I'm currently building a system for a football league. And are currently working on the script file for adding results. Most of the script works and the result is always successfully added to the database. However the authentication part seems to fail. The if statement on line 12 does not seem to fire and I can't understand why.
My code can be found in the pastebin link here: http://pastebin.com/ty4pdGgn
<?PHP
include 'functions.php';
dbConnect();
//$userEmail = mysql_real_escape_string($_POST["userEmailText"]);
$userCode = mysql_real_escape_string($_POST["userPasscodeText"]);
$authenticated = false;
$userEmail = "info#example.com";
if ($userEmail == "info#example.com") {
header('Location: ../results.php?error=authentication');
}
$allUsers = mysql_query("SELECT * FROM accounts WHERE email = '$userEmail'");
while ($thisUser = mysql_fetch_assoc($allUsers)){
if ($userCode != $thisUser['passCode']) {
header('Location: ../results.php?error=authentication2');
}
echo $thisUser['passCode'];
$authenticated = true;
$userID = $thisUser['userID'];
}
if (!$authenticated) {
header('Location: ../results.php?error=authentication3');
}
$dateSubmitted = $_POST['submissionDate'];
$homeTeam = $_POST['homeTeam'];
$awayTeam = $_POST['awayTeam'];
$homeGoals = $_POST['homeGoals'];
$awayGoals = $_POST['awayGoals'];
if ($homeTeam == $awayTeam) {
header("Location: ../results.php?error=team");
}
if (getTeamLeague($homeTeam) != getTeamLeague($awayTeam)) {
header("Location: ../results.php?error=league");
} else {
$leagueID = getTeamLeague($homeTeam);
}
if ($homeGoals > $awayGoals) {
$winnerID = $homeTeam;
} else if ($homeGoals < $awayGoals) {
$winnerID = $awayTeam;
} else if ($homeGoals == $awayGoals) {
$winnerID = -1;
}
$cQuery = mysql_query("INSERT INTO results VALUES ('', $userID, '$dateSubmitted', $leagueID, $homeTeam, $homeGoals, $awayTeam, $awayGoals, $winnerID, 0)");
if ($cQuery){
header('Location: ../results.php');
} else {
echo mysql_error();
}
?>
Any help with this matter will be much appreciated. The functions.php contains no errors as this is all to do with database entry and not the authentication.
Put a die(); after the header("Location:...");
As your comparison code (the "if" part on line 12) that you pasted has to work, i have two advice:
Put a die(); or exit(); after the header() part.
Try looking here, as I am not sure if header() will work, while the location path you set is relative. Basic advice is to always use base paths for redirects, like "http://your.site.com/script.php").
Related
I am trying to make a website that echos out a number or a word based on some conditions. I connected it to my database, but it always echos out 2 (user not found), instead of yes100 (password and username correct).
The weird thing is, it works on my main domain, where it outputs yes100, but here it just can not do that for some reason.
I am sure my database details are correct, and I have uploaded the file where it should be.
This is my code (not secure at all, but it is for personal use only.)
$result = $link->query($sql);
if ($result->num_rows > 0) {
// Outputting the rows
while($row = $result->fetch_assoc())
{
$password = $row['password'];
$salt = $row['salt'];
$plain_pass = $_GET['password'];
$stored_pass = md5(md5($salt).md5($plain_pass));
function Redirect($url, $permanent = false)
{
if (headers_sent() === false)
{
header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
}
exit();
}
if($stored_pass != $row['password'])
{
echo "BLAHAHAHAHAHAHAHAHA";
exit();
}
else
{
echo "yes"; // Correct pass
}
if (strlen($row['hwid']) > 1)
{
if ($hwid != $row['hwid'])
{
echo "0"; // Wrong
}
else
{
echo "100"; // Correct
}
}
else
{
$sql = "UPDATE ". $tables ." SET hwid='$hwid' WHERE username='$user'";
if(mysqli_query($link, $sql))
{
echo "rdy"; // HWID Set
exit();
}
else
{
echo "4"; // Else errors
exit();
}
}
}
}
else
{
echo "2"; // User doesn't exist
exit();
}
?>
I forgot to give the user the permissions. It works now. Thanks everyone.
Our php Side full work in my localserver (Xamp-apach-5.5.6)
but hosting side no work(apach-5.2.17)
Please help me.
public function login($username,$password)
{
session_start();
if($username==!NULL AND $password==!NULL)
{
global $pdo;
$password=md5($password);
$query = $pdo->prepare("SELECT * FROM employee_list WHERE username='$username' AND userpass='$password'");
$query->execute();
$row=$query->rowCount();
if($row==0)
{
$this->massage->loginmass("<span class='text-danger'>YOUR USERNAME AND PASSWORD NO MATCH.</span>");
}
else
{
$result = $query->fetch();
if($result['active_enactive']=="Active")
{
$_SESSION['mafizusernamerahman'] = $result['username'];
$_SESSION['mafizuserpassrahman'] =$result['userpass'];
$_SESSION['mafizaccess_permissionrahman'] = $result['access_permission'];
$_SESSION['mafizactive_enactiverahman'] = $result['active_enactive'];
$_SESSION['mafiznamerahman'] = $result['name'];
$_SESSION['mafizemployment_idrahman'] = $result['employment_id'];
$_SESSION['mafizfather_namerahman'] = $result['father_name'];
$_SESSION['developer'] = "Mafizur";
if($_SESSION['mafizaccess_permissionrahman']=="Admin")
header("location:all-employee.php");
elseif($_SESSION['mafizaccess_permissionrahman']=="User")
{
if (empty($result['defaltpass'])) {
header("location:user-profile.php");
}
else
header("location:defaltchange-password.php");
}
}
else
$this->massage->loginmass("<span class='text-danger'>YOUR ACCOUNT SUSPEND.</span>");
}
}
else
$this->massage->loginmass("<span class='text-danger'>PLEASE FILL UP YOURUSER NAME AND PASSWORD.</span>");
}
You need to be careful while using relative URLs in Location redirects.
So, it will be better if you print absolute URLs in the headers instead of relative URLs.
https://en.wikipedia.org/wiki/HTTP_location
I have build a small website with some php. It works perfectly on my localhost (even without database information it loads the html and css).
However when I put it online I just get a blankpage, no errors, nothing. However when I manually type a page it redirects to the login page (which is good).
Anyone experienced this before?
Thanks
EDIT2: After some debugging advice I got this error
Warning: include_once(classes/users.class.php): failed to open stream:
No such file or directory in
/customers/c/2/9/nicolasdecroos.be/httpd.www/eindwerk/login.php on
line 8 Warning: include_once(): Failed opening
'classes/users.class.php' for inclusion
(include_path='.:/usr/share/php') in
/customers/c/2/9/nicolasdecroos.be/httpd.www/eindwerk/login.php on
line 8 Fatal error: Class 'user' not found in
/customers/c/2/9/nicolasdecroos.be/httpd.www/eindwerk/login.php on
line 9
Edit: Here is the PHP code on the login page
<?php
session_start();
include_once("classes/users.class.php");
$user = new user();
if(isset($_SESSION['loggedin']))
{
header('location: index.php');
}
else
{
if(!empty($_POST))
{
try
{
$user->login($_POST['studentennummer'],$_POST['password']);
}
catch (Exception $error)
{
$message = $error->getMessage();
}
}
}
?>
This is users.class
*Sorry if it's to much code, I'm not sure which part would be the most interesting.
<?php
include_once("classes/db.class.php");
class user
{
private $m_sStudentennummer;
private $m_sPassword;
private $m_sStatus;
public function __get($p_sProperty)
{
switch ($p_sProperty)
{
case 'Studentennummer':
return $this->m_sStudentennummer;
break;
case 'Password':
return $this->m_sPassword;
break;
case 'Status':
return $this->m_sStatus;
break;
}
}
public function __set($p_sProperty, $p_vValue)
{
switch ($p_sProperty)
{
case 'Studentennummer':
$this->m_sStudentennummer = $p_vValue;
break;
case 'Password':
$this->m_sPassword = $p_vValue;
break;
case 'Status':
$this->m_sStatus = $p_vValue;
break;
}
}
public function userCheck($p_sInput)
{
$db = new db();
$sql = "SELECT * FROM users WHERE u_id = '". $p_sInput . "'";
$result = $db->conn->query($sql);
if ($result->num_rows == 0)
{
return "true";
}
else
{
return "false";
}
}
public function login($p_sStudentennummer, $p_sPassword)
{
$db = new db();
$sql = "SELECT * FROM users WHERE u_nr = '".$db->conn->real_escape_string($p_sStudentennummer)."' AND u_pass = '".$db->conn->real_escape_string($p_sPassword)."';";
$result = $db->conn->query($sql);
$rows = $result->fetch_assoc();
$status = "SELECT * FROM users WHERE u_nr = '".$db->conn->real_escape_string($p_sStudentennummer)."' AND u_pass = '".$db->conn->real_escape_string($p_sPassword)."' AND u_group = 'student'";
$statusRes = $db->conn->query($status);
if ($result->num_rows == 1)
{
if ($statusRes->num_rows == 1)
{
$_SESSION['u_id'] = $rows['u_id'];
$_SESSION['loggedin'] = 1;
header('Location: index.php');
}
else
{
$_SESSION['u_id'] = $rows['u_id'];
$_SESSION['loggedin'] = 1;
header('Location: my_events.php');
}
}
else
{
throw new Exception("Username and/or password are invalid.");
}
}
}
?>
Change the error level for the online hosting if you can.
It will display every errors on the screen, but is very useful (for me at least).
<? error_reporting(E_ALL); ?>
Alright,
It was something dumb but I'll post it incase someone has troubles with this.
The map was called "Classes". in the code it was written as "classes".
On localhost it wasn't a problem, but when you put it online it is.
So, I know my code was working and I have tried un-doing all steps to see where the bug is, but I am still keep getting an error
my php id=0.
Can you guys show me how I can fix my code up?
The error is as follows:
undefined variable list_id. It works on my localmachine but not when
uploaded to server.
Thanks.
The following is my code:
if(!empty($_GET['id'])){
$list_id = intval(($_GET['id']));
try {
$sql = 'SELECT * FROM items where id =' . $list_id;
$query = $pdo->prepare($sql);
$query->execute();
} catch(Exception $e) {
echo $e->getMessage();
die();
}
$list = $query->fetch(PDO::FETCH_ASSOC);
if ($list == FALSE) {
header("location: index.php");
}
}
if ($list_id == 0) {
header("location: index.php");
}
Seems there are a few issues here. I have added the comments inline.
if(!empty($_GET['id'])){
$list_id = intval($_GET['id']); //was double parenthesis here
try {
$sql = 'SELECT * FROM items where id =' . $list_id;
$query = $pdo->prepare($sql);
$query->execute();
} catch(Exception $e) {
echo $e->getMessage();
die();
}
$list = $query->fetch(PDO::FETCH_ASSOC);
$count = count($list); //count result and use for comparison instead of false
if ($count === 0) {
header("location: index.php");
exit;
}
} else {
header("location: index.php"); //if no $_GET, redirect
exit;
}
All you need to do is instantiate the variable $list_id :
$list_id = 0; // <-- HERE
if(!empty($_GET['id'])){
$list_id = intval(($_GET['id']));
...
...
It looks as though you want to redirect to the index if there is no id parameter. Since you already check for its presence, redirect in the else clause. Remove the last block and add:
else
{
header("location: index.php");
exit;
}
You may want to add exit; after the header() call in the if block as well, so that code that uses the database further down isn't executed.
Hello i have a weird scope problem
require 'connect.php';
$name = $_GET['R'];
echo $name;
if(isset($_POST['prev_password']) && isset($_POST['new_password']) && isset($_POST['rep_password'])) {
echo $name;
if(!empty($_POST['prev_password']) && !empty($_POST['new_password']) && !empty($_POST['rep_password'])) {
$user_password = $_POST['prev_password'];
$user_new_password = $_POST['new_password'];
$user_rep_password = $_POST['rep_password'];
if($user_new_password == $user_rep_password) {
$mysql_query = sprintf("SELECT username, password FROM users WHERE username='$name'", $name);
$query_run = mysql_query($mysql_query, $mysql_link) or die('COULD NOT PERFORM QUERY');
while($row = mysql_fetch_array($query_run)) {
$qUser_name = $row['username'];
$qUser_pass = $row['password'];
}
if($qUser_name == $name) {
echo 'Match';
if($qUser_pass == $user_password) {
$mysql_query = sprintf("UPDATE users SET password='$user_new_password' WHERE username='$name'", $name);
$query_run = mysql_query($mysql_query, $mysql_link) or die('COULD NOT PERFORM QUERY');
echo header('Location: main.php?C=1');
}else {
header('Location: main.php?C=4');
}
}
}else {
header('Location: main.php?C=3');
}
}else {
header('Location: main.php?C=2');
}
}
anyway, the problem is with the first variable $name, when i 'echo' $name its ok, displays the content correctly, but inside the (if sss) ITS EMPTY, idk why, i've tried using global, the GLOBALS array, and its still empty, ... so .. the query its executed with an empty parameter.
please help, if someone can see what could be possible wrong.
PD: this is a Changepassword.php the $_GET['R'] is getting from the user Main.php site, AND I KNOW, im not Hashing password,, that is not really the problem here