PHP Forum Help!!!!

What is the actual error message you are getting, and what is the value of $_SESSION in this part of your code?

if($_SESSION['uid']){
      /** Add the following line **/
     echo $_SESSION['uid'];

     $sql = "SELECT id,username FROM 'users' WHERE 'id'='".$_SESSION['uid']."'";

     $res = mysql_query($sql) or die(mysql_error());
     if(mysql_num_rows($res) == 0){
          session_destroy();
          /** Displays login link **/
     }else {
          $row = mysql_fetch_assoc($res);
          /** displays logout link and info **/
     } 
}

Also, I don't believe your sql is correct.

$sql = "SELECT id,username FROM 'users' WHERE 'id'='".$_SESSION['uid']."'";

users is not a reserved word therefore does not need to be quoted.
Also id is not a reserved word and does not need to be quoted.
Finally, the value of $_SESSION is suppose to be an integer so again that does not need quoted.

MySQL Reserved Words

/** Type casting assumes you are using PHP5 **/
$sql = 'SELECT id, username FROM users WHERE id = '. (int) $_SESSION['uid'];

Hopefully my suggestions will solve your problem, but without the ACTUAL error message it is hard to say what exactly is causing the problem.

Thanks Sir for your help......

The exact error which is displayed on the page is this:

Notice: Undefined index: uid in C:\wamp\www\login\index.php on line 57

Which I assume means that the uid is not defined in my code!!!!!!

That is a Notice not an error, what it is telling you, is that your code is checking the value of $_SESSION even though the array key 'uid' does not exist in the $_SESSION array.

replace:

if($_SESSION['uid']){

with

if( isset( $_SESSION['uid'] )  ){

However, Notices should not affect your code, the only thing they make cause problems with is using the header() function as they can be unexpected output. So if the page is not displaying the login or register links something else is wrong.

That is a Notice not an error, what it is telling you, is that your code is checking the value of $_SESSION even though the array key 'uid' does not exist in the $_SESSION array.

replace:

if($_SESSION['uid']){

with

if( isset( $_SESSION['uid'] )  ){

However, Notices should not affect your code, the only thing they make cause problems with is using the header() function as they can be unexpected output. So if the page is not displaying the login or register links something else is wrong.

Mate that actually took away the notice but the actual problem are in the register and login where I am bombarded with three or four notices after I click on either link.......

But I will go through the tutorial again and see if I have missed any Algorithms........else I will create a new topic on here.........

Cheers

Well I apologies to change the status on this post from solved to not solved as I wanted to prevent from posting a new post with the same problems......!

Anyways, my new problems are in the login page where I get two notices and I am not able to login even though I type in the right passwords.....

Here is my code

<?php
session_start();
include "./global.php";

echo "<title>Login</title>\n";

if( isset( $_SESSION['uid'] ) ){
	echo "You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else{

if (!$_POST['submit']){
	echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
	echo "<form method=\"post\" action=\"./login.php\">\n";
	echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td><\tr>\n";
	echo "<tr><td>Password</td><td><input type=\"password\"name=\"password\"></td><\tr>\n";
	echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
	echo "</form></table>\n";
	}else {

	$user = mss($_POST['username']);
	$pass = $_POST['password'];
}
		if($user && $pass){
			$sql = "SELECT id FROM users WHERE 'username'='".$user."'";
			$res = mysql_query($sql) or die(mysql_error());
			if(mysql_num_rows($res) > 0){
				$sql2 = "SELECT id FROM users WHERE 'username'='".$user."' AND 'password'='".md5($pass)."'";
				$res2 = mysql_query($sql2) or die(mysql_error());
				if(mysql_num_rows($res2) > 0){
					$row = mysql_fetch_assoc($res2);
					$_SESSION['uid'] = $row['id'];

				
				echo "You have successfully logged in as " .$user;
			}else {
			  echo "Username and password combination are incorrect!\n";
			}
	   }else {
	echo "The username you supplied does not exist!\n";
	   }
}else {
	echo "You must supply both the username and password field!\n";
	  }
  }
?>

I went back to the author's tutorial and did a line to line check, found few mistakes which I solved but still not luck....

This is what is displayed on the login page:

Notice: Undefined index: submit in C:\wamp\www\login\login.php on line 11
< r> < r>
Username: ---------------
Password : ---------------

Notice: Undefined variable: user in C:\wamp\www\login\login.php on line 23
You must supply both the username and password field!

Also once I type in the credentials and press enter this is error I get on the page:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' WHERE 'username'='test'' at line 1

Thanks in Advance!

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' WHERE 'username'='test'' at line 1

Well the above error is now fixed as I was using the wrong quote marks.

Now apart from errors I am having issues with notices on the login page:

Notice: Undefined index: submit in C:\wamp\www\login\login.php on line 11
< r> < r>
Username: ---------------
Password : ---------------

Notice: Undefined variable: user in C:\wamp\www\login\login.php on line 23
You must supply both the username and password field!

One thing I dont understand why does it say You must supply both the username and password field! on the login page even though I havent even typed in the username and password????

Although these notices are not causing any error but I would like to get ride of them.

So as for now my code stands as follows:

<?php
session_start();
include "./global.php";

echo "<title>Login</title>\n";

if( isset( $_SESSION['uid'] ) ){
	echo "You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else{

if (!$_POST['submit']){
	echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
	echo "<form method=\"post\" action=\"./login.php\">\n";
	echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td><\tr>\n";
	echo "<tr><td>Password</td><td><input type=\"password\"name=\"password\"></td><\tr>\n";
	echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
	echo "</form></table>\n";
	}else {

	$user = mss($_POST['username']);
	$pass = $_POST['password'];
}
		if($user && $pass){
			$sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
			$res = mysql_query($sql) or die(mysql_error());
			if(mysql_num_rows($res) > 0){
				$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
				$res2 = mysql_query($sql2) or die(mysql_error());
				if(mysql_num_rows($res2) > 0){
					$row = mysql_fetch_assoc($res2);
					$_SESSION['uid'] = $row['id'];

				
					echo "You have successfully logged in as " .$user;
				}else {
					echo "Username and password combination are incorrect!\n";
				}
			}else {
				echo "The username you supplied does not exist!\n";
			}
		}else {
			echo "You must supply both the username and password field!\n";
		}
  }
?>

Try this. I made several changes, including moving an IF/ELSE statement up into the prior control structure. I also revised your sql statements slightly.

See if this does the trick and if you have any questions i'll try to answer.

<?php
session_start();
include "./global.php";

echo "<title>Login</title>\n";

if( isset( $_SESSION['uid'] ) )
{
	echo "You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} 
else
{
	if ( empty( $_POST ) )
	{
		echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
		echo "<form method=\"post\" action=\"./login.php\">\n";
		echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td><\tr>\n";
		echo "<tr><td>Password</td><td><input type=\"password\"name=\"password\"></td><\tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
		echo "</form></table>\n";
	}
	else 
	{
	
		$user = mss( $_POST['username'] );
		$pass = $_POST['password'];
		
		if( $user && $pass )
		{
			$sql = 'SELECT id FROM users WHERE username = "' . $user . '"';
			$res = mysql_query( $sql ) or die( mysql_error() );
			if( mysql_num_rows( $res ) > 0)
			{
				$sql2 = 'SELECT id FROM users WHERE username = "' . $user . '" AND password = "' . md5( $pass ) . '"';
				$res2 = mysql_query( $sql2 ) or die( mysql_error() );
				
				if(mysql_num_rows($res2) > 0)
				{
					$row = mysql_fetch_assoc($res2);
					$_SESSION['uid'] = $row['id'];
					
					echo "You have successfully logged in as " .$user;
				}
				else 
				{
				  echo "Username and password combination are incorrect!\n";
				}
		   }
		   else 
		   {
				echo "The username you supplied does not exist!\n";
		   }
		}
		else 
		{
			echo "You must supply both the username and password field!\n";  
		}
	}
}

Well all I can say is 'Walah' magic......
Thanks a million.......

But thing I dont understand are the arrow signs'<r>' above the username and password box, shown below:

< r> < r>
Username:__________
Password :__________

Thanks

It's the escaping in your html in this area

if ( empty( $_POST ) )
	{
		echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
		echo "<form method=\"post\" action=\"./login.php\">\n";
		echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td><\tr>\n";
		echo "<tr><td>Password</td><td><input type=\"password\"name=\"password\"></td><\tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
		echo "</form></table>\n";
	}

Here are my 2 cents. You can disable those notices by using error_reporting(E_ALL ^ E_NOTICE); on top of your script. If you don't want to disable it but still want to fix the notices, initialize a variable to 0 (or null if its a string). ie.,
$i = 0;
$string = "";
That would fix the error(Notice).
You can learn more on error reporting here. http://in2.php.net/error_reporting

But the notices are important, I always like to develop with error_reporting( E_ALL | E_STRICT ); In a production environment I NEVER leave error reporting enabled.

The problem with the notices the OP was experiencing were just that, he didn't have variables initialized. But was testing for them in his scripts. Using some of the default php functions (e.g. isset and empty) we can circumvent that issue.

Obviously the best solution would be setting default values, and check types etc. But, one step at a time.

Yep! You are right.. Notices are important. They make you a better programmer :)

'mschroeder' thanks once again for all the help!!!!!!:)

Most importantly I have learnt alot from this post.......and I can finally put this post to rest.:D

Also thanks 'nav33n' for error reporting in PHP I will study the link.

Peace,
rEhSi_123