Hi am very new to php. Am trying to make a login page I have wrote the program in a different file to the webpage. So I go to test, When I try and log in (using a username and password I have entered in to the database myself because I haven't even tried to sort the register form yet) the browser seems to send back the program file, which of course just shows up as a blank page.
This is code for the login program, there are codex errors but I can't see how they are I have high lighted them.
<?php
/* Program: Login.php
* Desc : Login program for members to login in to the members only section of FIFA SUPER LEAGUE. It provides two options: !. Login useing a existing Login Name or 2. Enter a new login name to be keep in the SQL Database.
*/
session_start();
include("zoom.inc");
switch (@$_POST['do'])
{
case "login":
$cxn = mysqli_connect($host, $user, $password, $database) or die ("Couldn't connect to server.");
$sql = "SELECT Username FROM users
WHERE Username='$_POST[Username]'";
$result = mysqli_query($cxn,$sql)
or die ("Couldn't execute query.");
$num = mysqli_num_rows($result);
if ($num > 0) // login name was found
{
$sql = "SELECT Username FROM users
WHERE Username='$_POST[Username]'
AND password=md5('$_POST[password]')";
$result2 = mysqli_query($cxn, $sql)
or die("Couldn't execute query 2.");
$num2 = mysqli_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['Username'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:i:s");
$sql = "INSERT INTO Login (Username, logintime) VALUES ('$logname', '$today')";
$result = mysqli_query($cxn, $sql)
or die("Can't execute insert query.")
header("Location: Memberhome.php"); ***********CODEX ERROR*********
}
else // password is not correct
{
$message="The Login Name, '$_POST[Username]' exists, but you have balls-up your password! Please try again. <br />";
include("League Login.php");
}
}
elseif ($num == 0) // login name not found
{
$message = "The Username you entered does not exist! Please try again.<br>";
include("League Login.php");
}
break;
case "new":
/* Check for blanks */
foreach($_POST as $field => $value)
{
if ($value == "")
{
$blanks[] = $field;
}
}
}
if(isset($blanks))
{
$message_new = "The following fields are blank. Get them filled in: ";
foreach ($blanks as $value)
{
$message_new .= "$value, ";
}
extract ($_POST);
include("League Login.php");
exit();
}
/* Validate data */
foreach($_POST as $field => $value)
{
if(!empty($value))
{
if (eregi("email",$field))
{
if(!ereg("^.+@.+\\..+$",$value))
{
$errors[] = "$value is not valid Email Address.";
}
}
if(eregi("phonenumber",$field))
{
if(!ereg("^[0-9)(xX -]{7,20}$", $value))
{
$errors[] = "$value is not a valid phone number. ";
}
}
} // end if empty
} // end foreach
if(@is_array($errors))
{
$message_new = "";
foreach($errors as $value)
{
$message_new .= $value." Please try again<br />";
}
extract($_POST);
include ("League Login.php");
exit();
}
/* clean data */
$cxn = mysqli_connect($host,$user,$password,$database);
foreach($_POST as $field => $value)
{
if($field != "Button" and $field != "do")
{
if($field == "password2")
{
$password = strip_tags(trim($value));
}
else
{
$fields[]=$field;
$value = strip_tags(trim($value));
$values[] = mysqli_real_escape_string($cxn,$value);
$$field = $value;
}
}
}
/* check whether user name already exists */
$sql = "SELECT Username FROM users WHERE Username = '$Username'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute select query.");
$num = mysqli_num_rows($result);
if ($num > 0)
{
$message_new = "$Username already taking. Select another Username.";
include("League Login.php");
exit();
}
/* Add nre member to database */
else
{
$today = date("Y-m-d");
$fields_str = implode(",",$fields);
$values_str = implode('","',$values);
$fields_str .=",createdate";
$values_str .='"'.",".'"'.$today;
$fields_str .=",password2";
$values_str .= '"'.","."md5"."('".$password."')";
$sql = "INSERT INTO users ";
$sql .= "(".$fields_str.")";
$sql .= " VALUES ";
$sql .= "(".'"'.$values_str.")";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute insert query.");
$_SESSION['auth']='Yes';
$_SESSION['logname'] = $Username;
/* send email to user */
$emess = "A new member account has been set up.";
$emess.= "Your new member ID and Password are: ";
$emess.= "/n/n/t$Username/n/t$password/n/n";
$ehead="From: support@fifasuperleague.co.uk/r/n";
$subj = "Your new member account from FIFA Super League";
$mailsnd=mail("$email","subj","$emess","$ehead");
header ("Location : new_member.php");
}
break;
default: ****** CODEX ERROR********
include("League Login.php");
} ******CODEX ERROR*******
?>
