Hello Guest, please login or register.
Did you miss your activation email?
Login with username, password and session length.

Pages: [1]   Go Down

Author Topic: Small PHP bug with big error.  (Read 3672 times)

0 Members and 1 Guest are viewing this topic.

PoeFacedKilla

Prussian Killer Bee
Small PHP bug with big error.
« on: February 27, 2014, 02:31:42 am »
  • *
  • Reputation: +0/-0
  • Offline Offline
  • Gender: Male
  • Posts: 269
Ok so i've got to websites running side by side and am trying to build a master login but its giving me a blank screen on one site (errors turned on) but works perfectly on the other.

Here are the two files that are all that is on one site that errors out, but when put atop the code of another works perfectly:

indy.init.php
Code: [Select]
<?php

session_start(); 
date_default_timezone_set("America/Chicago");
   require(
'.../includes/connect.php');

$res mysql_query("SELECT * FROM `user_logged` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."' LIMIT 1");
$que mysql_fetch_array($res);


if( ( !( isset( $_COOKIE['id'] ) ) ) && ( mysql_num_rows$res ) < ) )
{

$user_logged 'N';
$user 1;
setcookie("id"""time()-3600);

} else if( ( !( isset( $_COOKIE['id'] ) ) ) && ( mysql_num_rows$res ) > ) )
{

   setcookie("id"$que['id'], time()+3600);
   header("Location: /index.php");
   exit;

} else if( isset( $_COOKIE['id'] ) && ( mysql_num_rows$res ) > ) )
{

$user_logged $_COOKIE['id'];
$result[0] = mysql_query("SELECT * FROM `indy_users` WHERE `id` = '" $_COOKIE['id'] . "' LIMIT 1");
$row[0] = mysql_fetch_array$result[0] );
$user = array(

"name" => $row[0]['name'],
"email" => $row[0]['email'],
"class" => $row[0]['class']

);

} else if( isset( $_COOKIE['id'] ) && ( mysql_num_rows$res ) < ) && ( $que['logout'] == FALSE ) ) // Logout Bug, Fixed
{

   $user_logged 'N';
$user 1;
setcookie("id"""time()-3600);

} else if( isset( $_COOKIE['id'] ) && ( mysql_num_rows$res ) < ) && ( $que['logout'] == TRUE ) )
{

   mysql_query("INSERT INTO `user_logged` (`id` ,`ip` ,`user_id`) VALUES (NULL , '".$_SERVER['REMOTE_ADDR']."', '".$row['id']."')");
   header("Location: /index.php");
   exit;

}

function getUserData($arg1,$arg2)
{

$result[0] = mysql_query("SELECT * FROM `indy_users` WHERE `id` = '" $arg1 "' LIMIT 1");
$row[0] = mysql_fetch_array$result[0] );
return $row[0][$arg2];

}

// Make Sure Their is No God Damned Cache Storing my !@#$%
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

?>


Check.login.php
Code: [Select]
<div id="user_log" align="left">
<?php

if( $user_logged == 'N')
{

print "<form action=\"http://board.indyprogramming.co/user.login.php\" method=\"post\">\n";

print "Username: <input type=\"text\" name=\"name\" /> \n";

print "Password: <input type=\"password\" name=\"pass\" /> \n";

print "<input type=\"submit\" value=\"Go!\" />\n";

print " .:. <a href=\"main.register.php\">Register</a></form>\n";

} else
{

print $user['name'] . "\n";

print " .:. <a href=\"http://".$_SERVER['HTTP_HOST']."/main.logout.php\">Logout</a>\n";


}

?>

</div>
No errors at all, so i'm guessing a theory error but i'm so tired right now I can't see it.  I figured i'd post it up and hope someone can help.

Oh and on the error site the only page is like this:
Code: [Select]

<?php

   
include ".../connect.php";
   include 
".../indy.init.php";
   include 
".../check.login.php";

?>



?>

[/code]
« Last Edit: February 27, 2014, 02:33:51 am by linkthemaster »
Logged
the Indyboard - User Generated Social Forum | Now With Even More Discussion!
Poe, The Independent Programmer
  • Zelda Shrine
Re: Small PHP bug with big error.
« Reply #1 on: February 27, 2014, 03:38:47 pm »
  • Minalien
  • *
  • Reputation: +10/-1
  • Offline Offline
  • Gender: Female
  • Posts: 2119
First of all, why are you using ...? That should be .., if you're trying to go one directory above your current one.

Second, look at the top of your first block of code, vs. the third block. In one, you're doing "../includes/connect.php", and in the other you're just doing "../connect.php" - so in the case of the last code block, your PHP file would have to be includes/somesubdirectory/file.php in order to work.

Finally, I really suggest restructuring your code in your first block (namely, your if statements). You keep checking some of the same variables in each else if.
Logged
Quote
There's such a double standard about religion in the modern world. Catholics can gather, wear white robes, and say "In nomine Patris, et Filii, et Spiritus Sancti" and be considered normal.

But if my friends and I gather, wear black robes, and say  "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn", we're considered cultists.
  • Development Blog

AJAX

Re: Small PHP bug with big error.
« Reply #2 on: March 05, 2014, 07:51:12 pm »
$res = mysql_query("SELECT * FROM `user_logged` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."' LIMIT 1");

I do not know if this is such a good idea, to inline pull down global vars in use them in a query like that. Also, I'd even come to question why you're verifying a session through an IP rather than a session hash.

Even if they lack an account, you can still generate a cookie-driven session that can be persistent with a session hash.

$user_logged would serve you better as a boolean, so "TRUE" or "FALSE" rather than a string type. It's easier to work with when you do your condition checking, and there are probably other maintenance-related things in there that'd help you.

I highly discourage against the use of mysql versus mysqli. If you want to access a database, doing an abstraction layer from your database calls would be the first step. (If you do not know what that is, just mention that and I will explain it in a future post) And when you do call your SQL server directly, if it is mysql, do mysqli as it is both object oriented(can be used in the standard procedural fashion too) and it is supported/secure. mysql has not been updated for quite some time and it's going to be deprecated in future versions of PHP. I don't see this happening anytime soon though, or at least in the 5.x branch.

Also sanitize your input. None of it is and that's asking for an ass-kicking. Even if you're feeding in an id from a cookie, it's easily changeable to a string that'll break your query and allow people to input their own queries within your code.

I'm assuming you're doing this as a learning exercise. If you plan on using a production site with this codebase, you're wasting your time. There are other frameworks out there that are well-maintained that you can use which already cover all of these. Just don't use SMF.
Logged
Pages: [1]   Go Up

 


Contact Us | Legal | Advertise Here
2013 © ZFGC, All Rights Reserved



Page created in 0.038 seconds with 40 queries.