Member Avatar for Navlag

Hello, I am just playing around with PHP and I have a silly little little login page, with the username and password hard coded in (not secure, I know).

They are:

username and password, respectively.

Once logged in, there is a message saying I am logged in and a form shows up too.

I'm just curious, how come when I log in, the HTML block that shows the username and password fields does not go away? It stays there even when I'm logged in.

Can somebody please tell me what I'm doing wrong.

<?php
//ini_set('display_errors', 'On');
//error_reporting(E_ALL | E_STRICT);
require_once ("xmlrpc.inc");
require_once ("globals.php");

$logged_in = false;

if ($logged_in == false)
{
  login($_POST['username'], $_POST['passwd']);
  echo "<div class=\"container\">
  <div class=\"hero-unit\"><body><center>
  <body><center><form action=\"" . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] . "\" method=\"post\" style=\"margin:0; padding:0;\">\n"        
  ."  <table style=\"margin:0; padding:0;\">\n"
  ."    <tr><td>Username:</td><td><input name=\"username\" type=\"text\" class=\"loginfield\" value=\"".(isset($_POST['username']) ? $_POST['username'] : "")."\" /></td></tr>\n"
  ."    <tr><td>Password:</td><td><input name=\"passwd\" type=\"password\" class=\"loginfield\" /></td></tr>\n"
  ."    <tr><td>&nbsp;</td><td style=\"text-align:right;\"><input type=\"submit\" value=\"Login\" class=\"form_button\" style=\"margin-right:0;\" /></td></tr>\n"
  ."  </table>\n"
  ."</form></center></body>
  </div>
    <footer>                 
    </footer>
  </div>";
}

function login($user_name = null, $password = null)
{
  if ($user_name == username and $password == password)
  {
    echo 
    "<div class=\"container\">
    <div class=\"hero-unit\"><body><center>\"You ARE logged in!\"
    </div>
    </div>";
    $logged_in = true;
    if ($logged_in == true)
    {
      form();
    }
  }
  else
  {
    echo
    "<div class=\"container\">
    <div class=\"hero-unit\"><body><center>\"You are NOT logged in!\"
    </div>
    </div>";  
  }
}

function form()
{
  ini_set('display_errors', 'On');
  error_reporting(E_ALL | E_STRICT);

  /*
  $conn = oci_connect("user", "password", "//path/to");
  if (!$conn) 
  {
    $m = oci_error();
    echo $m['message'], "\n";
    exit;
  }
  else 
  {
    //print "You are connected to the VTC database!<br/>";
  }

  $issueType = $_POST['issueType'];
  $summary = $_POST['summary'];
  $endPointName = $_POST['endPointName'];
  $contactFirstName = $_POST['contactFirstName'];
  $contactLastName = $_POST['contactLastName'];
  $contactEmail = $_POST['contactEmail'];
  $contactPhone = $_POST['contactPhone'];
  $description = $_POST['description'];
  $solution = $_POST['solution'];
  $ticketNumber = $_POST['ticketNumber'];
  $resolved = $_POST['resolved'];
  $agency = $_POST['agency'];

  $insert = 'INSERT INTO VTC_HELPDESK_ISSUES(ISSUE_TYPE,ISSUE_SHORT,ENDPOINT_NAME,CONTACT_FIRST_NAME,CONTACT_LAST_NAME,CONTACT_EMAIL,CONTACT_PHONE,ISSUE_DESC,SOLUTION,OTHER_COMPANY_TICKET_NUM,RESOLVED,AGENCY) '.
  'VALUES(:issueType, :summary, :endPointName, :contactFirstName, :contactLastName, :contactEmail, :contactPhone, :description, :solution, :ticketNumber, :resolved, :agency)';

  $send = oci_parse($conn, $insert);

  //Binding makes it harder to submit anything directly to the Oracle DB
  oci_bind_by_name($send, ':issueType', $issueType);
  oci_bind_by_name($send, ':summary', $summary);
  oci_bind_by_name($send, ':endPointName', $endPointName);
  oci_bind_by_name($send, ':contactFirstName', $contactFirstName);
  oci_bind_by_name($send, ':contactLastName', $contactLastName);
  oci_bind_by_name($send, ':contactEmail', $contactEmail);
  oci_bind_by_name($send, ':contactPhone', $contactPhone);
  oci_bind_by_name($send, ':description', $description);
  oci_bind_by_name($send, ':solution', $solution);
  oci_bind_by_name($send, ':ticketNumber', $ticketNumber);
  oci_bind_by_name($send, ':resolved', $resolved);
  oci_bind_by_name($send, ':agency', $agency);

  oci_execute($send);
  */

  echo "<div class=\"container\">
  <div class=\"hero-unit\"><body><center>

  <form>
  <fieldset id = \"vtcForm\">
  <form action=\"index.php\" id=\"insert\" method=\"post\">";

  echo 
  "<center><label for=\"issueType\"><b>Issue Type</b><br/></label>
  <select name=\"issueType\" id = \"issueType\">
  <option>Support</option>
  <option>Hardware</option>
  <option>External Call</option>
  <option>Other</option>
  </select> 
  <br/><br/>

  <b>Summary of the Issue</b><br/>
  <textarea name=\"summary\" id = \"summary\" cols=\"200\" rows=\"10\"></textarea>
  <br/><br/>";

  /*
  print '<label for="testOption"><b>Test Option</b><br/></label>
  <select name="endPointName" id = "endPointName">';
  $conn = oci_connect("user", "password", "//path//to");
  $query = 'select endpoint_name from endpoint_ref';
  $stid = oci_parse($conn, $query);
  $result = oci_execute($stid); 
  while ($row = oci_fetch_array($stid, OCI_RETURN_NULLS+OCI_ASSOC)) 
  {
    foreach ($row as $item) {
    print '<option>'.($item !== null ? htmlentities($item, ENT_QUOTES) : '&nbsp').'</option>'; // but you should include an id or something for the option value
  }
  }
  print '</select> <br/><br/>';*/

  echo 
  "<label for=\"contactFirstName\"><b>Contact First Name</b><br/></label>
  <input type = \"text\"
    name = \"contactFirstName\"
    id = \"contactFirstName\"
  value = \"Some\" />
  <br/><br/>

  <label for=\"contactLastName\"><b>Contact Last Name</b><br/></label>
  <input type = \"text\"
    name = \"contactLastName\"
    id = \"contactLastName\"
    value = \"Body\" />
  <br/><br/>

  <label for=\"contactEmail\"><b>Contact E-Mail</b><br/></label>
  <input type = \"text\"
    name = \"contactEmail\"
    id = \"contactEmail\"
    value = \"Some@Body.com\" />
  <br/><br/>

  <label for=\"contactPhone\"><b>Contact Phone Number</b><br/></label>
  <input type = \"text\"
    name = \"contactPhone\"
    id = \"contactPhone\"
    value = \"(555) 555-5555\" />
  <br/><br/>

  <b>Full Description of Issue</b><br/>
  <textarea name=\"description\" cols=\"200\" rows=\"10\"></textarea>
  <br/><br/>

  <b>Solution</b><br/>
  <textarea name=\"solution\" cols=\"200\" rows=\"10\"></textarea>
  <br/><br/>

  <label for=\"ticketNumber\"><b>Ticket Number Reference</b><br/></label>
  <input type = \"text\"
    name = \"ticketNumber\"
    id = \"ticketNumber\"
    value = \"(555) 555-5555\" />
  <br/><br/>

  <label for=\"resolved\"><b>Resolved?</b><br/></label>
  <select name=\"resolved\" id = \"resolved\">
  <option>Yes</option>
  <option>No</option>
  </select> 
  <br/><br/>

  <label for=\"agency\"><b>Agency</b><br/></label>
  <select name=\"agency\" id = \"agency\">
    <option>FS</option>
    <option>FWS</option>
    <option>BLM</option>
  </select> 
  <br/><br/>

  </fieldset>
  <input type=\"submit\" value=\" Submit \" name='insert' />
  </form></center>

  </div>
    <footer>                 
    </footer>
  </div>";
}

?>

<!DOCTYPE html>
<!--[if lt IE 7]>      <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>         <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]>         <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>VTC Help Desk Issue Tracker</title>
  <meta name="description" content="">
  <meta name="viewport" content="width=device-width">
  <link rel="stylesheet" href="css/bootstrap.min.css">
  <style>
  body  
  {
    padding-top: 60px;
    padding-bottom: 40px;
  }
  </style>
  <link rel="stylesheet" href="css/bootstrap-responsive.min.css">
  <link rel="stylesheet" href="css/main.css">
  <script src="js/vendor/modernizr-2.6.1-respond-1.1.0.min.js"></script>
  </head>
    <body>
      <div class="navbar navbar-inverse navbar-fixed-top">
        <div class="navbar-inner">
          <div class="container">
            <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
              <span class="icon-bar"></span>
              <span class="icon-bar"></span>
              <span class="icon-bar"></span>
            </a>
            <a class="brand" href="index.php">VTC Help Desk Issue Tracker</a>
          </div>
        </div>
      </div>
      <?php

      ?>

      </div> <!-- /container -->

      <script src="js/vendor/bootstrap.min.js"></script>
      <script src="js/main.js"></script>
    </body>
</html>
  • 3 Contributors
  • 4 Replies
  • 304 Views
  • 20 Hours Discussion Span
  • Latest Post Latest Post by Navlag
Member Avatar for diafol

You've got this:

<td>Username:</td><td><input name=\"username\" type=\"text\" class=\"loginfield\" value=\"".(isset($_POST['username']) ? $_POST['username'] : "")."\" /></td>

So if you login successfully, the stuff will be displayed.

Sometimes you can get stuff stored on the browser. To avoid this, you can use:

autocomplete="off"

As an attribute in the input tag.

Member Avatar for Stefano Mtangoo

not sure I understand your query but its easier to separate things like
loginform.php where all login form html/php data goes
member.php contain memeber are protected for non members
index.php for putting things together

Now in index.php

if($userIsLoggedIn)//your mechanism for logging in
{
//set some member area variables here is a sample
$isMember=true;
include("member.php");
}
else
{
include("loginform.php");
}
Member Avatar for Navlag

Thanks Stefano Mtangoo,

I don't really have a real "login" method right now, this is mostly experimenting. I'm doing something like this:

<?php
//ini_set('display_errors', 'On');
//error_reporting(E_ALL | E_STRICT);

$userLoggedIn = 0;

if ($userLoggedIn == 1)
{
    include("form.php");
    echo "Logged In == " . $userLoggedIn;
}
else 
{
    include("login.php");
    echo "Logged In == " . $userLoggedIn;
}

?>

Right now, the "login.php" shows up alone and by logging in I can get the "form.php" page to show up by setting $userLoggedIn to 1 in the login function, the only problem is, that even then the "login.php" page shows up at the bottom.

So basically I can see the login page and then when I login I can see the form page...however while the form page is there, I can also see the login section under it.

Any ideas?

Member Avatar for Navlag

Actually, I got this figured out but thanks to both of you guys!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.