Jump to content

Cannot get pass on the if variable


mark103

Recommended Posts

Hi guys,

 

I need your help, I have got a problem with the if statement. When I don't insert the pass function in the url like this:

 

http://www.mysite.com/myscript.php?image=myimagelocation&strings=mystrings&user=test

 

I will get this on my php page:

 

PASSWORD are missing

 

 

<?php
session_start();
    define('DB_HOST', 'localhost');
    define('DB_USER', 'mydbusername');
    define('DB_PASSWORD', 'mydbpass');
    define('DB_DATABASE', 'mydbname');
       
    $errmsg_arr = array();
    $errflag = false;

    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
  die('Failed to connect to server: ' . mysql_error());
    }

    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {

die("Unable to select database");
    }

   function clean($var){

return mysql_real_escape_string(strip_tags($var));
    }
    $image = clean($_GET['image']);
    $strings = clean($_GET['strings']);
    $username = clean($_GET['user']);
    $pass = clean($_GET['pass']);


    if($username == '' && $pass) {
  $errmsg_arr[] = 'username are missing';
  $errflag = true;
     }elseif($username && $pass =='') {
  $errmsg_arr[] = 'PASSWORD are missing';
  $errflag = true;
    }
    if($username == '' && $pass == '') {
  $errmsg_arr[] = 'username or password missing';
  $errflag = true;
    }

    if($errflag) {
  $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
  echo implode('<br />',$errmsg_arr);
   }
   else {


$insert = array();
if(isset($_GET['image'])) {
    $insert[] = 'image = \'' . clean($_GET['image']) . '\'';
}
if(isset($_GET['strings'])) {
    $insert[] = 'strings = \'' . clean($_GET['strings']) . '\'';
}
if(isset($_GET['user'])) {
    $insert[] = 'user = \'' . clean($_GET['user']) .'\'';
}
if(isset($_GET['pass'])) {
    $insert[] = 'pass = \'' . clean($_GET['pass']) . '\'';
}



if (count($insert)>0) {
   $names = implode(',',$insert);

$required_fields = array('image', 'strings', 'user');

if($image && $strings && $username) {
  echo "working 1";
} elseif($username && $pass) {
  echo "working 2";
  }
}
}
?>

 

 

Do anyone know how to fix this?

Link to comment
Share on other sites

The else if statement is checking if your password is set from the GET in the URL.

 

If you don't pass it in the URL it will throw that error.

 

If you don't want people to see the password in the URL you could use POST instead.

 

If you want to get rid of it remove the elseif or set the $errflag variable to false.

 

Probably defies the point though.

 

Not sure exactly what you're trying to accomplish, sorry if i've misunderstood.

Link to comment
Share on other sites

That's because your password IS missing.  You are trying to GET $pass.  But $pass is not being passed through your URL.

 

Why not authenticate the user separately, set a session, then do what you want with the remainder of the script?

Link to comment
Share on other sites

The else if statement is checking if your password is set from the GET in the URL.

 

If you don't pass it in the URL it will throw that error.

 

If you don't want people to see the password in the URL you could use POST instead.

 

If you want to get rid of it remove the elseif or set the $errflag variable to false.

 

Probably defies the point though.

 

Not sure exactly what you're trying to accomplish, sorry if i've misunderstood.

 

Thanks for your suggest. I need to keep the else if statement because if the clients insert the empty array of the user or pass then I want to throw that error. What I want to do is to get checking if the user and password is set from the GET in the URL whether if they are empty then throw the error. The same things that it goes for the image, strings and the user.

 

Here's an example:

 

if the clients insert the user and pass in the URL, i want to get them checking whether if they are empty or not then throw the error that says "username or password are missing".

 

if the clients insert the image, strings and user in the URL without the pass, i want to get them checking whether if they are empty or not then throw the error that says "image, strings or username are missing".

 

I hope you get this.

Link to comment
Share on other sites

Yeah i understand a little better now thanks.

 

Only one way i can think of doing it at the minute.

 

Possibly wrap those if statements in another to check that both the user and pass GET variables are set before going into that verification.

 

Like this:

<?php
session_start();
    define('DB_HOST', 'localhost');
    define('DB_USER', 'mydbusername');
    define('DB_PASSWORD', 'mydbpass');
    define('DB_DATABASE', 'mydbname');
       
    $errmsg_arr = array();
    $errflag = false;

    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
  die('Failed to connect to server: ' . mysql_error());
    }

    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {

die("Unable to select database");
    }

   function clean($var){

return mysql_real_escape_string(strip_tags($var));
    }
    $image = clean($_GET['image']);
    $strings = clean($_GET['strings']);
    $username = clean($_GET['user']);
    $pass = clean($_GET['pass']);

if (isset($_GET['user'])) && (isset($_GET['pass'])) {
    if($username == '' && $pass) {
  $errmsg_arr[] = 'username are missing';
  $errflag = true;
     }elseif($username && $pass =='') {
  $errmsg_arr[] = 'PASSWORD are missing';
  $errflag = true;
    }
    if($username == '' && $pass == '') {
  $errmsg_arr[] = 'username or password missing';
  $errflag = true;
    }
}
    if($errflag) {
  $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
  echo implode('<br />',$errmsg_arr);
   }
   else {


$insert = array();
if(isset($_GET['image'])) {
    $insert[] = 'image = \'' . clean($_GET['image']) . '\'';
}
if(isset($_GET['strings'])) {
    $insert[] = 'strings = \'' . clean($_GET['strings']) . '\'';
}
if(isset($_GET['user'])) {
    $insert[] = 'user = \'' . clean($_GET['user']) .'\'';
}
if(isset($_GET['pass'])) {
    $insert[] = 'pass = \'' . clean($_GET['pass']) . '\'';
}



if (count($insert)>0) {
   $names = implode(',',$insert);

$required_fields = array('image', 'strings', 'user');

if($image && $strings && $username) {
  echo "working 1";
} elseif($username && $pass) {
  echo "working 2";
  }
}
}

 

Not sure if it's good practice to do it that way but i'm still learning :)

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.