BetterPHP

Hi

thank you so much for the tutorial! It is exactly what I have been looking for and it was a breeze following you through the 5 parts. Unfortunately it seems as if my php/connection to database isn't really working.

At first it was displaying the html just plain - meaning if I typed in something and hit enter it didn't do anything but loading a white page.

Then I must have changed something in the init.inc.php because now it doesn't do anything except displaying a plain white page when I open one of the documents (in firefox and safari). In Chrome I get the following:



It would be great if you guys could help me!
Than you so much again,

Jasper

//edited: replaced ' with `
//edited: Includes error reporting and few less minor code improvements

Login.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username / Password incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content=text/html; charset=utf-8" /">
		<link rel="stylesheet" type"text/css" href="ext/css/style.css" />
		<title></title>
	</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false){
				?>
				<ul>
					<?php
					
					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
			<?php
				
			}else{
				echo 'Need an account ? <a href="register.php">Register here</a>';
			}
			
			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<input type="submit" value="Login" />
			</p>
		</form>
	</body>
</html>

Logout.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

session_start();

$_SESSION = array();

session_destroy();

header('Location: protected.php');

?>

Register.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'The password verification failed.';
	}
	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken.';
	}
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content=text/html; charset=utf-8" /">
		<link rel="stylesheet" type"text/css" href="ext/css/style.css" />
		<title></title>
	</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false){
				?>
				<ul>
					<?php
					
					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
				<?php
			}
			
			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<label for="repeat_password">Repeat Password:</label>
				<input type="password" name="repeat_password" id="repeat_password" />
			</p>
			<p>
				<input type="submit" value="Register" />
			</p>
		</form>
	</body>
</html>

init.inc.php

<?php
ob_start();
session_start();
error_reporting(E_ALL);
ini_set('display_errors', '1');


$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'root', 'root');
mysql_select_db('user_system');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>

user.inc.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

//checks if the given username exists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == `1`) ? true : false;
}

//checks if the given username and password combination is valid.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = shal($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == `1`) ? true : false;
}

//adds a user to the database.
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = shal($pass);
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
} 

?>

protected.php

<?php 
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<title></title>
	</head>
	<body>
		<p>
			You are logged in as <?php echo $_SESSION['username']; ?>
		</p>
		<p>
			<a href="logout.php">Logout?</a>
		</p>
	</body>
</html>

The SQL highlighting makes it sort of hard to read but I'll try...

First, you want to remove connection details from your first code block.

In your second code block, all those apostrophes in your sql statements around column names and table names from your database are going to cause errors. Change them to backticks: `` and leave the variables alone, they're fine.

With all that, there really is no reason for a 500 error. You may want to check your .htaccess file (if applies) and see if there are any errors. It would help to know which code block is for which page.

Thanks a lot for the answer! My browser does show me the single pages the php still doesn't work - the html shows but there is no functionality.

Those are the connection details from my local mamp host. I don't know what you mean by removing them?
Do you mean from the internet, so that nobody can see them? In this case I don't really care because they are the standard user and password for every mamp user - so they are not particularly secret.
Or do you mean for some troubleshooting?


I replaced some (//:edited)

'

with

`

in the init.inc.php file. I also did it everywhere in this file (because I used the 'replace all function') - should I change that back or is it fine to use the same?

Here are all new code blocks with the file names:

Login.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username / Password incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content=text/html; charset=utf-8" /">
		<link rel="stylesheet" type"text/css" href="ext/css/style.css" />
		<title></title>
	</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false){
				?>
				<ul>
					<?php
					
					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
			<?php
				
			}else{
				echo 'Need an account ? <a href="register.php">Register here</a>';
			}
			
			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<input type="submit" value="Login" />
			</p>
		</form>
	</body>
</html>

Logout.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

session_start();

$_SESSION = array();

session_destroy();

header('Location: protected.php');

?>

Register.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'The password verification failed.';
	}
	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken.';
	}
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content=text/html; charset=utf-8" /">
		<link rel="stylesheet" type"text/css" href="ext/css/style.css" />
		<title></title>
	</head>
	<body>
		<div>
			<?php
			
			if (empty($errors) === false){
				?>
				<ul>
					<?php
					
					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}
					
					?>
				</ul>
				<?php
			}
			
			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<label for="repeat_password">Repeat Password:</label>
				<input type="password" name="repeat_password" id="repeat_password" />
			</p>
			<p>
				<input type="submit" value="Register" />
			</p>
		</form>
	</body>
</html>

init.inc.php

<?php
ob_start();
session_start();

error_reporting(E_ALL);
ini_set('display_errors', '1');

$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'root', 'root');
mysql_select_db('user_system');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>

user.inc.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

//checks if the given username exists in the database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == `1`) ? true : false;
}

//checks if the given username and password combination is valid.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = shal($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == `1`) ? true : false;
}

//adds a user to the database.
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = shal($pass);
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
} 

?>

protected.php

<?php 
error_reporting(E_ALL);
ini_set('display_errors', '1');

include('core/init.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<title></title>
	</head>
	<body>
		<p>
			You are logged in as <?php echo $_SESSION['username']; ?>
		</p>
		<p>
			<a href="logout.php">Logout?</a>
		</p>
	</body>
</html>

You completely mistook that unfortunately, and now quite clear you don't have error reporting on. Put this snippet at the top of your php on each page:

error_reporting(E_ALL);
ini_set('display_errors', '1');

Also undo all the backticks: ` except on column names and tables names in your SQL statements. You changed every apostrophe to backtick in all files, when only SQL will matter.

First of all, thank you so much for helping me out again!

The error reporting really is brilliant I completely coded along the tutorial and I still can't believe how many mistakes I made! I guess most of it is because I didn't quite understand what I was actually writing. For that reason I am also completing the courses at codeacademy now.

Thanks to the error reporting I undid a few errors but the following I have no idea how to deal with them and it would be fantastic if you could help me out.

Register.php


Protected.php/logout.php


Login.php


Thank you so much for your help!

PS: I edited all the code snippets above so I don't have to repost them - that way I try to keep this post a little tidier

If I can remember correctly, session_start() should be at the very top of the page, before any text is output.

I put session_start to the beginning right after the "php-opening-tag" and above the error reporting code. It changed the error to the following:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/wild/core/init.inc.php:2) in /Applications/MAMP/htdocs/wild/core/init.inc.php on line 3

All the other errors remain.

try adding

ob_start();

at the very top, before session_start.

Temor wrote:try adding

ob_start();

at the very top, before session_start.

I did that, but I still get an error:

could you post the updated version of init.inc.php?

Temor wrote:could you post the updated version of init.inc.php?

<?php
ob_start();
session_start();
error_reporting(E_ALL);
ini_set('display_errors', '1');


$exceptions = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'root', 'root');
mysql_select_db('user_system');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>

PS: I also edited the post above to be an updated version.

//Thank you so much for your help!

I noticed you're using backticks around variables in user.inc.php.
Those should be semi-quotes ( ' ).

For example, this:

 $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = `{$user}`");

Should be this:

 $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");

I also don't think you need to include the error_reporting function in every page. Just having it in init.inc.php should be enough.

I will keep staring at your code until I find what's wrong

I did change the backticks but I still get the errors - has the staring proven successful, yet? Thanks so much for the help again!

Tough one. It's most likely some small detail.

1. Make sure there are no spaces before the opening <?php tag.
2. You can remove the error reporting on any page already including init.inc.php
3. You still have backticks around the numbers in user.inc.php. You can leave them as numbers. No need for quotes or apostrophes around them

I have to say I'm stumped. It's probably a typo somewhere that is the cause.