Results 1 to 9 of 9

Thread: Problem with script

  1. #1
    Join Date
    Jul 2006
    Location
    Canada
    Posts
    2,581
    Thanks
    13
    Thanked 28 Times in 28 Posts

    Default Problem with script

    Hi.

    I've made a log-in page, which really isn't a log-in page, it's just a verification page for people who know the password and username. Very simple really. But I keep getting a problem.

    Here is the script:

    PHP Code:
    $pass $_POST('pass');
    $user $_POST('user');
    if (
    $pass != "f45ls" && $user != "gxydef_user") {
    echo 
    "<script>onload=function() {document.body.style.display=\"none\"}</script>";
    }; 
    - Mike

  2. #2
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    I'm not familiar with how echo works in PHP but, if it doesn't require quotes, the outer pair should be removed:

    PHP Code:
    $pass $_POST('pass');
    $user $_POST('user');
    if (
    $pass != "f45ls" && $user != "gxydef_user") {
    echo <
    script>onload=function() {document.body.style.display="none"}</script>;
    }; 
    If it does require them, the inner pair should be escaped using whatever the PHP escape character is (if any) or replaced by single quotes:

    PHP Code:
    $pass $_POST('pass');
    $user $_POST('user');
    if (
    $pass != "f45ls" && $user != "gxydef_user") {
    echo 
    "<script>onload=function() {document.body.style.display='none'}</script>";
    }; 
    On the other hand, if this is just a javascript which is accepting input from the server, something like:

    Code:
    var pass = <? $_POST('pass') ?>;
    var user = <? $_POST('user') ?>;
    if (pass != "f45ls" && user != "gxydef_user") {
    document.write('<script>onload=function() {document.body.style.display="none"}<\/script>');
    };
    The && (logical and) might really be intended to be || (logical or).
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  3. #3
    Join Date
    Jul 2006
    Location
    Canada
    Posts
    2,581
    Thanks
    13
    Thanked 28 Times in 28 Posts

    Default

    I don't think you can use PHP inside JavaScript variables though.... Thanks for your help though.
    - Mike

  4. #4
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    There are far too many errors in this for it to run :-\

    PHP Code:
    $pass $_POST('pass');
    // Square brackets ("[" and "]") are used to access an array element.
    $user $_POST('user');
    // Ditto.

    if ($pass != "f45ls" && $user != "gxydef_user") {
    // As John said, you really want || here, or
    // it would let the user through if s/he got
    // only one right.  Also, braces are not necessary
    // when only one statement is conditional.
      
    echo "<script>onload=function() {document.body.style.display=\"none\"}</script>";
      
    // Relying on Javascript to do something like this
      // is pointless, overly verbose, and insecure.  Use
      // die() to prevent output from the rest of the page.
    };
    // This semicolon is unnecessary and possibly illegal. 
    In short:
    Code:
    if ($_POST['pass'] != 'f45ls' || $_POST['user'] != 'gxydef_user')
      die();
    Last edited by Twey; 09-02-2006 at 03:27 PM.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  5. #5
    Join Date
    Dec 2004
    Location
    UK
    Posts
    2,358
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by Twey
    Also, braces are not necessary when only one statement is conditional.
    No, they aren't required, but they are a good idea.

    Use die() to prevent output from the rest of the page.
    The exit function, preferably. The die function is an alias and should be avoided. See Appendix J List of Function Aliases in the PHP manual.

    };
    // This semicolon is unnecessary and possibly illegal.
    Probably not. I should imagine that it would be considered an empty statement.

    It would be nice if the PHP developers published a formal grammar. Perhaps because the language isn't designed with enough forethought, the grammar isn't stable enough to be included in the manual.

    Mike

  6. #6
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    There's no official one, but the PEAR coding standards provide guidelines.

    I must say, though, I've never liked braces on ifs. I've just hit a possible reason to use them, though: code where they're optional has a different scope just as if braces had been used, which is theoretically confusing.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  7. #7
    Join Date
    Jul 2006
    Location
    Canada
    Posts
    2,581
    Thanks
    13
    Thanked 28 Times in 28 Posts

    Default

    Well... Thanks Twey and mwinter. About the square-brackets in the form element, that was a huge typo, sorry about that .

    Is there a way to redirect the user to another page if the values aren't correct with PHP?
    - Mike

  8. #8
    Join Date
    Sep 2005
    Posts
    882
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default

    PHP Code:
    <?php
    if ($_POST['pass'] != 'f45ls' || $_POST['user'] != 'gxydef_user'){
        
    $url 'http://somepage.com/page.html';//MUST BE AN ABSOLUTE URI eg. http://www.somesite.com/page.html NOT page.html
        
    header('Location: '.$url,true,303);
        exit(
    '<html><head><title>Sorry</title><body><p>Sorry, you could not be automatically redirected. Please <a href="'.$url.'">click here</a>.</p></body></html>');
    }
    ?>

  9. #9
    Join Date
    Jul 2006
    Location
    Canada
    Posts
    2,581
    Thanks
    13
    Thanked 28 Times in 28 Posts

    Default

    Thanks!
    - Mike

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •