name='repeatpassword'>
               </td>
           </tr>
      </table>
      <p>
      <input type='submit' name='submit' value='Register'>
</form>

i know its a warning message which is caused by having strict warnings enabled,
but what can i do to fix it?

remember, ive only started using php since last night.. but i think im making good progress!

Webmonkey

The warning says exactly what the problem is.

[php]$submit = $POST;[/php]

is wrong.

[php]$submit = $_POST;[/php]

When this is fixed, you will end up with a similar error 'submit' index error not defined as the ones below.
These errors are because you havn't posted/submitted at that stage so the indexes in the $_POST array are not valid.

Try this:

[php]
if (isset($_POST))
{
// form data
$fullname = $_POST;
$username = $_POST;

$password = $_POST;
$repeatpassword = $_POST;
}
[/php]

RoyalMarine

ahh i see now. it was reading regardless of wether the submit button had been clicked.

so, with the if (isset($_POST))

it will wait until the submit button is clicked.

nice one dude. really helped me there!

Webmonkey

RoyalMarine wrote: »

ahh i see now. it was reading regardless of wether the submit button had been clicked.

so, with the if (isset($_POST))

it will wait until the submit button is clicked.

nice one dude. really helped me there!

Yeah, isset checks if the variable exists and has a value. It does as a side affect of submitting the form. It's good to check if a variable is set before trying to read it. This will avoid the warnings.

No prob, must be a fun time when you are learning. Enjoy it while you can

RoyalMarine

ok, getting on very well so far.

hit 3 small problems.

first problem.
this.

Notice: Undefined variable: name in C:\xampp\htdocs\mike\register.php on line 57

Notice: Undefined variable: date in C:\xampp\htdocs\mike\register.php on line 59

getting this on this code

<?php

echo "<h1>Register</h1>";

if (isset($_POST['submit']))
{
// form data
$fullname = strip_tags($_POST['fullname']);
$username = strtolower(strip_tags($_POST['username']));
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
//$date = .date("Y-m-d");

        // open database
        $connect = mysql_connect("localhost", "root", "password");
        mysql_select_db("phplogin"); // select database

        $namecheck = mysql_query("Select username FROM users WHERE username='$username'");
        $count = mysql_num_rows($namecheck);

        if ($count!=0)

        {
           die("Username already taken <br><a href='register.php'>Return to registration page</a>");
        }


// check for existence
if ($fullname&&$username&&$password&&$repeatpassword)
{


  if ($password==$repeatpassword)
  {
     if (strlen($username)>25||strlen($fullname)>25)
     {
      echo "length of username or fullname is too long!";
     }

     else
     {

      if (strlen($password)>25||strlen($password)<6)
       {
        echo "password must be between 6 and 25 charachters";
       }

       else
       {
          // register the user!
          // encrypt password
         $password = md5($password);
         $repeatpassword = md5($repeatpassword);

        $queryreg = mysql_query("

        INSERT INTO users VALUES ('','$name','$username','$password', '$date')

        ");

        die("You have been registered! <a href='index.php'>Return to login page</a>");
       }


     }

  }

  else
      echo "Your passwords do not match!";

}
else
    echo "please fill in <b>all</b> fields!";
}

?>

<html>

<form action='register.php' method='POST'>
      <Table>
           <tr>
               <td>
               Your full name:
               </td>
               <td>
               <input type='text' name='fullname' value='<?php echo $fullname ?>'>
               </td>
           </tr>
            <tr>
               <td>
               Choose a username:
               </td>
               <td>
               <input type='text' name='username' value='<?php echo $username ?>'>
               </td>
           </tr>
            <tr>
               <td>
               Choose a password:
               </td>
               <td>
               <input type='password' name='password'>
               </td>
           </tr>
            <tr>
               <td>
               Repeat your password:
               </td>
               <td>
               <input type='password' name='repeatpassword'>
               </td>
           </tr>
      </table>
      <p>
      <input type='submit' name='submit' value='Register'>
</form>

second problem,

when i go to the registration page, there is a load of text in the username and fullname box.
<br /> <b>Notice</b>: Undefined variable: fullname in <b>C:\xampp\htdocs\mike\register.php</b> on line <b>88</b><br />
<br /> <b>Notice</b>: Undefined variable: username in <b>C:\xampp\htdocs\mike\register.php</b> on line <b>96</b><br />

^^ this appears in the text entry box for some reason.

third problem, when i create a user, it adds it to the database, despite the above problems, but it does not add their name only their nickname and password etc.

i know all the problems are to do with undefined variables, but i cant figure out how to fix them

any suggestions?

fasty

$name and $date are undefined apart from in your query

INSERT INTO users VALUES ('','$name','$username','$password', '$date')

If you declare a name and date in your script and set them to be the values you want you should be fine. I'm assuming you should use $fullname instead of $name and the sql NOW() function for date?

The 2nd issue is because when you output your registration form, you set the value of the form fields to be stuff that only exists when you post to the form. This code implies that you want to populate the name field of the registration form with a name that the user hasn't registered yet!

<input type='text' name='fullname' value='<?php echo $fullname ?>'

RoyalMarine

ok,

problem 1:

changed from "name" to "fullname"

and removed the date function for now.

that solved that problem.

problem 2.

i also removed
value='<?php echo $username ?>'>
and that solved the problem of the code appearing in the text box.

however, now it doesnt seem to store any registered users to the database?

edit: not sure what i changed, if anything, but it seems to be storing them correctly now.
fullname, nickname and password going through just fine.

i think ill abandon the date function for now, and leave the echo $username out of the content box until i learn more about them.

Webmonkey

What's your code now?

The code about dies right after attempting an insert. You probably should or die... - must be something wrong with your query.

What'd I'd do is just print out the query to browser and inspect it. maybe a field isn't getting through.

RoyalMarine

ok, here's all the code im using now.

seems to be working perfectly now that ive removed the date and echo for the content fields.

index.php

<html>

    <form action='login.php' method='POST'>
       Username: <input type='text' name='username'> <br>
       Password: <input type='password' name='password'> <br>
        <input type='submit' value='Log in'>
    </form> <p>
    
    
    <a href='register.php'>Register?</a>
</html>

register.php

<?php

echo "<h1>Register</h1>";

if (isset($_POST['submit']))
{
// form data
$fullname = strip_tags($_POST['fullname']);
$username = strtolower(strip_tags($_POST['username']));
$password = strip_tags($_POST['password']);
$repeatpassword = strip_tags($_POST['repeatpassword']);
//$date = .date("Y-m-d");

        // open database
        $connect = mysql_connect("localhost", "root", "password");
        mysql_select_db("phplogin"); // select database

        $namecheck = mysql_query("Select username FROM users WHERE username='$username'");
        $count = mysql_num_rows($namecheck);

        if ($count!=0)

        {
           die("Username already taken <br><a href='register.php'>Return to registration page</a>");
        }


// check for existence
if ($fullname&&$username&&$password&&$repeatpassword)
{


  if ($password==$repeatpassword)
  {
     if (strlen($username)>25||strlen($fullname)>25)
     {
      echo "length of username or fullname is too long!";
     }

     else
     {

      if (strlen($password)>25||strlen($password)<6)
       {
        echo "password must be between 6 and 25 charachters";
       }

       else
       {
          // register the user!
          // encrypt password
         $password = md5($password);
         $repeatpassword = md5($repeatpassword);

        $queryreg = mysql_query("

        INSERT INTO users VALUES ('','$fullname','$username','$password')

        ");

        die("You have been registered! <a href='index.php'>Return to login page</a>");
       }


     }

  }

  else
      echo "Your passwords do not match!";

}
else
    echo "please fill in <b>all</b> fields!";
}

?>

<html>

<form action='register.php' method='POST'>
      <Table>
           <tr>
               <td>
               Your full name:
               </td>
               <td>
               <input type='text' name='fullname'>
               </td>
           </tr>
            <tr>
               <td>
               Choose a username:
               </td>
               <td>
               <input type='text' name='username'>
               </td>
           </tr>
            <tr>
               <td>
               Choose a password:
               </td>
               <td>
               <input type='password' name='password'>
               </td>
           </tr>
            <tr>
               <td>
               Repeat your password:
               </td>
               <td>
               <input type='password' name='repeatpassword'>
               </td>
           </tr>
      </table>
      <p>
      <input type='submit' name='submit' value='Register'>
</form>

login.php

<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{

$connect = mysql_connect("localhost", "root", "alex12345") or die("Couldn't connect!");
mysql_select_db("phplogin") or die("Couldn't find Database!");

$query = mysql_query("SELECT * FROM users WHERE username='$username'");

$numrows = mysql_num_rows($query);

if ($numrows!=0)
{

  while ($row = mysql_fetch_assoc($query))
  {
        $dbusername = $row['username'];
        $dbpassword = $row['password'];
  }

  // check to see if they match!

  if ($username==$dbusername&&md5($password)==$dbpassword)
  {
     echo "You're in! Click <a href='member.php'>here</a> to enter the member page";
     $_SESSION['username']=$username;
  }
  else
      echo "Invalid Username or Password <br> Click <a href='index.php'>return to login page</a>";

}
else
    die("Invalid Username or Password <br> Click <a href='index.php'>return to login page</a>");

}
else
    die("please enter a username and password! <br> Click <a href='index.php'>return to login page</a>");


?>

logout.php

<?php

session_start();

session_destroy();

echo "You've been logged out. <br> Click <a href='index.php'>here</a> to return to login page"

?>

member.php

<?php

session_start();

if(isset($_SESSION['username']))
   echo "Welcome, ".$_SESSION['username']."!<br /><a href='logout.php'>Logout.</a>";
else
   die ("You must be logged in!<br> Click <a href='index.php'>here.</a> to return to the login page");
?>

Dale Parish

The echo was missing a ;
A good idea for getting the date would be to just create a field with a timestamp and set it to Current_Timestamp

RoyalMarine

thanks dale.

quick question for someone.

when i add a record to the database through the registration page, they log in, and go to a member page.
I want to give them the option to delete their account, which should then log them out and remove the record from the database.

cant seem to figure out how to get this to work.

<?php

session_start();

if(isset($_SESSION['username']))
{
$connect = mysql_connect("localhost","root","password");
mysql_select_db("phplogin", $connect);
if (!$connect)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_query("DELETE FROM users WHERE username ='username'");

mysql_close($connect);

echo "Your account has been terminated";

}
else
   die ("You must be logged in!<br> Click <a href='index.php'>here.</a> to return to the login page");
?>

i know where the problem is, its the
mysql_query("DELETE FROM users WHERE username ='username'");

i just dont know what needs to be there?

Webmonkey

Should those square brackets be there? - I don't think so. Least in my experience I've never seen such a thing.

RoyalMarine

Webmonkey wrote: »

Should those square brackets be there? - I don't think so. Least in my experience I've never seen such a thing.

heh, removed them now

this is what i get back when try it.

Notice: Undefined variable: username in C:\xampp\htdocs\mike\terminate.php on line 14
Your account has been terminated

ive updated it to mysql_query("DELETE FROM users WHERE username ='username' ");