8 Replies Latest reply: Jun 10, 2011 7:45 PM by future-architect RSS

    blank page redirection

    future-architect Community Member

      I have a login form, but if the fields are empty or wrong, it clears the whole page so it is blank.  here is my code for the page: http://pastebin.com/jmrHuBkv.

      i think that it may be the connection after i start the session... am i right?

        • 1. Re: blank page redirection
          David_Powers ACP

          It's because you have blank lines outside the PHP tags in your code before the call to header(). See the following article for an explanation: http://kb2.adobe.com/community/publishing/505/cpsid_50572.html.

           

          The reason you're getting a blank page is probably because display_errors is turned off on your server (good for security, but makes it difficult to troubleshoot errors). See Why is my PHP page blank? in the Dreamweaver FAQ.

           

          Also, please do not start a new thread for the same issue. The link to your code should have been posted in the original thread.

          • 2. Re: blank page redirection
            future-architect Community Member

            hm, ok; what is a good developer tool to use for php?  is eclipse a good, basic one?

            • 3. Re: blank page redirection
              David_Powers ACP

              Dreamweaver is a good development tool for PHP, particularly if you're using CS5 or CS5.5, because it has full code hinting for all functions and classes in PHP 5.2 (CS5) or 5.3 (CS5.5). It also offers autocompletion of variables and syntax checking.

               

              Other than Dreamweaver, you could use PDT, which is Eclipse-based and free. Alternatively, Zend Studio 8.0.1 is excellent, but expensive. PhpED is also very good, although I haven't used it for a long time. There's also PHPEdit, which I have never tried.

               

              It doesn't matter which editor you use for working with PHP, the most important element is your understanding of the language. Unfortunately, a lot of people are misled by the ease with which Dreamweaver server behaviors create a simple login system and database-driven pages. So, they expect to be able to do everything by clicking options in dialog boxes. I know that you're making the effort to write your own code, or at least to adapt the basic code created by Dreamweaver. That's excellent. Switching to a different PHP editor won't give you a wider range of pre-baked code. In fact, it won't give you any at all.

               

              Learning how to use PHP takes time and effort. With the right attitude, the more you do, the better you will become. I've been using PHP for more than 11 years, so I find it easy to solve a lot of problems. But I remember that it was a long, hard slog at the beginning. Keep at it, and you'll get there in the end.

              • 4. Re: blank page redirection
                future-architect Community Member

                thanks for the words of wisdom, as well as the inspiratioin!  i got sick of just copying and pasting php code from websites, then not knowing how they worked, and have to post on forums about how to fix it, while learning nothing.  it seems like there is SO much to learn!  i may try to create a new php script and learn how to do something new.  it's really fun, but sadly, it takes up too much of my time!

                 

                i followed the one post on the blank spaces, using include, etc., but that didn't help.  i then tried copying:

                <?php ini_set('display_errors', '1'); ?>

                to my login page, and when i sent it, i still get the blank page.

                here is my code for my login page: http://pastebin.com/Jcnmchx9 (i am trying to learn how to use functions in php, since i know the basics of java! =D ).  when i take away the db connect after checking if submit is set, it seems to help.  i get the error messages.   it won't log me in though.  could this extra connection be part of the problem?

                 

                also, any good links for setting up dw for a localhost setup?  (i have easyphp {not sure if you ever heard of it} because i was trying to install pear, which i have to upgrade my 1&1 package since my e-mails are not being sent out with the standar, mail(); (GR!).  i am not familar with the easyphp program...  would this do the same thing?  it looks like it works with local hosting... any comments/suggestions?)

                 

                (also, how do i turn on a setting, so if a variable does not exist, a error will pop-up?)

                 

                thanks for all your help!

                • 5. Re: blank page redirection
                  David_Powers ACP

                  future-architect wrote:

                   

                  i got sick of just copying and pasting php code from websites, then not knowing how they worked, and have to post on forums about how to fix it, while learning nothing.  it seems like there is SO much to learn!

                  Yes, there is a lot to learn, and just copying and pasting code from websites is not likely to get you very far. There's a lot of free information on the internet, but not all of it is good. And particularly in relation to PHP, a lot of it is wrong, out of date, or shows bad practices. I suggest that you sit down with an up-to-date book. I have written one, "PHP Solutions, 2nd Edition", that a lot of people find helpful. Other good ones are the Visual Quick Start books by Larry Ullman amd "PHP and MySQL" by Wellings and Thompson. If you can't afford to buy a new copy, get a second-hand one or borrow it from a library. Learning PHP in a structured way will save you a lot of time and frustration in the end.

                  here is my code for my login page: http://pastebin.com/Jcnmchx9 (i am trying to learn how to use functions in php, since i know the basics of java! =D ). 

                  Do you mean Java or JavaScript? They're completely different languages. Java is a very sophisticated language that plays a relatively small role in web development. JavaScript is used to add dynamic features, such as flyout menus and tabbed interfaces, to web pages

                   

                  I've had a look at your page, and before you start working on the PHP, you need to fix the problems with your HTML. Your login form is nested in two tables, but the closing tags for the outer table and table row are missing. You're also using colspan="3" in a couple of cells, but the other rows have only two columns. Strip the PHP code out of the page and submit it to the W3C validator to fix the HTML.

                   

                  Now, looking at your PHP code, the reason you're getting a blank page after logging in successfully is because of this line:

                   

                  header ('Location: $uname/index.php"');
                  

                   

                  The header() function is trying to redirect the user to the $uname folder. However, $uname is not defined anywhere in your script, and the value is in single quotes. So, the page attempts to go to a folder called $uname. When using variables in strings, you must use double quotes. It looks as though you originally used double quotes, because you have a stray one at the end of index.php.

                   

                  That's not all that's wrong. I realize you have probably spent a lot of time working on this, but please don't get discouraged by the holes I'm going to pick in your code. Sadly, there are lot of holes to pick.

                   

                  I see that you're using short opening tags (<?) instead of <?php. This is generally considered to be a bad idea. In fact, if your server has short opening tags turned off, none of your code would work. Using <?php works on all servers that support PHP.

                   

                  You have the following function definition:

                   

                  function accountActivationCheck($activation) 
                      {
                          if ($activation==0){
                              $acntactivation = false;
                          }
                          if ($activation==1) { 
                              $acntactivation = true; 
                          }
                          if ($acntactivation == false) {
                              $acntactivation_error = true;
                          }
                          return $acntactivation_error;
                      }

                   

                  The fundamental problem with this function is that the final line returns a variable that will never be created if $actnactivation is true. However, the function creates variables unnecessarily. All you need is this:

                   

                  function accountActivationCheck($activation) {
                    if ($activation == 1) {
                      return true;
                    } else {
                      return false;
                    }
                  }
                  

                   

                  In fact, you don't need the function at all. All you're doing is checking the value of $row['activated']. I assume that a value of 1 means that the user has been activated. So, you could do this:

                   

                  if ($row['activated'] == 1) {
                    // redirect to other page
                  } else {
                    // display message about delay in activation
                  }
                  

                   

                  Your other function is also attempting to return an undefined variable if the username and password fields are not empty:

                   

                  function loginFormErrorsCheck ($loginUsername, $loginPassword) 
                      {
                          if (empty($loginUsername)) {$errors = 1;}
                          if (empty($loginPassword)) {$errors = 1;}
                          return $errors;
                      }
                  

                   

                  It should be like this:

                   

                  function loginFormErrorsCheck ($loginUsername, $loginPassword) {
                    if (empty($loginUsername) || empty($loginPassword)) {
                      return true;
                    } else {
                      return false;
                    }
                  }
                  

                   

                  In your SQL, you're injecting the user input directly into the query like this:

                   

                  $query = "SELECT * FROM members WHERE uname='".$loginUsername."' AND pword='".$loginPassword."'"; 
                  

                   

                  This is extremely insecure, and lays your database open to SQL injection attacks. You must sanitize user-submitted values before inserting them into a SQL query. That line of code needs to be rewritten like this:

                   

                  $query = "SELECT * FROM members WHERE uname='"
                    . mysql_real_escape_string($loginUsername) . "' AND pword='"
                    . mysql_real_escape_string($loginPassword) . "'";

                   

                  Also, the logic of the conditional statements at the end of your script is flawed. If the username or password fields are empty, you shouldn't even perform the SQL query. Moreover, if the user's account hasn't been activated, you shouldn't be redirecting to the index page.

                   

                  <?php    
                  if (isset($_POST['submit'])) {
                      
                      $loginUsername = $_POST['uname'];  
                      $loginPassword = $_POST['pword'];  
                      
                      $errors = loginFormErrorsCheck ($loginUsername, $loginPassword);
                  
                      // search the database only if there are no errors
                      if (!$errors) {
                          
                        mysql_select_db($database_uploader, $uploader);    
                        $query = "SELECT * FROM members WHERE uname='"
                          . mysql_real_escape_string($loginUsername) . "' AND pword='"
                          . mysql_real_escape_string($loginPassword) . "'";  
                        $result = mysql_query($query) or die(mysql_error());
                  
                        // make sure the username and password were found
                        if (mysql_num_rows($result) > 0) [
                          $row = mysql_fetch_array($result) or die(mysql_error());
                  
                          // if the user has been activated, redirect
                          if ($row['activated'] == 1) {
                            mysql_close($result);
                            header('Location: ' . $row['uname'] . '/index.php');
                            exit;
                          } else {
                            mysql_close($result);
                            $errors = "Your account has not yet been activated.
                              It will take about two weeks to be fully activated. We 
                              will e-mail you when it is."; 
                            }
                        } else {
                          $errors = "Incorrect username or password";
                        }
                      } else {
                        $errors = "There were errors! Please make sure you filled in all of the fields."; 
                      }
                  }
                  ?>
                  

                   

                  In the body of your login page, use this to display the error message, if there has been a problem:

                   

                  <?php
                  if (isset($errors) && !empty($errors)) {
                    echo "<p class='error'>$errors</p>";
                  }
                  ?>
                  

                   

                  Message was edited by: David Powers (correcting a couple of typos).

                  • 6. Re: blank page redirection
                    future-architect Community Member

                    wow, ok, thanks for the advice!  no probelm; i am learning, and i do not expect my code to be flawless!

                     

                    i am actually doing java... i wish i knew javascirpt, but at the same time, i wish i knew a lot of other things too!

                     

                    should i also be using sprintf for sql queries?  or is mysql_real_escape_string the same thing?

                     

                    also, i was told two other things:

                    1) header is not a good way of logging the user in to the member's page

                    2) you should save a session in a database

                     

                    i will look over this; thank you for taking the time to send me some feedback!  i appreciate it.  i will let you know on how it goes.

                     

                    Message was edited by: future-architect

                    • 7. Re: blank page redirection
                      David_Powers ACP

                      future-architect wrote:

                       

                      should i also be using sprintf for sql queries?  or is mysql_real_escape_string the same thing?

                      No, they are not the same, as you would discover by reading the documentation for both functions. Dreamweaver uses sprintf() because it uses its own custom function getSQLValueString() to perform extra validation in addition to mysql_real_escape_string().

                      also, i was told two other things:

                      1) header is not a good way of logging the user in to the member's page

                      2) you should save a session in a database

                      That's a matter of opinion. Saving a session in a database is probably more secure than saving it in the normal way, but it depends on the level of security that you need. For online banking, you need a very high level. For a members-only area, the requirements for security might be less rigorous.

                      • 8. Re: blank page redirection
                        future-architect Community Member

                        i got it to work; thanks a bunch!

                         

                        wow, so i spent a few days trying to figure out why it would send to a blank page, and here, i had space after my php tags... why is it so picky like that?

                         

                        Message was edited by: future-architect