a very simple problem .. help meee

[lofaif]

hello ! .. im a newi .. and i tried for a long time to fix this , its about comparison between the <form> information about the user and the actually information in the database ... LOGIN problem

everytime he redirecty me to the main_page.php

 

here is the proccesing code :

 

 

<?php require_once("includes/connection.php");?>

<?php require_once("includes/functions.php");?>

<?php

//to redirect u if u make an error !

global $errors;

$errors=array();

$fields_array=array('user_name','user_password');

foreach($fields_array as $field){

if(!isset($_POST[$field]) || empty($_POST[$field])){

$errors[]=$field;

}}

if(!empty($errors)){

header("Location: errors.php");

exit;

}

?>

<?php

$user_name=mysql_prep($_POST['user_name']);

$user_password=mysql_prep($_POST['user_password']);

?>

<?php

$result=mysql_query("SELECT * FROM users",$connection);

if(!$result){

die("Database query failed: " . mysql_error());}

?>

<?php

while($row=mysql_fetch_array($result)){

$user_ver=array($row['user_name'],$row['user_password']);

if($user_ver[0]==$user_name AND $user_ver[1]==$user_password){

header("Location: login_suc.php");

exit;

}}

header("Location: main_page.php");

exit;

 

?>

 

<?php

mysql_close($connection);

?>

[AyKay47]

1. using global the way you do does nothing, and should be avoided.. where you have declared $errors automatically makes it available in the global scope..

 

2. mess of code there really, this begins with your query.. what I suggest doing is using the user input for user_name and password and check those values with the appropriate table..

 

$user_name = $_POST['user_name'];
$password = $_POST['user_password'];
$result=mysql_query("SELECT * FROM users WHERE user_name = '$user_name' AND user_password = $password",$connection);
if(mysql_num_rows($result) == 0){ // user doesn't exist

}else{ //user does exist

}

 

something like that..

 

3. where are you actually being redirected?

[Psycho]

1. using global the way you do does nothing, and should be avoided.. where you have declared $errors automatically makes it available in the global scope..

 

What are you talking about? You must be thinking of JavaScript where defining a variable outside any function will give it global scope. That is NOT true for PHP.

$foo = "bar";

function echoFoo()
{
    echo "The value of foo is $foo";
}

echoFoo(); //Output: The value of foo is

[Psycho]

OK, now to comment on the code. There are problems. The first order of business is to properly structure your code so you can visualize the logical flow.

 

Some issues I see:

 

1. You are querying the DB for ALL records and then trying to match them in PHP code. You only need to query the DB for the ONE record you are looking for then check if there was a record returned.

 

2. Since you don't appear to be using anything in the include files for the validation, move the includes() until after the validation is completed.

 

3. If you are not going to use the errors array, then you don't need it. You could simply do the redirect as soon as the first validation error is triggered. Personally I would use the errors array to display the errors the user made, but your current implementation does a header redirect so you lose all that information.

 

4. Since you are doing a redirect and exit for all the conditions the mysql_close() function never gets run. But, that's ok. However, you should really find a better way of displaying the results without using die() for the error conditions.

 

5. You should not be storing the password in clear text. You should be hashing the password with a salt.

 

Revised code

<?php

//The fields to validate
$fields_array = array('user_name', 'user_password');

foreach($fields_array as $field)
{
    //Trim POST values so value with only spaces is not considered valid
    $field = trim($field);
    if(!isset($_POST[$field]) || empty($_POST[$field]))
    {
        header("Location: errors.php");
        exit;
    }
}

//Move connection/functions down here since you only need
//to runthem if validation above passes
require_once("includes/connection.php");
require_once("includes/functions.php");

$user_name = mysql_prep($_POST['user_name']);
$user_password = mysql_prep($_POST['user_password']);

$query = "SELECT *
          FROM users
          WHERE user_name = '{$user_name}'
            AND user_password = '{$user_password}'";
$result = mysql_query($query, $connection);
if(!$result)
{
    die("Database query failed: " . mysql_error());
}
elseif(mysql_num_rows($result)==0)
{
    //No matching record
    header("Location: main_page.php");
    exit;
}
else
{
    //Match found
    header("Location: login_suc.php");
    exit;
}

?>

[Psycho]

Edit: Deleted

[AyKay47]

custom functions are the exception..

[Psycho]

custom functions are the exception..

 

Again, what are you talking about? Either a variable has global scope or it doesn't. If you look at the manual for variable scope all the examples have to do with whether or not the variable has scope within functions/classes. To say that the variable $errors (inthe code posted by the OP) has global scope is patently false.

 

http://php.net/manual/en/language.variables.scope.php

[AyKay47]

meh I had my mind on C for some reason..

I do not need to read references from the manual.. I have read the entire document

[Psycho]

meh I had my mind on C for some reason..

I do not need to read references from the manual.. I have read the entire document

I didn't tell you to go read the document. I provided the link for reference for anyone reading this post. Posting misinformation is very detrimental.

[AyKay47]

ok lets get back on track here..

[Psycho]

ok lets get back on track here..

 

There is nothing to get back on track with. I have already provided a solution via improved code. It was only taken off track because of misinformation which I had to correct multiple times.

 

However, to directly respond to the original issue, the problem was likely due to this

$result=mysql_query("SELECT * FROM users",$connection);
// . . . 
while($row=mysql_fetch_array($result)){
$user_ver=array($row['user_name'],$row['user_password']);
if($user_ver[0]==$user_name AND $user_ver[1]==$user_password){

 

Since the OP was using * in the SELECT query and then referencing the fields by their order index (i.e. 0, 1) I suspect that the first two field in the query were not the username and password. That is why you should almost always:

1) List out the fields you need in the SELECT query

2) Reference the fields from the query by name (I always use mysql_fetch_assoc())

[AyKay47]

you ramble too much

[jcbones]

I thought Mj did a great job on this whole thread.  Can't we all just get along?

[Psycho]

you ramble too much

 

Really? Every response I have made in this thread has been in respect to the OP's original question or to correct misinformation that you provided. That is, until this specific post, to respond to your derogatory comment. Whereas, you have had five individual responses in this thread and FOUR of those have had nothing to do with promoting the resolution of the issue or provide any meaningful information.

 

custom functions are the exception..

meh I had my mind on C for some reason..

I do not need to read references from the manual.. I have read the entire document

(note: "reading" != "comprehending")

ok lets get back on track here..

you ramble too much

 

If you have a problem with me, take it up in a PM or the Admins.

[AyKay47]

mj is great and I think very highly of him.. this was a simple mistake in wording that can happen, im not perfect.. what I meant is any variable that is declared in the scope of the page can be used at anytime in that page as long as the code is written in the local scope of the page, the exception is of course if there is a custom function present, which has its own local scope.. but in this particular code there is not so it doesn't apply. A simple correction was all that was needed here..

 

Edit: my apologies for the last comment mj, I myself prefer for discrepancies to be taken care of via private message instead of in the thread.. I made a mistake, thank you for pointing it out..

[lofaif]

??

 

thanks guys !!! ive solved the problem !