This noob to PHP is confusticated

Codes here !

Moderators: egami, macek, gesf

Post Reply
trunkles
New php-forum User
New php-forum User
Posts: 2
Joined: Sat Mar 25, 2017 3:20 pm

Sat Mar 25, 2017 3:40 pm

Hi folks.
What I'm trying to do is...

Code: Select all

begin
    Connect to a database
    Read table into an array

    display a login form
   
    if "login" is clicked
        if username & password verify then
            goto next screen
        else
            generate an error and wait for login to be clicked again
end
What I have so far is this, but I can't even get anything to display on the screen, not even the page title. I've obviously got something fundamental wrong but, being new to PHP, I can't see it. Anyone like to tell where I've been an idiot? :)

Here's the code I actually have.

Code: Select all

<?php
	ob_start();
	session_start();

    error_reporting(E_ALL);
    ini_set("display_errors", 1);
	
	$mysqli = new mysqli("localhost", "someuser", "somepassword", "somedatabase");
	if ($mysqli->connect_errno)
	{
		echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
	}

 	// $query = 'SELECT login, hash FROM users_users';
	// $result = $mysql_query($query) or die('Query failed: ' . mysql_error());
	$result = mysqli->query("SELECT login, hash FROM users_users");
?>



<html lang = "en">
   
   <head>
      <title>some title</title>
   </head>
	
   <body>
      
      <h2>Enter Username and Password</h2> 
      <div class = "container form-signin">
         
         <?php
		 	echo "In the php";
		 	// Locked, go away!
			if file_exists('lock')
			{
				header ('location: google.com');
			}
			
		 	$attempts = 0;
			$valid_user = false;
			
			while (!$valid_user)
				{
				if (isset(($_POST['login']))
				{
					// Too many tries, go away!
					if ($attempts > 2)
					{
						$lockfile = fopen('lock', 'a');
						fwrite($lockfile, $_SERVER['REMOTE_ADDR']);
						fclose($lockfile);
						$msg = 'Too many attempts, contact admin.';
						sleep(5);
						header ('location: google.com');
					}
					
					while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
					{
						if ($_POST['username'] == $line['login'] &&
						password_verify($_POST['password'], $line['hash']))
						{
							$_SESSION['valid'] = true;
							$_SESSION['timeout'] = time();
							$valid_user = true;
						}					
					}
				}

				$msg = '';
				
				$tstr = date('d/n/y H:i:s', time());		 
				$file = fopen('logfilelog', 'a');
				
				if ($file == false)
				{
					$msg = 'File i/o error, please contact admin.' . $tstr;
				}
				else
				{
					if ($valid_user == true)
					{
						fwrite($file, $tstr . " " . $POST['username'] . " logged in from " . $_SERVER['REMOTE_ADDR'] . "\n" );
						fclose( $file );
						header ('location: nextscreen.php');
					}
					else
					{
						$msg = $tstr .'Invalid username or password';
						fwrite($file, $tstr . " *** Invalid access with name". $POST['username'] . "from " . $_SERVER['REMOTE_ADDR'] . "***\n" );
						fclose( $file );
						$attempts++;
					}
				}
				mysql_free_result($result);

				mysql_close($link);
			}
		?>
      </div> <!-- /container -->
      
      <div class = "container">
      
         <form class = "form-signin" role = "form" 
            action = "<?php echo htmlspecialchars($_SERVER['PHP_SELF']); 
            ?>" method = "post">
            <h4 class = "form-signin-heading"><?php echo $msg; ?></h4>
            <input type = "text" class = "form-control" 
               name = "username" placeholder = "username = username" 
               required autofocus></br>
            <input type = "password" class = "form-control"
               name = "password" placeholder = "password = password" required>
            <button class = "btn btn-lg btn-primary btn-block" type = "submit" 
               name = "login">Login</button>
         </form>
			
         Click to logout <a href = "http://google.co.nz" tite = "Logout">Session.
         
      </div> 
      
   </body>
</html>

Flake
New php-forum User
New php-forum User
Posts: 8
Joined: Sat Mar 18, 2017 8:04 am

Sat Mar 25, 2017 7:53 pm

ob_start places all output in a buffer. You placed it in a buffer, but you forgot to flush it.
You could either remove the ob_start line or add ob_end_flush() to every exit point (right at the bottom of the scripts and above any exits).

trunkles
New php-forum User
New php-forum User
Posts: 2
Joined: Sat Mar 25, 2017 3:20 pm

Sat Mar 25, 2017 9:32 pm

Aha! Thank you, I shall try that. :)

User avatar
hyper
php-forum Active User
php-forum Active User
Posts: 498
Joined: Mon Feb 22, 2016 5:52 pm

Sun Mar 26, 2017 7:14 am

ob_start places all output in a buffer. You placed it in a buffer, but you forgot to flush it.
The buffer is flushed when the script finishes, any output generated is buffered in any case, in this instance ob_start() is used to prevent errors**.

Scratch your head over these lines:

Code: Select all

045 if (isset(($_POST['login']))

058 while ($line = mysql_fetch_array($result, MYSQL_ASSOC))

095 mysql_free_result($result);

097 mysql_close($link);
mysql_ function-name are different to mysqli; don't assume that changing a script to mysqli is just a case of adding an i on the end.

Code: Select all

047 header ('location: google.com');
**This line along, with the others "header ('location: xyz.xyz')" can cause a major headaches; and it is really really not a good idea to put them in the middle of html code.

User avatar
hyper
php-forum Active User
php-forum Active User
Posts: 498
Joined: Mon Feb 22, 2016 5:52 pm

Sun Mar 26, 2017 7:18 am

On another note:

Code: Select all

begin
    Connect to a database
    Read table into an array

    display a login form
   
    if "login" is clicked
        if username & password verify then
            goto next screen
        else
            generate an error and wait for login to be clicked again
end
Why do you connect to the database to begin with? read through your pseudo code again imagining the steps that are taken in the process.

Well done for using pseudo code to begin with 8)

Post Reply