Ray P

Thanks for the hints. I got it working. As you could see from the code I posted that I started from your script and edited it to fit the planned pages on my site. I had the form action set to login.php as shown on the code above - which was correct for your sample site. But I had changed mine to use index php as the login page URI - and I failed to change the action target to match. I don't think I had a 'login.php' in the domain. Not sure if that was the only problem but changing it to index.php fixed it. What an ordeal. I was looking too many levels down. Regards, Ray

I'm having a heck of a time getting my login.php script to work. The form fails to submit whenever I enter the correct 'uname' and 'pass' combo. My Chrome dev / network watcher reports - in red no less - that the post was"cancelled" when that happens. Any bad combination of 'uname' and 'pass' will submit correctly using the 'post' method - but echoes the user error message that they don't match - as it should. What can "cancel" a form submit post after I hit the submit button? Is there some conditional test going on behind the scenes? I have turned off autofill from my password app. The Chrome dev window says the initiator of the submitted post 'cancellation' was "other" (than the script I assume). It only took 9 ms to do it. If I change the password/uname test if (@mysqli_num_rows($r) == 1) { . . . to always test true, the form submit always gets cancelled. And so the code in login.php never gets to test the pass-uname combo itself. That's the strange part. The form never submits and the page does not reload. It's as if some unseen code is triggered by the form submit button to look ahead to see if the uname and pass combo is in the db - and then cancels the submit 'post' if that is the case.. Any help is appreciated. Here's the code but I suspect there's something else going on. <?php // This is the login page for the site. require ('includes/header.html'); require ('config/config.inc.php'); $page_title = 'Login'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { require (MYSQL); echo "MYSQL loaded<br>"; // Validate the user name: if (!empty($_POST['uname'])) { echo "uname passed<br>"; $u = mysqli_real_escape_string ($dbc, $_POST['uname']); echo "var u = $u <br>"; } else { $u = FALSE; echo '<p class="error">You forgot to enter your username!</p>'; } // Validate the password: if (!empty($_POST['pass'])) { echo "pass passed<br>"; $p = mysqli_real_escape_string ($dbc, $_POST['pass']); echo "var p = $p <br>"; } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($u && $p) { echo "everything's OK<br>"; // Query the database: $q = "SELECT ID, ulevel FROM members WHERE (uname='$u' AND pass=('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { echo " A match was made<br>"; // Register the values: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); echo "Got here<br>"; // Redirect the user: $url = BASE_URL . 'php-main/memLibrary.php'; echo "url= $url <br>";// Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { echo "No pass:uname match!"; // No match was made. echo '<p class="error">Either the username and password entered do not match those on file or you have not yet activated your account.</p>'; } } // end of if (everthing == OK) else // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; mysqli_close($dbc); // In any case } // End of if(srm=='post') conditional ?> <!-- html started in header.html --> <body> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>User Name:</b> <input type="text" name="uname" size="20" autocomplete="off" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" autocomplete="off" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> </fieldset> </form> </body> </html>

Sorry if my updated response above confuses anyone. But I solved my problem while attempting to explain it in that comment. So I edited the comment since it hadn't been answered at that time. (early this morning US Pacific coast time) But, HarleySan answered the unedited version somehow. I think next time I'll just add another comment rather than edit an older one.

Hi HartletSan, Your answer to #3 makes perfect sense. It's more elegant than the one I came up with. Thanks for that. As for problem #1, I figured it out in the process of writing you a long explanation - which I erased. In CH18 Larry clearly says that the config.inc.php file is "included" on every page of the app. Somehow my brain read that as every "file" rather than every "page". My main page is a large table, about 18 columns by from a dozen to as many as a few hundred vertically scrolling rows. I build this main page using a primary php file that sets it up and then two other supporting php files which are "included" by the main file and access the database to fill in the cells". I was including the MYSQL constant and the config.inc.php file in each of the three files I used to construct the page - when, as I see now, I only needed to include each of the two configuration files once, for the whole page. I now have the config.inc.php file at the very start of the main file and the defined constant MYSQL included just before I first need the data base in the first supporting file. It all runs fine now and I learned something important. Thanks for being there. I'm glad I found this resource and also that I bought this great book. Every page is full of good stuff. I just have to read it more carefully. Ray P

I have spent several months trying to teach myself web programming. I've managed to create a pretty cool dynamic website that works OK - so far. Then I found this great book. I am now trying to incorporate some of these important ideas into my code. My first attempt was to use the ideas behind the use of the config.inc.php and mysqli_connect.php files as explained in CH 18. This became a disaster as I tried various schemes to make it work which caused me to revert to the previously saved version of my code and start over. Before I do I'd like to be sure I have a clear understand of what I'm trying to do. The four 'connect' parameters are 'defined' as constants in the mysqli_connect.php file. In the config.inc.php file I defined the constant MYSQL as the path to this mysqli_connect.php file. As I read chapter 18 it says that I can now - require MYSQL; - in any script where I need to connect to the database. Questions: 1) When I run the app I get an error saying that I can not redefine a constant. The mysqli-connect.php file does attempt to re-define the four connect constants every time it is run in a script where it was 'included' and so the error is totally expected. What am I not getting here? 2) If I 'include' this file many times in scripts that echo html to the browser would not the connect constants then appear on my pages and be readable to anyone who wishes to "view source" in their browser? I'm sure I'm missing some important basic concept here. Some more info that might be relevant: I created a 'config' folder in both my localhost xampp development environment and on my GoDaddy server account right under the root directory. In both accounts I keep the config.inc.php file in there. In the local account I have placed the mysqli_connect.php file in the same config folder. In the GoDaddy account I placed it in a directory just above the root. This way in the config.inc.php the 'define MYSQL' path is different in each account and point to the respective locations for the mysqli_connect.php file. All files except 'config.inc.php' in the app can be the same this way. To migrate working code to the online account as I make improvements I just move all folders under the root in the xampp account to the GoDaddy server under the 'public_html' folder - except for the config folder which I should never have to touch. 3) Is this the correct way to do this? Regarding questions 1 and 2, I realize I have some very basic misunderstanding but I can't figure out what it is. Thanks.