BetterPHP

Hi everyone, forum newbie and going php crazy.

Spent the last 2 days trying to find out my mistakes and I'm going code blind, just can't see them, but it's not working so I've done something/s wrong obviously.

I've used the same file structure as in the tutorials, Parent: register.php, login.php, logout.php, protected.php, and core file: init.inc.php and inc file: user.inc.php - uploaded to the server, but when I try to access the pages I get this from firefox:



..cookies are enabled so that's not the problem, when i browse the register page from Dreamweaver I get this result:



..and when I browse the login page I get this result:



Just about to give up so if anyone could politely point out how stupid I am I would be very grateful. Code is as you see but with db info starred out.

All the best, love the tutorials just wish I could get it working.

login.php:

<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The Username cannot be empty.';
		}
	if (empty($_POST['password'])){
		$errors[] = 'The Password cannot be empty.';		
	}
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username / Password Incorrect.';
		}
    if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
										
		}
	
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>    <div>
          <?php

          if (empty($errors) === false){
			  ?>
              <ul>
                  <?php
				  
				  foreach ($errors as $error){
					  echo "<li>{$error}</li>";
				  }
				  
				  ?>
               </ul>
               <?php   
		  }else{
              echo 'Need an account ? <a href="register.php">Register here</a>';
          }
          
          ?>
         </div>
<form action="" method="post">
<p>
    <label for="username">Username:</label>
    <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
    </p>
    <p>
    <label for="password">Password:</label>
    <input type="password" name="password" id="password" />    
    </p>
    <p>
    <input type="submit" value="Login" />
    </p>    
    </form>
</body>
</html>

register.php

<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The Username cannot be empty.';
		}
			if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The Password cannot be empty.';
		}
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Password Verification Failed.';		
		}
	if (user_exists($_POST['username'])){
		$errors[] = 'The Username you entered is already taken.';
		}	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
		}
	}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<div>
    <?php

     if (empty($errors) === false){
		 ?>
         <ul>
              <?php
			  
			  foreach ($errors as $error){
                  echo "<li>{$error}</li>";
				  }
			  
			  ?>
         </ul>
         <?php
		 }

    ?>
</div>
<form action="" method="post">
<p>
    <label for="username">Username:</label>
    <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
    </p>
    <p>
    <label for="password">Password:</label>
    <input type="password" name="password" id="password" />    
    </p>
    <p>
    <label for="repeat_password">Repeat Password:</label>
    <input type="password" name="repeat_password" id="repeat_password" />   
    </p> 
    <p>
    <input type="submit" value="Register" />
    </p>    
    </form>
</body>
</html>

protected.php

<?php include('core/init.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

You are logged in as <?php  ?>
</body>
</html>

logout.php

<?php

session_start();
$_SESSION = array();

session_destroy();

header('Location: protected.php');

?>

init.inc.php

<?php

session_start();

$exceptions = array('register', 'login');

$page = substr(end(explode('/', $SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($SESSION['username']) === false){
		header('location: login.php');
		die();
	}
}

mysql_connect('localhost', '******', '**********');
mysql_select_db('********');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>

user.inc.php

<?php

// checks if the given username exists in the database.
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
	}
// checks if the given username and password combination is valid.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);	
	$pass = sha1($pass);	
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");	
	
	return (mysql_result($total, 0) == '1') ? true : false;		
}
// adds a user to the database.
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
	
}
?>

Just to add, it might help, I downloaded XAMPP this afternoon - and clicking on all the files (except one) from the Parent directory I get the same FF message:

The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.

..but on clicking init.inc.php I get:

Object not found!

The requested URL was not found on this server. The link on the referring page seems to be wrong or outdated. Please inform the author of that page about the error.

The file is definitely there, driving me crazy !!!

just something that might help. Did the login system work before you added the cookie. It might help to locate the errors

Hi, I just copied the code line by line following the tutorials, is there a cookie? I confess in parts I did turn the volume down - he does waffle sometimes

I found out the 'BIG' problem I missed out the _ from $_SERVER in the init.inc file, now things have improved a lot, but I'm getting now:



.. when opening register, login, protected, and logout pages, using xampp. The connect is fixed (used wrong password) but a bit lost with the first 3 lines??

It's ok I'm there now, I think.

keithlight wrote:Hi, I just copied the code line by line following the tutorials, is there a cookie? I confess in parts I did turn the volume down - he does waffle sometimes

He also reads the forum

I especially like the part where you waffle on explaining that you won't be waffling on, priceless

Jokin' aside, thanks for your hard work, I'm moving onto the security tutorials now, so guess I'll be back in the forum very soon

All the best. K.

Just an update, made a glaring mistake by missing out a whole line in init.inc but all working fine now.

But, with xampp I get:

Strict Standards: Only variables should be passed by reference in D:\xampp\htdocs\myprojects\core\init.inc.php on line 7

.. but don't get this using my website server, do I need to correct something?

ATB K.

keithlight wrote:Just an update, made a glaring mistake by missing out a whole line in init.inc but all working fine now.

But, with xampp I get:

Strict Standards: Only variables should be passed by reference in D:\xampp\htdocs\myprojects\core\init.inc.php on line 7

.. but don't get this using my website server, do I need to correct something?

ATB K.

You can safely disable those messages, in your php.ini set

[syntax]error_reporting = E_ALL[/syntax]

Thanks Jacek, will do