Thread: Php Script Problem

Well, from first glance, assuming whatever it is you're doing with if($_POST['check']) (you should've posted the form code as well) is okay, you might have a problem with your blocks.

You have a while loop, which closes but then there is an if clause around it, which also needs to close before the "else" you've placed. You seem to have thrown the needed closing bracket to the bottom of the script.

So basically you need:

Code:

if ($name_check == 1 && $pass_check == 1) {
** while ($i_view = mysql_fetch_array($info_view)) {
** print $i_view['user']."<br>";
** print $i_view['pass']."<br>";
} /// <- That's the while loop closing.
} else { /// <- Need to close the if before the else.
echo "Why didn't you work?"; }
}

Then, one of the brackets at the bottom needs to be deleted.

Alright, I'll give that a go and see what works. Anyway, the form code is just this:

Code:

<form id='1' method='post' action=''>
<input type='text' name='user' /> <br>
<input type='password' name='pass' /><br>
<input type='submit' name='check' value='Check' >
</form>

Would me using action='' mess up the script any? I've seen it used in other scripts like that, and the script still function just fine.

edit:

Ok, when what you suggested didn't fix the problem (although it made my echo 'why won't you work' part work), I changed my if statement to say >= 1 rather than == 1, and that worked. However, now, its just echoing out the fields that match just the password, rather than the field that matches both the username AND password.

Well, for the first part, you should use:

Code:

<?php
<form action = '" . $_SERVER['PHP_SELF'] . "?act=1'>
?>

That's an example but that's the way it can be done. Then, instead of checking if($_POST['check']), you check if($_POST['act']). I'm not sure whether the previous method is just as fine but this is how I do it; let the script handle the action in general.

For the latter part, what you're doing is rather odd. I'm not quite sure why you thought up this idea. Perhaps I'm not understanding it fully. But if you wish to show a user his user name and password, then you should go somewhere along the lines of:

Code:

mysql_query("select * from tablename where user = '" . $user . "' and pass = '" . $pass . "'");

Not sure why you would want to use that whole LIKE comparison since you're going to show an exact user his exact info and such. But aye, there it is, hope that helps.

well, to be quite honest, I was approached by a friend who wanted me to do it for him, but I became stuck and couldn't figure it out.

Doesn't the WHERE have to be in ( ) thingies?

edit: I just found the problem why it was giving me an error... it was a stupid parse error.. my host refuses to tell me if any errors exist in the script. Is there a way I can force it to tell me rather than just the page going blank?

Edit 2:

Ok, the problem is now, its still printing out the information from whatever field the password matches. I need it to print out only the information from the row that the username AND password match... Heres my script so far:

Code:

<form id='1' method='post' action=''>
<input type='text' name='user' /><br />
<input type='password' name='pass' /><br />
<input type='submit' name='check' value='Check'>
</form>
<?PHP
$user = addslashes(strip_tags($_POST['user']));
$pass = addslashes(strip_tags($_POST['pass']));
 if ($_POST['check']) {
 $name_check = @mysql_num_rows(mysql_query("SELECT * FROM `tablename` WHERE ( `user` LIKE '".$user."')"));
 $pass_check = @mysql_num_rows(mysql_query("SELECT * FROM `tablename` WHERE ( `pass` LIKE '".$pass."')"));
 $info_view = mysql_query("select * from `tablename` where ( user = '" . $user . "' and pass = '" . $pass . "')") or die(mysql_error());
**if ($name_check >= 1 && $pass_check >= 1) {
** while ($i_view = mysql_fetch_array($info_view)) {
** print $i_view['user']."<br>";
** print $i_view['pass']."<br>";
 }
 }
 else {
 echo "Please work :("; }
}
 ?>

No, where doesn't use brackets.
As for the end goal...I'm still not understanding. You want to "print out only the information from the row that the username AND password match" - do you mean the user name has to match the password? As in, if the user name is "newbie" and the password is "newbie"?
The query I provided will select the row that has the user name and password that was input via the form.

Your whole num_rows checking and everything that has to do with $name_check and $pass_check isn't making much sense to me. You're working with a given user name and password. If you want to select those out of the database table then you use the query I provided. If you want to select all rows where the user name matches the password then...why would you need a user's input anyway?

well, what I would like it to do, is make it kind of like a login script:

Username : NewAge541
Password: abcdefg (note, not my real password)

If when I enter those into the field, and both match the registered information in the database, it would print the entered username and password.

Currently, I have 2 Entries in my database, one is the above I posted, another is the same, except the password is 'abcdefgh' . If I entered the 2nd password, and the wrong username, the script prints out the information in the row that matches the 2nd password. I need it to check if both the username and password exist in the same row, and if they do, print out the information from that row.

Edit:

The name and pass check was to just check if the information even existed in the database, and if they did, then proceed to print the information selected with my $info_view query.

That's exactly what the query I provided will do.
Here it is again:

Code:

mysql_query("select * from tablename where user = '" . $user . "' and pass = '" . $pass . "'");

There's no need to check whether something exists. Just use the query and then check if it returns anything, that's far simpler.
But aye, that above query will do what you want - it selects the row from the table that has the username and password that were entered in the form. Thus, unless you didn't set the username field as a unique key, you'll always get one row, the one you need.

Originally posted by Merlock
<?php
<form action = &#39;" . &#036;_SERVER[&#39;PHP_SELF&#39;] . "?act=1&#39;>
?>

Uh, no. You can&#39;t <?php and then randomly insert HTML.

I forgot the echo. Was going to add something else but left it out along with it. Ignore the php tags and imagine the echo...aye.

Anyway, how goes the coding, NewAge?

Originally Posted by Merlock

Thus, unless you didn&#39;t set the username field as a unique key, you&#39;ll always get one row, the one you need.[/b]

Currently, in my database, I have 3 fields:

Id - user - pass

I have the Id field set to my Primary, but the user and pass field aren&#39;t set to anything. Should the username field be set to a unique key?

Aye, and the password should technically be encrypted. You&#39;ll probably want:

id int not null primary key
user varchar(20) not null unique key
pass char(32) binary not null

Then the usernames will be unique and the passwords you can store via md5 hashes.
Thus, when selecting with the query you&#39;d make a query like:
select * from tablename where user = "admin" and pass = md5("mypass")
There you&#39;re using the built-in MySQL md5 function and checking the entered password against the stored hash.

I originally had it stored as md5, but undid it for the echo thing so that I could see what password it was putting out for sure.

Anyway, im not entirely sure what your talking about with the query. Should I do it like:

select * from tablename where user = "&#036;user" and pass = md5("&#036;pass")

Or should I leave the fields it checks as &#39;admin&#39; and &#39;mypass&#39;?

Aye, that was just a loose example. Use that query and place variables in it when in the script. Get your mind thinking along the track of how it&#39;s supposed to work.

Ok well I don&#39;t have time to do that tonight, but I&#39;ll give it a go in the morning and hope for the best.