Login form question

lukeurtnowski · August 3, 2011, 9:22pm

I am confused, the php doesnt seem to make sense


<?
if(isset($_POST['submit'])) {
require_once("db_conn.php");

session_start();
$user = $_POST['name'];
$pass = $_POST['pass'];
$result = mysql_query("SELECT * FROM users WHERE name = '$user' AND password = '$pass'") or die(mysql_error()); 
$row = mysql_fetch_array( $result );

}
?>

<span id="navbar">
<?php
if($row) {
$_SESSION['id'] = $row['id'];
header("Location: editable.php");
exit;
} else {
?>


<div class="buttonwrapper">
<a class="ovalbutton" ahref="#" onclick="showlayer('login_menu')">
<span>Login</span>
</a></div>
<div id="login_menu" style="display:none;">
<!--<div id="new-user-col">New User:<br /><br />
<a href="register.html" class="green-button">Register</a>
</div> -->

<div id="signup-user-col">
<form action="<?php $_SERVER['PHP_SELF'];?>" method="post">
<ul>
<li>
<label for="email">Username:</label>
<input type="text" id="email" size="18" name="name"/>
</li>
<li>
<label for="psw">Password:</label>
<input type="text" id="psw" size="18" name="pass"/>
</li>
<input type="submit" value="Log-in" name="submit"/>
</ul>
</form>
</div>

<div class="spacer"></div>

</div>
<?php } ?>
</span>
    <div id="logo"><a href="index.shtml">On The Ocean</a></div>
    <ul id="menu">
    <li><a href="index.php">Home</a></li>
    <li><a href="409.shtml">409</a></li>
    <li><a href="708.shtml">708</a></li>
    <li><a href="102.shtml">102</a></li>
    <li><a href="310.shtml">310</a></li>
    <li><a href="avail.shtml">Availability</a></li>
    <li><a href="loc.shtml">Location</a></li>
    <li><a href="blog">Blog</a></li>
    <li><a href="contact.shtml">Contact Us</a></li>
    </ul>

the page is here
On The Ocean: Home
Shouldn’t (once the login form is submitted, the if statement,

if(isset($_POST['submit']))[/php} be true and run the code in between.  Also, shouldn't the 
```php
if($row)

ring true if the login credentials are right and1 record is returned? but it doesn’t seem to work as the

header()

function doesn’t run.

Whats going on here?
Thanks

chris_upjohn · August 3, 2011, 10:24pm

You may want to check what happens when you click the login button as when i clicked it all your database information appeared right in front of me including the username and password.

Cups · August 4, 2011, 7:48am

When conditional forks in your code do not behave as expected then make sure you temporarily var_dump() the variable you are testing against, and take a close look at it.

Is the condition you are testing it against actually robust enough? Have you fallen into any of these traps?

ps make sure you also test the form by clicking the submit button, and just filling in the form and pressing Enter, esp in IE - I never test for the existence of ‘submit’, but rather a required form element, e.g. email

lukeurtnowski · August 5, 2011, 5:18am

K, this is wierd to me, but I tried to be more exact with my if statement by adding this


<?
if($_POST['name'] != "") {
require_once("db_conn.php");

session_start();
$user = $_POST['name'];
$pass = $_POST['pass'];
$result = mysql_query("SELECT * FROM users WHERE name = '$user' AND password = '$pass'") or die(mysql_error()); 
$row = mysql_fetch_array( $result );
echo $row;
echo $result;
}
?>

<span id="navbar">
<?php
if($row) {
$_SESSION['id'] = $row['id'];
header("Location: editable.php");
exit;
} else {
?>

so why does my database connection string show when I use false data?
and is that if statement robust enough?

Cups · August 5, 2011, 10:37pm

So what happens when you do :


var_dump($_POST);

at the top of the page, does name appear? What value does it have? What if your form-field for name had a space in it?