BleepingComputer.com: PHP Error

Ok, so i have this code:

<?php 

// Connects to your Database 
$connect = mysql_connect("localhost", "******", "******"); 

mysql_select_db("dealers"); 

//checks cookies to make sure they are logged in 
if(isset($_COOKIE['ID_my_site'])) 
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site']; 
$check = mysql_query("SELECT * FROM users WHERE username = '$username' AND approved = '1'")or die(mysql_error()); 
while($info = mysql_fetch_array( $check )) 
{ 

//if the cookie has the wrong password, they are taken to the login page 
if ($pass != $info['password']) 
{header("Location: index.php"); 
} 
else 
{ 
//Start of Content
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<meta name="robots" content="noindex, nofollow, noarchive">
</head>
<body>
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" width="100%" border="1" cellspacing="0" cellpadding="0">
  <tr>
	<td>&nbsp;</td>
	<td align="center"><strong>Canon Part Number</strong></td>
	<td align="center"><strong>Description</strong></td>
	<td align="center"><strong>Price</strong></td>
	<td align="center"><strong>Quantity</strong></td>
	<td align="center"><strong>Condition</strong></td>
  </tr>
  <tr>
	<td align="right"><strong>1.</strong></td>
	<td align="center"><input type="text" name="part_no1" /></td>
	<td align="center"><input type="text" name="description1" /></td>
	<td align="center"><input type="text" name="price1" /></td>
	<td align="center"><input type="text" name="quantity1" /></td>
	<td align="center"><input type="text" name="condition1" /></td>
  </tr>
  <tr>
	<td align="right"><strong>2.</strong></td>
	<td align="center"><input type="text" name="part_no2" /></td>
	<td align="center"><input type="text" name="description2" /></td>
	<td align="center"><input type="text" name="price2" /></td>
	<td align="center"><input type="text" name="quantity2" /></td>
	<td align="center"><input type="text" name="condition" /></td>
  </tr>
  <tr>
	<td align="right"><strong>3.</strong></td>
	<td align="center"><input type="text" name="part_no3" /></td>
	<td align="center"><input type="text" name="description3" /></td>
	<td align="center"><input type="text" name="price3" /></td>
	<td align="center"><input type="text" name="quantity3" /></td>
	<td align="center"><input type="text" name="condition3" /></td>
  </tr>
  <tr>
	<td align="right"><strong>4.</strong></td>
	<td align="center"><input type="text" name="part_no4" /></td>
	<td align="center"><input type="text" name="description4" /></td>
	<td align="center"><input type="text" name="price4" /></td>
	<td align="center"><input type="text" name="quantity4" /></td>
	<td align="center"><input type="text" name="condition4" /></td>
  </tr>
  <tr>
	<td align="right"><strong>5.</strong></td>
	<td align="center"><input type="text" name="part_no5" /></td>
	<td align="center"><input type="text" name="description5" /></td>
	<td align="center"><input type="text" name="price5" /></td>
	<td align="center"><input type="text" name="quantity5" /></td>
	<td align="center"><input type="text" name="condition5" /></td>
  </tr>
</table>
<hr />
<table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
	<td align="center"><input type="submit" name="submit" value="Submit Parts" default="default" />
	<input type="reset" onClick="return confirm('Are you sure you want to clear the form?')" />
	</td>
  </tr>
	<tr>
	  <td align="center"><input type="hidden" name="date" value="<? echo date("j-M"); ?>" /></td>
  </tr>
</table>
</form>
</body>
</html>
<?
if (isset($_POST['submit'])) { 

$i=1;
 
while($i<=5) {
 

$check2 = 'part_no'.$i;

if(!empty($_POST[$check2])) {
   $sql = "INSERT INTO `parts` (`part_no`, `description`, `price`, `quantity`, `date`, `user`, `avaliable`, `condition`) VALUES ('".$_POST["part_no".$i]."', '".$_POST["description".$i]."', '".$_POST["price".$i]."', '".$_POST["quantity".$i]."', '$_POST[date]', '$username', '1', '".$_POST["condition".$i]."')";
 
//echo $sql ."<br>";
 
mysql_query($sql) or die(mysql_error());
   //echo ("<br>Inserted<br>");
}

$i++;
}
echo ("<br /><h4 align='center'>Inserted</h4>");
}

//End of content
} 
} 
else 

//if the cookie does not exist, they are taken to the login screen 
{ 
header("Location: index.php"); 
} 

?>

I have spent ages trying to figure out what is wrong... when i comment out the PHP it works (the form is displayed), when it's not the page is white. I've tried adding sections of the PHP slowly but still can't pin point it... i'm probably just tired and its an easy fix... but i can't find it. I've checked and the cookie is being created, so that's not the problem either...

I'm not to sure on the

if(!empty($_POST[$check2]))

but i have it on another page and it works fine.

or should it be

$check2 = $_POST['part_no'.$i];

if(!empty($check2))

This post has been edited by KamakaZ: 19 March 2010 - 04:45 AM

You want to check one password and looping through all the usernames and passwords in your database. It would make the script slow, and consume server's resources. Instead just check the username and password using SQL query.

When yu comment out which block of PHP?

When i comment out both blocks of PHP it works.

It doesn't loop the database does it??

$check = mysql_query("SELECT * FROM users WHERE username = '$username' AND approved = '1'")or die(mysql_error());

I'm not sure what you mean by 'loop the database'. Looping implies that it looks through all of the records in a table over and over until some condition is met (like a for lop). Your query looks through the records in a table that meets your conditions. That is all it does.

Another thing I noticed is that you actually have 4 pieces of PHP. This line:
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
has PHP in it. Some compilers do not like <? for the opening tag (which is called short-form). Depending on how your PHP is configured, it may require the long-form tag, <?php.

I can't tell what goes where in your code because you are not properly indenting things, but go back through your code and make sure that all of your code sections are closed properly. For instance, make sure that your while loops have both opening and closing braces.

What are you suing for a debugger?

No need to use while loop, check password in the same SQL query like this :

Quote

Check returned results with mysql_num_rows($check) . If it is 1 then password, username and approved flag match. If its 0 then no match found. If its more than 1 then you have duplicate entries.

I agree with Romeo, you can check the username and password together in your SQL query, rather than just fetching the username then using a while loop to go through the matches.

Ahhh... I see thanks guys

I ended up rewriting the code, and adding in modifications to the way it checks for usernames and passwords. I have them both copies of code printed out sitting in front of me, can't seem to find what i've changed but it now works.

Thanks for everyone's input