[SOLVED] Trying To Convert Old PHP Syntax To New... Without Success! :(

[EmperorJazzy]

Hi All,

 

Your assistance would be apprciated. I'm attempting to convert old PHP syntax to the new PHP syntax. Previously this form worked like a charm, though now, it does nothing exciting at all.

 

Could you give me guidance as to how I might address some issues;

 

1 - I understand that variables from a POST method are now prefixed with $_POST (I've attempted to use this below). Is this usage correct?

 

2 - I'm not sure how to call/reference the variables created from the mySQL query - Is it $_SERVER?

 

3 - And now I've created new variables to check password, and user existance, should these be prefixed $_POST also?

 

Thank you in advance for your assistance!

 

** WHOLE CODE DUMP **

<html>
  <head>
    <title>Website Title</title>

<?
if (($REQUEST_METHOD=='POST'))
{
mysql_pconnect("localhost","username","password")
					or die("Unable to connect to SQL server");
mysql_select_db("DBName") or die("Unable to select database");

$query = "SELECT * FROM tblUsers WHERE usrnme = $_POST['$usrnme']";
$fldchk = mysql_query($query) or die('mysql_error');

?> Past Connection<?

if (mysql_num_rows($fldchk) > 0)
{
	$pwchk = mysql_result($fldchk,0,"PWord");

	if ($pssword == $pwchk)
	{
		session_register($_POST["$usrnme"]);
		$log_user = $_POST["$usrnme"];

		// Use the session variable utype to show or hide the Admin links
		$ordersite = "index1.php";

	}
    		else
	{
		$wrongpw = 1;
	}
}
else
{
	$usrex = 1;
}
}


?>
  </head>

<body>


          <form method="post" action="index.php">

              Username
              <input type="text" name="usrnme" size="10" maxlength="10">
              <br>
              <br>
              Password
              <input type="password" name="pssword" size="10" maxlength="10">
              <br>



              <a href="mailto:[email protected]"><small>Forgotten your password?</small></a>


              <input type="image" src="images/rings.jpg" name=login alt="Login">

          </form>
         <p>

<?
if ($usrex == 1)
{
?>
            This user is not in the system.
            <br>
            Please <a href="mailto:[email protected]">email us</a> for account enquiries.
<?
}
if ($wrongpw == 1)
{
?>
            Incorrect password for <strong><? echo $usrnme; ?></strong>.
            <br>
            Please <a href="mailto:[email protected]">email us</a> if you have forgotten your password.
<?
}
?>         

  </body>
</html>

[MasterACE14]

<?php
if (($_REQUEST=='POST')) // im not 100% sure about $_REQUEST
{
mysql_connect("localhost","username","password") // removed the p from pconnect
					or die("Unable to connect to SQL server");
mysql_select_db("DBName") or die("Unable to select database");

$query = "SELECT * FROM `tblUsers` WHERE `usrnme` =" . $_POST['$usrnme'] . ""; // added ` and added 
                                                                                                         // periods to concoct the $_POST 
$fldchk = mysql_query($query) or die('mysql_error');

?> Past Connection<?php

if (mysql_num_rows($fldchk) > 0)
{
	$pwchk = mysql_result($fldchk,0,"PWord");

	if ($pssword == $pwchk)
	{
		$_SESSION["username"] = $_POST["$usrnme"]; // $_SESSION global is much more flexible then
                                                                                        // register function
		$log_user = $_POST["$usrnme"];

		// Use the session variable you type to show or hide the Admin links
		$ordersite = "index1.php";

	}
    		else
	{
		$wrongpw = 1;
	}
}
else
{
	$usrex = 1;
}
}


?>
  </head>

<body>


          <form method="post" action="index.php">

              Username
              <input type="text" name="usrnme" size="10" maxlength="10">
              <br>
              <br>
              Password
              <input type="password" name="pssword" size="10" maxlength="10">
              <br>



              <a href="mailto:[email protected]"><small>Forgotten your password?</small></a>


              <input type="image" src="images/rings.jpg" name=login alt="Login">

          </form>
         <p>

<?php
if ($usrex == 1)
{
?>
            This user is not in the system.
            <br>
            Please <a href="mailto:[email protected]">email us</a> for account enquiries.
<?php
}
if ($wrongpw == 1)
{
?>
            Incorrect password for <strong><? echo $usrnme; ?></strong>.
            <br>
            Please <a href="mailto:[email protected]">email us</a> if you have forgotten your password.
<?php
}
?>

 

I think that should just about do it. 

 

Regards ACE

 

 

[darkfreaks]

actually $REQUEST_METHOD was correct

[pocobueno1388]

$_POST["$usrnme"];

You don't put a dollar sign for the value inside the brackets. Change it to

$_POST['usrnme'];

 

if (($_REQUEST=='POST'))

Instead of that, I would use

if (isset($_POST['usrnme']))

 

Other than that, I think MasterACE14 hit them all.

[MasterACE14]

$_POST["$usrnme"];

You don't put a dollar sign for the value inside the brackets. Change it to

$_POST['usrnme'];

 

if (($_REQUEST=='POST'))

Instead of that, I would use

if (isset($_POST['usrnme']))

 

Other than that, I think MasterACE14 hit them all.

 

Thanks, completely missed the $ sign lol 

[EmperorJazzy]

Thanks all, appreciate your time. I've managed to now have the form 'work' however, if the incorrect information is entered, the errors are not showing.

 

<?php
if ($usrex == 1)
{
?>
            This user is not in the system.
            <br>
            Please <a href="mailto:[email protected]">email us</a> for account enquiries.
             <?php
             }
             ?>

 

Any ideas? If you require further information, I can provide

 

Try this web address to see output; http://www.internetfella.com.au/gift_registry/index.php

[~n[EO]n~]

I think it should be

 

if($_SERVER['REQUEST_METHOD'] == 'POST')

 

instead of

 

if (($_REQUEST=='POST'))

 

Am i right ??? or wrong

[MasterACE14]

your not wrong, but your not right,

if (isset($_POST['usrnme']))

pocobueno1388 has it right.

 

I'm not sure as to why it is doing that, but for this part:

<?php
if ($wrongpw == 1)

 

change it to this:

<?php
elseif ($wrongpw == 1)

 

[EmperorJazzy]

Ok gents... thanks for your help again. I changed a few things;

 

if($_SERVER['REQUEST_METHOD'] == 'POST')

 

and

 

$query = "SELECT * FROM tblUsers WHERE usrnme='" . $_POST['usrnme'] ."'";

 

Essentially, the $_SERVER request started to pass through the code. Came up with Query error. Checked the syntax of the query, and altered as above. Now it's returning goodness.

 

All - Thanks very much. You know this means there could be more queries coming from me?!

[MasterACE14]

we look forward to them 

[EmperorJazzy]

OK can I unsolve?! Haha...

 

Unfortunately, the error checking works, but the correct comparison doesn't. EG> Password matches that entered by the user.

 

Basically, I want the page to be redirected if it's the correct password for the user. Simple (so I thought). Ideas?

 

	$pwchk = mysql_result($fldchk,0,"PWord");

	if ($pssword == $pwchk)
	{
		$_SESSION["usrnme"] = $_POST["usrnme"];

		$log_user = $usrnme;

		// Use the session variable utype to show or hide the Admin links
		$ordersite = "index1.php";


		$direct_site = "http://www.internetfella.com.au";

		?>

		<script>
		document.location = '<?php echo $direct_site; ?>';
		</script>

[MasterACE14]

its simple alright, you've just done it the hard way 

 

this part:

<script>
		document.location = '<?php echo $direct_site; ?>';
		</script>

 

change it to this:

<?php
header("Location: http://www.internetfella.com.au");

 

ps. I like your website, Im guessing you live down in Victoria? or not to far from it? I live in Sydney ^^

[EmperorJazzy]

Thanks Master

 

The unfortunate thing is, it's continues to say incorrect password for user.

 

Username test2

Password openup

 

http://www.internetfella.com.au/gift_registry/index.php

 

P.S thanks, we should get in touch.

[MasterACE14]

hmm, I see what you mean. time to look through your code again 

could you please post your whole script now. Thanks

 

ps. you use MSN Messenger?

[EmperorJazzy]

Full code... Sorry for delay in posting.

 

<html>
  <head>
    <title>Website Title</title>

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
mysql_connect("localhost","username","password") or die("Unable to connect to SQL server");
mysql_select_db("database") or die("Unable to select database");

$query = "SELECT * FROM tblUsers WHERE usrnme='" . $_POST['usrnme'] ."'";

$fldchk = mysql_query($query) or die('mysql_error with query - '.$query);

if (mysql_num_rows($fldchk) > 0)
{
	$pwchk = mysql_result($fldchk,0,"PWord");

	if ($pssword == $pwchk)
	{
		$_SESSION["usrnme"] = $_POST["usrnme"];

		$log_user = $usrnme;

		// Use the session variable utype to show or hide the Admin links
		$ordersite = "index1.php";


		$direct_site = "http://www.internetfella.com.au";


		header("Location: " . $direct_site . "");

	}
    		else
	{
		$wrongpw = 1;
	}
}
else
{
	$usrex = 1;
}
}

?>

</head>

<body>


          <form method="post" action="index.php">

              Username
              <input type="text" name="usrnme" size="10" maxlength="10">
              <br>
              <br>
              Password
              <input type="password" name="pssword" size="10" maxlength="10">
              <br>



              <a href="mailto:[email protected]"><small>Forgotten your password?</small></a>


              <input type="image" src="images/rings.jpg" name=login alt="Login">

          </form>
         <p>

<?php
if ($usrex == 1)
{
?>
            This user is not in the system.
            <br>
            Please <a href="mailto:[email protected]">email us</a> for account enquiries.
<?php
}
elseif ($wrongpw == 1)
{
?>
            Incorrect password for <strong><? echo $_POST["usrnme"]; ?></strong>.
            <br>
            Please <a href="mailto:[email protected]">email us</a> if you have forgotten your password.
<?php
}
?>         

  </body>
</html>

[MasterACE14]

no problem 

 

before this:

<?php
$query = "SELECT * FROM tblUsers WHERE usrnme='" . $_POST['usrnme'] ."'";

 

you should put this:

<?php
if(!isset($_POST['usrnme']) || $_POST['usrnme'] == '') { die("please enter a username"); }

 

or better yet, replace this:

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')

 

with what I said above. That may fix the problem. Because then your starting Form Validation before anything has happened. Further more increasing your security, and stopping any unneccesary MySQL queries from happening.

 

 

[EmperorJazzy]

Yupe... that makes sure there is data for the username. Username checks are working already.

 

Anything on the password comparison end?

 

 

[darkfreaks]

try putting double quotes after $variable=="1"

[MasterACE14]

you could also double up with the validation right at the start like this:

<?php
if(!isset($_POST['usrnme']) || $_POST['usrnme'] == '') && if(!isset($_POST['pssword']) || $_POST['pssword'] == '')
{ die("please enter a username and password"); }

 

I found the problem with the password part, you haven't put the password $_POST into a common variable, you have if ($pssword == $pwchk) but their is no $pssword = $_POST["pssword"];

 

so put in what I've typed above, and put in the $pssword variable sometime before it is used.

 

and I think that may just fix your problem 

 

Regards ACE

[EmperorJazzy]

Ok, past that issue because of a silly $_POST being left out. Little things. :S

 

Now... the next part was to redirect the user. The below is the code I'm using, however, is not redirecting the page. Ideas?

 

		$direct_site = "http://www.internetfella.com.au";


		header("Location: " . $direct_site . "");

[darkfreaks]

<?php
header("Location:  http://www.internetfella.com.au");?>

[EmperorJazzy]

Nope... I tried that initially. Sorry.

 

But I'd like it to be dynamic so I can choose where to send the user. Thus the type of code.

[darkfreaks]

then use if else statements  with abunch of different headers 

[MasterACE14]

if its not redirecting you can try this:

<?php
ob_start();
header("Location:  http://www.internetfella.com.au");
ob_end_flush();

 

see if that helps.

 

Regards ACE

[EmperorJazzy]

Unfortunately, that didn't work either. :S