Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PHP Error


  • Please log in to reply
7 replies to this topic

#1 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:11:37 AM

Posted 19 March 2010 - 04:41 AM

Ok, so i have this code:

<?php 

// Connects to your Database 
$connect = mysql_connect("localhost", "******", "******"); 

mysql_select_db("dealers"); 

//checks cookies to make sure they are logged in 
if(isset($_COOKIE['ID_my_site'])) 
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site']; 
$check = mysql_query("SELECT * FROM users WHERE username = '$username' AND approved = '1'")or die(mysql_error()); 
while($info = mysql_fetch_array( $check )) 
{ 

//if the cookie has the wrong password, they are taken to the login page 
if ($pass != $info['password']) 
{header("Location: index.php"); 
} 
else 
{ 
//Start of Content
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<meta name="robots" content="noindex, nofollow, noarchive">
</head>
<body>
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" width="100%" border="1" cellspacing="0" cellpadding="0">
  <tr>
	<td>&nbsp;</td>
	<td align="center"><strong>Canon Part Number</strong></td>
	<td align="center"><strong>Description</strong></td>
	<td align="center"><strong>Price</strong></td>
	<td align="center"><strong>Quantity</strong></td>
	<td align="center"><strong>Condition</strong></td>
  </tr>
  <tr>
	<td align="right"><strong>1.</strong></td>
	<td align="center"><input type="text" name="part_no1" /></td>
	<td align="center"><input type="text" name="description1" /></td>
	<td align="center"><input type="text" name="price1" /></td>
	<td align="center"><input type="text" name="quantity1" /></td>
	<td align="center"><input type="text" name="condition1" /></td>
  </tr>
  <tr>
	<td align="right"><strong>2.</strong></td>
	<td align="center"><input type="text" name="part_no2" /></td>
	<td align="center"><input type="text" name="description2" /></td>
	<td align="center"><input type="text" name="price2" /></td>
	<td align="center"><input type="text" name="quantity2" /></td>
	<td align="center"><input type="text" name="condition" /></td>
  </tr>
  <tr>
	<td align="right"><strong>3.</strong></td>
	<td align="center"><input type="text" name="part_no3" /></td>
	<td align="center"><input type="text" name="description3" /></td>
	<td align="center"><input type="text" name="price3" /></td>
	<td align="center"><input type="text" name="quantity3" /></td>
	<td align="center"><input type="text" name="condition3" /></td>
  </tr>
  <tr>
	<td align="right"><strong>4.</strong></td>
	<td align="center"><input type="text" name="part_no4" /></td>
	<td align="center"><input type="text" name="description4" /></td>
	<td align="center"><input type="text" name="price4" /></td>
	<td align="center"><input type="text" name="quantity4" /></td>
	<td align="center"><input type="text" name="condition4" /></td>
  </tr>
  <tr>
	<td align="right"><strong>5.</strong></td>
	<td align="center"><input type="text" name="part_no5" /></td>
	<td align="center"><input type="text" name="description5" /></td>
	<td align="center"><input type="text" name="price5" /></td>
	<td align="center"><input type="text" name="quantity5" /></td>
	<td align="center"><input type="text" name="condition5" /></td>
  </tr>
</table>
<hr />
<table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
	<td align="center"><input type="submit" name="submit" value="Submit Parts" default="default" />
	<input type="reset" onClick="return confirm('Are you sure you want to clear the form?')" />
	</td>
  </tr>
	<tr>
	  <td align="center"><input type="hidden" name="date" value="<? echo date("j-M"); ?>" /></td>
  </tr>
</table>
</form>
</body>
</html>
<?
if (isset($_POST['submit'])) { 

$i=1;
 
while($i<=5) {
 

$check2 = 'part_no'.$i;

if(!empty($_POST[$check2])) {
   $sql = "INSERT INTO `parts` (`part_no`, `description`, `price`, `quantity`, `date`, `user`, `avaliable`, `condition`) VALUES ('".$_POST["part_no".$i]."', '".$_POST["description".$i]."', '".$_POST["price".$i]."', '".$_POST["quantity".$i]."', '$_POST[date]', '$username', '1', '".$_POST["condition".$i]."')";
 
//echo $sql ."<br>";
 
mysql_query($sql) or die(mysql_error());
   //echo ("<br>Inserted<br>");
}

$i++;
}
echo ("<br /><h4 align='center'>Inserted</h4>");
}

//End of content
} 
} 
else 

//if the cookie does not exist, they are taken to the login screen 
{ 
header("Location: index.php"); 
} 

?>

I have spent ages trying to figure out what is wrong... when i comment out the PHP it works (the form is displayed), when it's not the page is white. I've tried adding sections of the PHP slowly but still can't pin point it... i'm probably just tired and its an easy fix... but i can't find it. I've checked and the cookie is being created, so that's not the problem either... :thumbsup:

I'm not to sure on the
if(!empty($_POST[$check2]))

but i have it on another page and it works fine.

or should it be

$check2 = $_POST['part_no'.$i];

if(!empty($check2))

Edited by KamakaZ, 19 March 2010 - 04:45 AM.

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:37 PM

Posted 19 March 2010 - 12:44 PM

You want to check one password and looping through all the usernames and passwords in your database. It would make the script slow, and consume server's resources. Instead just check the username and password using SQL query.

#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:37 PM

Posted 19 March 2010 - 01:01 PM

When yu comment out which block of PHP?

#4 KamakaZ

KamakaZ
  • Topic Starter

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:11:37 AM

Posted 21 March 2010 - 04:40 AM

When i comment out both blocks of PHP it works.

It doesn't loop the database does it??

$check = mysql_query("SELECT * FROM users WHERE username = '$username' AND approved = '1'")or die(mysql_error());

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:37 PM

Posted 21 March 2010 - 09:24 AM

I'm not sure what you mean by 'loop the database'. Looping implies that it looks through all of the records in a table over and over until some condition is met (like a for lop). Your query looks through the records in a table that meets your conditions. That is all it does.

Another thing I noticed is that you actually have 4 pieces of PHP. This line:
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
has PHP in it. Some compilers do not like <? for the opening tag (which is called short-form). Depending on how your PHP is configured, it may require the long-form tag, <?php.

I can't tell what goes where in your code because you are not properly indenting things, but go back through your code and make sure that all of your code sections are closed properly. For instance, make sure that your while loops have both opening and closing braces.

What are you suing for a debugger?

#6 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:37 PM

Posted 21 March 2010 - 01:25 PM

No need to use while loop, check password in the same SQL query like this :

$check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND approved = '1'")or die(mysql_error());


Check returned results with mysql_num_rows($check) . If it is 1 then password, username and approved flag match. If its 0 then no match found. If its more than 1 then you have duplicate entries.

#7 JJ2K

JJ2K

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 22 March 2010 - 03:44 PM

I agree with Romeo, you can check the username and password together in your SQL query, rather than just fetching the username then using a while loop to go through the matches.

#8 KamakaZ

KamakaZ
  • Topic Starter

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:11:37 AM

Posted 23 March 2010 - 12:32 AM

Ahhh... I see thanks guys :thumbsup:

I ended up rewriting the code, and adding in modifications to the way it checks for usernames and passwords. I have them both copies of code printed out sitting in front of me, can't seem to find what i've changed but it now works.

Thanks for everyone's input :flowers:

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users