Resources > Coding

Small PHP bug with big error.

(1/1)

PoeFacedKilla:
Ok so i've got to websites running side by side and am trying to build a master login but its giving me a blank screen on one site (errors turned on) but works perfectly on the other.

Here are the two files that are all that is on one site that errors out, but when put atop the code of another works perfectly:

indy.init.php

--- Code: ---<?php

session_start(); 
date_default_timezone_set("America/Chicago");
   require('.../includes/connect.php');

$res = mysql_query("SELECT * FROM `user_logged` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."' LIMIT 1");
$que = mysql_fetch_array($res);


if( ( !( isset( $_COOKIE['id'] ) ) ) && ( mysql_num_rows( $res ) < 1 ) )
{

$user_logged = 'N';
$user = 1;
setcookie("id", "", time()-3600);

} else if( ( !( isset( $_COOKIE['id'] ) ) ) && ( mysql_num_rows( $res ) > 0 ) )
{

   setcookie("id", $que['id'], time()+3600);
   header("Location: /index.php");
   exit;

} else if( isset( $_COOKIE['id'] ) && ( mysql_num_rows( $res ) > 0 ) )
{

$user_logged = $_COOKIE['id'];
$result[0] = mysql_query("SELECT * FROM `indy_users` WHERE `id` = '" . $_COOKIE['id'] . "' LIMIT 1");
$row[0] = mysql_fetch_array( $result[0] );
$user = array(

"name" => $row[0]['name'],
"email" => $row[0]['email'],
"class" => $row[0]['class']

);

} else if( isset( $_COOKIE['id'] ) && ( mysql_num_rows( $res ) < 1 ) && ( $que['logout'] == FALSE ) ) // Logout Bug, Fixed
{

   $user_logged = 'N';
$user = 1;
setcookie("id", "", time()-3600);

} else if( isset( $_COOKIE['id'] ) && ( mysql_num_rows( $res ) < 1 ) && ( $que['logout'] == TRUE ) )
{

   mysql_query("INSERT INTO `user_logged` (`id` ,`ip` ,`user_id`) VALUES (NULL , '".$_SERVER['REMOTE_ADDR']."', '".$row['id']."')");
   header("Location: /index.php");
   exit;

}

function getUserData($arg1,$arg2)
{

$result[0] = mysql_query("SELECT * FROM `indy_users` WHERE `id` = '" . $arg1 . "' LIMIT 1");
$row[0] = mysql_fetch_array( $result[0] );
return $row[0][$arg2];

}

// Make Sure Their is No God Damned Cache Storing my !@#$%
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

?>

--- End code ---

Check.login.php

--- Code: --- <div id="user_log" align="left">
<?php

if( $user_logged == 'N')
{

print "<form action=\"http://board.indyprogramming.co/user.login.php\" method=\"post\">\n";

print "Username: <input type=\"text\" name=\"name\" /> \n";

print "Password: <input type=\"password\" name=\"pass\" /> \n";

print "<input type=\"submit\" value=\"Go!\" />\n";

print " .:. <a href=\"main.register.php\">Register</a></form>\n";

} else
{

print $user['name'] . "\n";

print " .:. <a href=\"http://".$_SERVER['HTTP_HOST']."/main.logout.php\">Logout</a>\n";


}

?>
</div>

--- End code ---
No errors at all, so i'm guessing a theory error but i'm so tired right now I can't see it.  I figured i'd post it up and hope someone can help.

Oh and on the error site the only page is like this:

--- Code: ---
<?php

   include ".../connect.php";
   include ".../indy.init.php";
   include ".../check.login.php";

?>


--- End code ---

?>

[/code]

Cassyblanca:
First of all, why are you using ...? That should be .., if you're trying to go one directory above your current one.

Second, look at the top of your first block of code, vs. the third block. In one, you're doing "../includes/connect.php", and in the other you're just doing "../connect.php" - so in the case of the last code block, your PHP file would have to be includes/somesubdirectory/file.php in order to work.

Finally, I really suggest restructuring your code in your first block (namely, your if statements). You keep checking some of the same variables in each else if.

AJAX:
$res = mysql_query("SELECT * FROM `user_logged` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."' LIMIT 1");

I do not know if this is such a good idea, to inline pull down global vars in use them in a query like that. Also, I'd even come to question why you're verifying a session through an IP rather than a session hash.

Even if they lack an account, you can still generate a cookie-driven session that can be persistent with a session hash.

$user_logged would serve you better as a boolean, so "TRUE" or "FALSE" rather than a string type. It's easier to work with when you do your condition checking, and there are probably other maintenance-related things in there that'd help you.

I highly discourage against the use of mysql versus mysqli. If you want to access a database, doing an abstraction layer from your database calls would be the first step. (If you do not know what that is, just mention that and I will explain it in a future post) And when you do call your SQL server directly, if it is mysql, do mysqli as it is both object oriented(can be used in the standard procedural fashion too) and it is supported/secure. mysql has not been updated for quite some time and it's going to be deprecated in future versions of PHP. I don't see this happening anytime soon though, or at least in the 5.x branch.

Also sanitize your input. None of it is and that's asking for an ass-kicking. Even if you're feeding in an id from a cookie, it's easily changeable to a string that'll break your query and allow people to input their own queries within your code.

I'm assuming you're doing this as a learning exercise. If you plan on using a production site with this codebase, you're wasting your time. There are other frameworks out there that are well-maintained that you can use which already cover all of these. Just don't use SMF.

Navigation

[0] Message Index


Contact Us | Legal | Advertise Here
2013 © ZFGC, All Rights Reserved


Go to full version