Skip navigation
Currently Being Moderated

blank page redirection

Jun 3, 2011 6:55 AM

I have a login form, but if the fields are empty or wrong, it clears the whole page so it is blank.  here is my code for the page: http://pastebin.com/jmrHuBkv.

i think that it may be the connection after i start the session... am i right?

 
Replies
  • Currently Being Moderated
    Jun 3, 2011 8:50 AM   in reply to future-architect

    It's because you have blank lines outside the PHP tags in your code before the call to header(). See the following article for an explanation: http://kb2.adobe.com/community/publishing/505/cpsid_50572.html.

     

    The reason you're getting a blank page is probably because display_errors is turned off on your server (good for security, but makes it difficult to troubleshoot errors). See Why is my PHP page blank? in the Dreamweaver FAQ.

     

    Also, please do not start a new thread for the same issue. The link to your code should have been posted in the original thread.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 4, 2011 5:11 AM   in reply to future-architect

    Dreamweaver is a good development tool for PHP, particularly if you're using CS5 or CS5.5, because it has full code hinting for all functions and classes in PHP 5.2 (CS5) or 5.3 (CS5.5). It also offers autocompletion of variables and syntax checking.

     

    Other than Dreamweaver, you could use PDT, which is Eclipse-based and free. Alternatively, Zend Studio 8.0.1 is excellent, but expensive. PhpED is also very good, although I haven't used it for a long time. There's also PHPEdit, which I have never tried.

     

    It doesn't matter which editor you use for working with PHP, the most important element is your understanding of the language. Unfortunately, a lot of people are misled by the ease with which Dreamweaver server behaviors create a simple login system and database-driven pages. So, they expect to be able to do everything by clicking options in dialog boxes. I know that you're making the effort to write your own code, or at least to adapt the basic code created by Dreamweaver. That's excellent. Switching to a different PHP editor won't give you a wider range of pre-baked code. In fact, it won't give you any at all.

     

    Learning how to use PHP takes time and effort. With the right attitude, the more you do, the better you will become. I've been using PHP for more than 11 years, so I find it easy to solve a lot of problems. But I remember that it was a long, hard slog at the beginning. Keep at it, and you'll get there in the end.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 5, 2011 5:57 AM   in reply to future-architect

    future-architect wrote:

     

    i got sick of just copying and pasting php code from websites, then not knowing how they worked, and have to post on forums about how to fix it, while learning nothing.  it seems like there is SO much to learn!

    Yes, there is a lot to learn, and just copying and pasting code from websites is not likely to get you very far. There's a lot of free information on the internet, but not all of it is good. And particularly in relation to PHP, a lot of it is wrong, out of date, or shows bad practices. I suggest that you sit down with an up-to-date book. I have written one, "PHP Solutions, 2nd Edition", that a lot of people find helpful. Other good ones are the Visual Quick Start books by Larry Ullman amd "PHP and MySQL" by Wellings and Thompson. If you can't afford to buy a new copy, get a second-hand one or borrow it from a library. Learning PHP in a structured way will save you a lot of time and frustration in the end.

    here is my code for my login page: http://pastebin.com/Jcnmchx9 (i am trying to learn how to use functions in php, since i know the basics of java! =D ). 

    Do you mean Java or JavaScript? They're completely different languages. Java is a very sophisticated language that plays a relatively small role in web development. JavaScript is used to add dynamic features, such as flyout menus and tabbed interfaces, to web pages

     

    I've had a look at your page, and before you start working on the PHP, you need to fix the problems with your HTML. Your login form is nested in two tables, but the closing tags for the outer table and table row are missing. You're also using colspan="3" in a couple of cells, but the other rows have only two columns. Strip the PHP code out of the page and submit it to the W3C validator to fix the HTML.

     

    Now, looking at your PHP code, the reason you're getting a blank page after logging in successfully is because of this line:

     

    header ('Location: $uname/index.php"');
    

     

    The header() function is trying to redirect the user to the $uname folder. However, $uname is not defined anywhere in your script, and the value is in single quotes. So, the page attempts to go to a folder called $uname. When using variables in strings, you must use double quotes. It looks as though you originally used double quotes, because you have a stray one at the end of index.php.

     

    That's not all that's wrong. I realize you have probably spent a lot of time working on this, but please don't get discouraged by the holes I'm going to pick in your code. Sadly, there are lot of holes to pick.

     

    I see that you're using short opening tags (<?) instead of <?php. This is generally considered to be a bad idea. In fact, if your server has short opening tags turned off, none of your code would work. Using <?php works on all servers that support PHP.

     

    You have the following function definition:

     

    function accountActivationCheck($activation) 
        {
            if ($activation==0){
                $acntactivation = false;
            }
            if ($activation==1) { 
                $acntactivation = true; 
            }
            if ($acntactivation == false) {
                $acntactivation_error = true;
            }
            return $acntactivation_error;
        }

     

    The fundamental problem with this function is that the final line returns a variable that will never be created if $actnactivation is true. However, the function creates variables unnecessarily. All you need is this:

     

    function accountActivationCheck($activation) {
      if ($activation == 1) {
        return true;
      } else {
        return false;
      }
    }
    

     

    In fact, you don't need the function at all. All you're doing is checking the value of $row['activated']. I assume that a value of 1 means that the user has been activated. So, you could do this:

     

    if ($row['activated'] == 1) {
      // redirect to other page
    } else {
      // display message about delay in activation
    }
    

     

    Your other function is also attempting to return an undefined variable if the username and password fields are not empty:

     

    function loginFormErrorsCheck ($loginUsername, $loginPassword) 
        {
            if (empty($loginUsername)) {$errors = 1;}
            if (empty($loginPassword)) {$errors = 1;}
            return $errors;
        }
    

     

    It should be like this:

     

    function loginFormErrorsCheck ($loginUsername, $loginPassword) {
      if (empty($loginUsername) || empty($loginPassword)) {
        return true;
      } else {
        return false;
      }
    }
    

     

    In your SQL, you're injecting the user input directly into the query like this:

     

    $query = "SELECT * FROM members WHERE uname='".$loginUsername."' AND pword='".$loginPassword."'"; 
    

     

    This is extremely insecure, and lays your database open to SQL injection attacks. You must sanitize user-submitted values before inserting them into a SQL query. That line of code needs to be rewritten like this:

     

    $query = "SELECT * FROM members WHERE uname='"
      . mysql_real_escape_string($loginUsername) . "' AND pword='"
      . mysql_real_escape_string($loginPassword) . "'";

     

    Also, the logic of the conditional statements at the end of your script is flawed. If the username or password fields are empty, you shouldn't even perform the SQL query. Moreover, if the user's account hasn't been activated, you shouldn't be redirecting to the index page.

     

    <?php    
    if (isset($_POST['submit'])) {
        
        $loginUsername = $_POST['uname'];  
        $loginPassword = $_POST['pword'];  
        
        $errors = loginFormErrorsCheck ($loginUsername, $loginPassword);
    
        // search the database only if there are no errors
        if (!$errors) {
            
          mysql_select_db($database_uploader, $uploader);    
          $query = "SELECT * FROM members WHERE uname='"
            . mysql_real_escape_string($loginUsername) . "' AND pword='"
            . mysql_real_escape_string($loginPassword) . "'";  
          $result = mysql_query($query) or die(mysql_error());
    
          // make sure the username and password were found
          if (mysql_num_rows($result) > 0) [
            $row = mysql_fetch_array($result) or die(mysql_error());
    
            // if the user has been activated, redirect
            if ($row['activated'] == 1) {
              mysql_close($result);
              header('Location: ' . $row['uname'] . '/index.php');
              exit;
            } else {
              mysql_close($result);
              $errors = "Your account has not yet been activated.
                It will take about two weeks to be fully activated. We 
                will e-mail you when it is."; 
              }
          } else {
            $errors = "Incorrect username or password";
          }
        } else {
          $errors = "There were errors! Please make sure you filled in all of the fields."; 
        }
    }
    ?>

     

    In the body of your login page, use this to display the error message, if there has been a problem:

     

    <?php
    if (isset($errors) && !empty($errors)) {
      echo "<p class='error'>$errors</p>";
    }
    ?>

     

    Message was edited by: David Powers (correcting a couple of typos).

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 6, 2011 2:21 AM   in reply to future-architect

    future-architect wrote:

     

    should i also be using sprintf for sql queries?  or is mysql_real_escape_string the same thing?

    No, they are not the same, as you would discover by reading the documentation for both functions. Dreamweaver uses sprintf() because it uses its own custom function getSQLValueString() to perform extra validation in addition to mysql_real_escape_string().

    also, i was told two other things:

    1) header is not a good way of logging the user in to the member's page

    2) you should save a session in a database

    That's a matter of opinion. Saving a session in a database is probably more secure than saving it in the normal way, but it depends on the level of security that you need. For online banking, you need a very high level. For a members-only area, the requirements for security might be less rigorous.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points