Πρόβλημα στο log in

Σε αυτή την περιοχή μπορείτε να βρείτε ή να αναζητήσετε πληροφορίες σχετικές με την PHP

Συντονιστές: WebDev Moderators, Super-Moderators, PHP Moderators

Απάντηση
nzak
Δημοσιεύσεις: 118
Εγγραφή: 16 Ιούλ 2010 09:59
Τοποθεσία: GR

Πρόβλημα στο log in

Δημοσίευση από nzak » 10 Μάιος 2011 12:41

Παιδιά καλημέρα. Έχω ένα προβληματάκι σε μία εργασία που κάνω όσον αφορά το log in του χρήστη. έχω τα εξής αρχεία:

index.php

Κώδικας: Επιλογή όλων

<?php session_start&#40;&#41;;
//header &#40;'Content-type&#58; text/html; charset=utf-8'&#41;;

  if&#40; $_GET&#91;'logout'&#93;==1&#41;
  &#123;
    $_SESSION&#91;'login'&#93;=0;
  &#125;

  if&#40; $_GET&#91;'login'&#93;==1&#41;
  &#123;
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

    mysql_select_db&#40;"ergasia", $con&#41;;
	  mysql_query&#40;"SET NAMES utf8"&#41;;
	
    $sql="SELECT * FROM user WHERE 1 AND log = '".$_POST&#91;"fname"&#93;."';";
    $result = mysql_query&#40;$sql&#41;;

    while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
    &#123;
      $id    = $row&#91;'id'&#93;;
      $suser   = $row&#91;'log'&#93;;
      $spassword = $row&#91;'password'&#93;;
		  $username = $row&#91;'name'&#93;;
		  $usersname = $row&#91;'surname'&#93;;		  
    &#125;

    if&#40; $_POST&#91;"fpassword"&#93; == $spassword &#41;
    &#123;
      $_SESSION&#91;'login'&#93; = 1;
      $_SESSION&#91;'id'&#93;  = $id;
			$_SESSION&#91;'username'&#93;  = $username;
			$_SESSION&#91;'usersname'&#93;  = $usersname;			
    &#125;
    else
    &#123;
      $_SESSION&#91;'login'&#93; = 0;
      $_SESSION&#91;'id'&#93;  = "";
    &#125;
    mysql_close&#40;$con&#41;;
  &#125;
?>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http&#58;//www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Free Css Layout</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<div id="container">
<div id="header"><h1>Τα βιβλία μου.</h1></div>
 <div id="wrapper">
  <div id="content"><?php

//ektipwnei tin forma sundesis otan den einai sundesmenos kanenas xristis
if&#40;$_SESSION&#91;'login'&#93;==0&#41;
&#123;
?>
  <div class="globallogin">
  <form action="index.php?login=1" method="post">
  <div class="login">Username&#58;   </div><div> <input type="text" name="fname" />     </div>
  <div class="login">Password&#58; </div><div> <input type="password" name="fpassword" /> </div>
  <input type="hidden" name="login" value="1">
  <input type="submit" />
  </form>
  </div>

<?php
&#125;
else
&#123;
	//apothikeuei ena neo biblio
  if&#40; $_GET&#91;'saveNew'&#93;==1&#41;
  &#123;
		//sundesi me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;
		
		//dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
	  mysql_query&#40;"SET NAMES utf8"&#41;;
	
		//print_r&#40;$_POST&#41;;echo "<HR>";
		
		//sql statement insert book
    $sql ="INSERT INTO book &#40;id, title, year, publisher&#41; VALUES &#40;'', '".$_POST&#91;"btitle"&#93;."','".$_POST&#91;"byear"&#93;."','".$_POST&#91;"bprint"&#93;."'&#41;;";
		mysql_query&#40;$sql&#41;;
		
		//sql statement insert autor
		$sql ="INSERT INTO author &#40;id, name, surname&#41; VALUES &#40;'', '".$_POST&#91;"bautor"&#93;."','".$_POST&#91;"bautors"&#93;."'&#41;;";
		mysql_query&#40;$sql&#41;;
		
		//
    $result = mysql_query&#40;"SELECT max&#40;id&#41; as max from book"&#41;;
		$row = mysql_fetch_array&#40;$result&#41;;
		$id_book=$row&#91;'max'&#93;;
				
		$result = mysql_query&#40;"SELECT max&#40;id&#41; as max from author"&#41;;
		$row = mysql_fetch_array&#40;$result&#41;;
		$id_autor=$row&#91;'max'&#93;;
				
		$sql ="INSERT INTO id &#40;id,id_author,id_book,id_user&#41; VALUES &#40;'',$id_autor ,$id_book , ".$_SESSION&#91;"id"&#93;."&#41;;";
			
		//ektelei to sql statement kai ektupwnei ama einai epituxis
    if&#40;mysql_query&#40;$sql&#41;&#41;
    &#123;
      echo "New Data inserted";
    &#125;
    
    mysql_close&#40;$con&#41;;
  &#125;

	//dialegei to biblio gia tripopiisi
  if&#40; $_GET&#91;'edit'&#93;==1&#41;
  &#123;
		//connection me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

		//dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
		mysql_query&#40;"SET NAMES utf8"&#41;;

		//sql statement 
    //echo $sql="SELECT author.name as name, author.surname, book.title FROM book, autor WHERE 1 AND id = '".$_GET&#91;'id'&#93;."'; ";
		
		$sql="SELECT author.id, author.name, author.surname, book.title, book.year, book.publisher FROM book, author, id WHERE 1 
				  AND book.id = '".$_GET&#91;'id'&#93;."'
				  AND author.id = id.id_author
				  AND id.id_user = ".$_SESSION&#91;"id"&#93;.";";
		
    $result = mysql_query&#40;$sql&#41;;

		//apothikeuei ta dedomena tou bibliou se meteblites
    while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
    &#123;
			$authorid=$row&#91;'id'&#93;;
      $autors = $row&#91;'surname'&#93;;
		  $autorn = $row&#91;'name'&#93;;	
		  $title = $row&#91;'title'&#93;;	
      $year  = $row&#91;'year'&#93;;
      $name  = $row&#91;'name'&#93;;
      $publisher = $row&#91;'publisher'&#93;;
    &#125;
    mysql_close&#40;$con&#41;;
  ?>

    <div class="global">
    <form action="index.php?update=1" method="post">
    <div class="lable">Ονομα Συγγραφέα&#58; </div><div>  <input type="text" name="bautors" value="<?php echo $autorn;?>" /></div>
    <div class="lable">Επιθετο Συγγραφέα&#58; </div><div> <input type="text" name="bautorn" value="<?php echo $autors;?>" /></div>		
    <div class="lable">Τίτλος&#58;</div><div> <input type="text" name="bname" value="<?php echo $title; ?>"/></div>
    <div class="lable">Χρονολογία Εκδοσης&#58;  </div><div> <input type="text" name="byear" value="<?php echo $year; ?>"/></div>
    <div class="lable">Εκδόσεις&#58; </div><div> <input type="text" name="bprint" value="<?php echo $publisher;?>"/></div>

    <input type="hidden" name="bid" value="<?php echo $_GET&#91;"id"&#93;; ?>"/>
    <input type="hidden" name="aid" value="<?php echo $authorid; ?>"/>
    <input type="submit" />
    </form>
    </div>

  <?php
  &#125;

	//apothikeuei mia allagi
  if&#40; $_GET&#91;'update'&#93;==1&#41;
  &#123;
		//connection me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
     die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

		//dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
		mysql_query&#40;"SET NAMES utf8"&#41;;
		
		//print_r&#40;$_POST&#41;;
		
		//sql statement gia to update tou biblioy
    $sql="UPDATE book SET title = '".$_POST&#91;"bname"&#93;."', year=".$_POST&#91;"byear"&#93;.", publisher='".$_POST&#91;"bprint"&#93;."' WHERE id = ".$_POST&#91;"bid"&#93;.";";

    if&#40;mysql_query&#40;$sql&#41;&#41;
    &#123;
      echo "Book data updated ";
    &#125;
    else
    &#123;
      echo "error in update book ";
    &#125;

		//update ton author
		$sql="UPDATE author SET name = '".$_POST&#91;"bautorn"&#93;."', surname='".$_POST&#91;"bautors"&#93;."' WHERE 1
       AND author.id = ".$_POST&#91;"aid"&#93;.";"; 
				  
    if&#40;mysql_query&#40;$sql&#41;&#41;
    &#123;
      echo "Author data updated";
    &#125;
    else
    &#123;
      echo "error in author update";
    &#125;    
		
		mysql_close&#40;$con&#41;;
  &#125;

	//ektupwnei tin forma gia neo biblio
  if&#40; $_GET&#91;'new'&#93;==1&#41;
  &#123;
  ?>
    <div class="global">
    <form action="index.php?saveNew=1" method="post">
    <div class="lable">Ονομα Συγγραφέα&#58;</div><div> <input type="text" name="bautor" /></div>
		<div class="lable">Επιθετο Συγγραφέα&#58;</div><div> <input type="text" name="bautors" /></div>		
    <div class="lable">Τίτλος&#58;</div><div> <input type="text" name="btitle" /></div>
    <div class="lable">Χρονολογία Εκδοσης&#58;  </div><div> <input type="text" name="byear" /></div>
    <div class="lable">Εκδόσεις&#58; </div><div> <input type="text" name="bprint" /></div>
    <input type="submit" />
    </form>
    </div>

  <?php
  &#125;

	//diagrafei to epelegmeno biblio
  if&#40; $_GET&#91;'delete'&#93;==1&#41;
  &#123;
		//sundesi me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

		//dialegei thn basi
    mysql_select_db&#40;"ergasia", $con&#41;;

		//sql statement
    $sql="DELETE FROM book WHERE id = '".$_GET&#91;"id"&#93;."';";

    if&#40;mysql_query&#40;$sql&#41;&#41;
    &#123;
      echo "data deleted";
    &#125;
    else
    &#123;
      echo "error in data deleted";
    &#125;

    mysql_close&#40;$con&#41;;
  &#125;

	//ektipvnei tin basi
  if&#40; $_GET&#91;'show'&#93;==1&#41;
  &#123;
		//sundesi me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

		//dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
		//eksagogi ton dedomenon se utf8
		mysql_query&#40;"SET NAMES utf8"&#41;;
		//sql statement
		
		$sql= "SELECT distinct book.id as id, book.title, book.year, book.publisher, author.name, author.surname 
		      FROM book, author, user, id 
				  WHERE 1 
					AND id.id_author = author.id
					AND id.id_book = book.id
					AND id.id_user = ".$_SESSION&#91;'id'&#93;.";"; 	
							
    $result = mysql_query&#40;$sql&#41;;
		echo "<br>";echo "<br>";
    $z=1;

    echo "<div class='globalout'>";

		//ektuponei ta blblia, analoga me ton epilegmeno tropo
    while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
    &#123;
		  //print_r&#40;$row&#41;;echo "<HR>";
		
      if&#40;$_GET&#91;'way'&#93;==1&#41;
      &#123;
        echo "<div>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .&#40;" .$row&#91;'year'&#93;. "&#41;.<i>" .$row&#91;'title'&#93;. "</i>." .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
      &#125;

      if&#40;$_GET&#91;'way'&#93;==2&#41;
      &#123;
        echo "<div><b>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. "</b>, " .$row&#91;'year'&#93;. " " .$row&#91;'title'&#93;. ", <i>" .$row&#91;'publisher'&#93;. "</i>," .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
      &#125;

      if&#40;$_GET&#91;'way'&#93;==3&#41;
      &#123;
        echo "<div>".$z.".&nbsp;&nbsp;&nbsp;&nbsp;".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .<i>" .$row&#91;'year'&#93;. "</i>." .$row&#91;'title'&#93;."&#58; ".$row&#91;'publisher'&#93;." <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
        $z++;
      &#125;
    &#125;

    echo "</div>";
    mysql_close&#40;$con&#41;;
  &#125;

	//ektipwnei tin forma tis anazitisis
  if&#40;$_GET&#91;"search"&#93;==1&#41;
  &#123;
  ?>
    <div class="global">
    <form action="index.php?startsearch=1" method="post">
    <div class="lable"></div><div> <input type="text" name="s_search" /><input type="submit" value="αναζήτηση" /></div>
    </form>
    </div>
  <?php
  &#125;

	// 
  if&#40;$_GET&#91;"startsearch"&#93;==1&#41;
  &#123;
		if&#40;!empty&#40;$_POST&#91;"s_search"&#93;&#41;&#41;
		&#123;
			$con = mysql_connect&#40;"localhost","root",""&#41;;
			if &#40;!$con&#41;
			&#123;
			die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
			&#125;

			mysql_select_db&#40;"ergasia", $con&#41;;
			mysql_query&#40;"SET NAMES utf8"&#41;;
			
			$sql ="SELECT book.id as id, book.title FROM book, id WHERE 1
						AND book.id = id.id_book
						AND book.title LIKE '%".$_POST&#91;"s_search"&#93;."%'
						AND id.id_user = ".$_SESSION&#91;'id'&#93;.";"; 	
						
			$result = mysql_query&#40;$sql&#41;;

			echo "<div> Results for&#58; ".$_POST&#91;"s_search"&#93;."<br><br>";
		
			while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
			&#123;
				echo "<div><a href='./index.php?showbook=".$row&#91;'id'&#93;."'>".$row&#91;'title'&#93;."</a></div><br>";
			&#125;

			echo "</div>";

			mysql_close&#40;$con&#41;;
		&#125;
		else
		&#123;
			echo "Αναζήτηση χωρίς αποτέλεσμα!";
		&#125;
  &#125;

  if&#40; !empty&#40;$_GET&#91;"showbook"&#93;&#41;&#41;
  &#123;
  //connect stin basi
  $con = mysql_connect&#40;"localhost","root",""&#41;;

  if &#40;!$con&#41;
  &#123;
   die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
  &#125;

  //dialegei tin basi
  mysql_select_db&#40;"ergasia", $con&#41;;
	mysql_query&#40;"SET NAMES utf8"&#41;;
	
  //sql statement
  //$sql="SELECT * FROM book,  WHERE 1 AND book.id =".$_GET&#91;"showbook"&#93;.";";
		
		 $sql= "SELECT book.title, book.year, book.publisher, author.name, author.surname 
		      FROM book, author, user, id 
				  WHERE 1 
					AND id.id_author = author.id
					AND book.id =".$_GET&#91;"showbook"&#93;."
					AND id.id_user = user.id
					AND id.id = ".$_SESSION&#91;'id'&#93;.";"; 	
	
	
  $result = mysql_query&#40;$sql&#41;;

  echo "<div>";

  //ektipwsi
  while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
  &#123;
     echo "<div>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .&#40;" .$row&#91;'year'&#93;. "&#41;.<i>" .$row&#91;'title'&#93;. "</i>." .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$_GET&#91;"showbook"&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$_GET&#91;"showbook"&#93;."'>edit</a></div>";
  &#125;

  echo "</div>";

  //aposundesi apo tin basi
  mysql_close&#40;$con&#41;;
  &#125;


  //ektipwnei to arxiko minima
  if&#40;empty&#40;$_GET&#41; OR $_GET&#91;'login'&#93;==1&#41;
  &#123;
    echo "Καλως ορίσατε ".$_SESSION&#91;'username'&#93;." ".$_SESSION&#91;'usersname'&#93;." Παρακαλώ διαλέξτε τον τρόπο παρουσίασης";
  &#125;


&#125;

?>

  </div>
 </div>
 <div id="navigation">
  <ul>
   <li><a href="./index.php">Αρχική</a></li>
   <li><a href="./index.php?new=1">Νέο Βιβλίο</a></li>	 
   <li><a href="./index.php?show=1&way=1">Παρουσίαση Α΄</a></li>
   <li><a href="./index.php?show=1&way=2">Παρουσίαση Β΄</a></li>
   <li><a href="./index.php?show=1&way=3">Παρουσίαση Γ΄</a></li>
   <li><a href="./index.php?search=1">Ερευνά</a></li>
   <li><a href="./index.php?logout=1">Αποσύνδεση</a></li>
  </ul>
 </div>

 <div id="footer">
  <p>Layout08 from http&#58;//www.free-css.com/free-css-layouts/page1.php</p>
 </div>
</div>
</body>
</html>
και το

sql_dump.sql

Κώδικας: Επιλογή όλων

-- phpMyAdmin SQL Dump
-- version 3.2.0.1
-- http&#58;//www.phpmyadmin.net
--
-- Host&#58; localhost
-- Erstellungszeit&#58; 09. Juni 2010 um 21&#58;59
-- Server Version&#58; 5.1.37
-- PHP-Version&#58; 5.3.0

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Datenbank&#58; `ergasia`
--

-- --------------------------------------------------------

--
-- Tabellenstruktur f&#252;r Tabelle `author`
--

CREATE TABLE IF NOT EXISTS `author` &#40;
 `id` int&#40;4&#41; NOT NULL AUTO_INCREMENT,
 `name` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
 `surname` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
 UNIQUE KEY `id` &#40;`id`&#41;,
 UNIQUE KEY `id_2` &#40;`id`&#41;
&#41; ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ;

--
-- Daten f&#252;r Tabelle `author`
--

INSERT INTO `author` &#40;`id`, `name`, `surname`&#41; VALUES
&#40;1, 'Κιουντούζης', 'Ευάγγελος'&#41;,
&#40;2, 'Άρθουρ', 'Καίσλερ'&#41;,
&#40;7, 'Καλλας', 'Μαρια'&#41;,
&#40;6, 'Αρης', 'Τζοχας'&#41;;

-- --------------------------------------------------------

--
-- Tabellenstruktur f&#252;r Tabelle `book`
--

CREATE TABLE IF NOT EXISTS `book` &#40;
 `id` int&#40;4&#41; NOT NULL AUTO_INCREMENT,
 `title` text CHARACTER SET utf8 NOT NULL,
 `year` int&#40;11&#41; NOT NULL,
 `publisher` text CHARACTER SET utf8 NOT NULL,
 PRIMARY KEY &#40;`id`&#41;
&#41; ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=23 ;

--
-- Daten f&#252;r Tabelle `book`
--

INSERT INTO `book` &#40;`id`, `title`, `year`, `publisher`&#41; VALUES
&#40;5, 'Μεθοδολογίες Ανάλυσης και Σχεδιασμού Πληροφοριακών Συστημάτων', 2001, 'Μπένος'&#41;,
&#40;2, 'Το Φάντασμα στη Μηχανή', 1977, 'Χατζηνικολής'&#41;,
&#40;1, 'Μια φορα', 2009, 'Χατζηνικολής'&#41;,
&#40;22, 'Η ζωη μου', 1961, 'Μουντζουρης'&#41;,
&#40;21, 'Η ζωη ειναι ωραια', 2006, 'Ρουσος'&#41;;

-- --------------------------------------------------------

--
-- Tabellenstruktur f&#252;r Tabelle `id`
--

CREATE TABLE IF NOT EXISTS `id` &#40;
 `id` int&#40;11&#41; NOT NULL AUTO_INCREMENT,
 `id_author` int&#40;11&#41; NOT NULL,
 `id_book` int&#40;11&#41; NOT NULL,
 `id_user` int&#40;11&#41; NOT NULL,
 UNIQUE KEY `id` &#40;`id`&#41;
&#41; ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=20 ;

--
-- Daten f&#252;r Tabelle `id`
--

INSERT INTO `id` &#40;`id`, `id_author`, `id_book`, `id_user`&#41; VALUES
&#40;1, 1, 5, 1&#41;,
&#40;2, 2, 2, 2&#41;,
&#40;3, 1, 1, 2&#41;,
&#40;18, 6, 21, 2&#41;,
&#40;19, 7, 22, 1&#41;;

-- --------------------------------------------------------

--
-- Tabellenstruktur f&#252;r Tabelle `user`
--

CREATE TABLE IF NOT EXISTS `user` &#40;
 `id` int&#40;4&#41; NOT NULL AUTO_INCREMENT,
 `log` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
 `password` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
 `name` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
 `surname` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
 UNIQUE KEY `id` &#40;`id`&#41;
&#41; ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=3 ;

--
-- Daten f&#252;r Tabelle `user`
--

INSERT INTO `user` &#40;`id`, `log`, `password`, `name`, `surname`&#41; VALUES
&#40;1, 'user1', 'user1', 'Ευάγγελος', 'Διαμαντης'&#41;,
&#40;2, 'user2', 'user2', 'Πετρος', 'Καραδημας'&#41;;
Μήπως μπορείτε να μου πείτε τι κάνω λάθος. Δεν ξέρω και πάρα πολλά πράγματα από php. Πρόσφατα ξεκίνησα να ασχολούμαι. Ευχαριστώ!

Άβαταρ μέλους
stevebat
Script Master
Δημοσιεύσεις: 307
Εγγραφή: 05 Αύγ 2009 15:54
Επικοινωνία:

Πρόβλημα στο log in

Δημοσίευση από stevebat » 10 Μάιος 2011 15:03

Συγνώμη αυτό το $sql="SELECT * FROM user WHERE 1 AND log = '".$_POST["fname"]."';";

υπάρχει το WHERE 1 ...?? γιατί πρώτη φορά το βλέπω; Και δεν λέει το google τίποτα


Αν ισχύει βάλε αυτό είδα πολλά λάθη

Γιατί κάνεις 10 φορές connect στη βάση;

Κώδικας: Επιλογή όλων

<?php session_start&#40;&#41;;
//header &#40;'Content-type&#58; text/html; charset=utf-8'&#41;;

  if&#40; $_GET&#91;'logout'&#93;==1&#41;
  &#123;
    $_SESSION&#91;'login'&#93;=0;
  &#125;

  if&#40; $_GET&#91;'login'&#93;==1&#41;
  &#123;
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

    mysql_select_db&#40;"ergasia", $con&#41;;
    mysql_query&#40;"SET NAMES utf8"&#41;;
  
    $sql="SELECT * FROM user WHERE 1 AND log = '".$_POST&#91;"fname"&#93;."'";
    $result = mysql_query&#40;$sql&#41;;

    while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
    &#123;
      $id    = $row&#91;'id'&#93;;
      $suser   = $row&#91;'log'&#93;;
      $spassword = $row&#91;'password'&#93;;
     $username = $row&#91;'name'&#93;;
     $usersname = $row&#91;'surname'&#93;;     
    &#125;

    if&#40; $_POST&#91;"fpassword"&#93; == $spassword &#41;
    &#123;
      $_SESSION&#91;'login'&#93; = 1;
      $_SESSION&#91;'id'&#93;  = $id;
     $_SESSION&#91;'username'&#93;  = $username;
     $_SESSION&#91;'usersname'&#93;  = $usersname;     
    &#125;
    else
    &#123;
      $_SESSION&#91;'login'&#93; = 0;
      $_SESSION&#91;'id'&#93;  = "";
    &#125;
    mysql_close&#40;$con&#41;;
  &#125;
?>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http&#58;//www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Free Css Layout</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<div id="container">
<div id="header"><h1>Τα βιβλία μου.</h1></div>
 <div id="wrapper">
  <div id="content"><?php

//ektipwnei tin forma sundesis otan den einai sundesmenos kanenas xristis
if&#40;$_SESSION&#91;'login'&#93;==0&#41;
&#123;
?>
  <div class="globallogin">
  <form action="index.php?login=1" method="post">
  <div class="login">Username&#58;   </div><div> <input type="text" name="fname" />     </div>
  <div class="login">Password&#58; </div><div> <input type="password" name="fpassword" /> </div>
  <input type="hidden" name="login" value="1">
  <input type="submit" />
  </form>
  </div>

<?php
&#125;
else
&#123;
  //apothikeuei ena neo biblio
  if&#40; $_GET&#91;'saveNew'&#93;==1&#41;
  &#123;
   //sundesi me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;
   
   //dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
    mysql_query&#40;"SET NAMES utf8"&#41;;
  
   //print_r&#40;$_POST&#41;;echo "<HR>";
   
   //sql statement insert book
    $sql ="INSERT INTO book &#40;id, title, year, publisher&#41; VALUES &#40;'', '".$_POST&#91;"btitle"&#93;."','".$_POST&#91;"byear"&#93;."','".$_POST&#91;"bprint"&#93;."'&#41;";
   mysql_query&#40;$sql&#41;;
   
   //sql statement insert autor
   $sql ="INSERT INTO author &#40;id, name, surname&#41; VALUES &#40;'', '".$_POST&#91;"bautor"&#93;."','".$_POST&#91;"bautors"&#93;."'&#41;";
   mysql_query&#40;$sql&#41;;
   
   //
    $result = mysql_query&#40;"SELECT max&#40;id&#41; as max from book"&#41;;
   $row = mysql_fetch_array&#40;$result&#41;;
   $id_book=$row&#91;'max'&#93;;
      
   $result = mysql_query&#40;"SELECT max&#40;id&#41; as max from author"&#41;;
   $row = mysql_fetch_array&#40;$result&#41;;
   $id_autor=$row&#91;'max'&#93;;
      
   $sql ="INSERT INTO id &#40;id,id_author,id_book,id_user&#41; VALUES &#40;'',$id_autor ,$id_book , ".$_SESSION&#91;"id"&#93;."&#41;";
     
   //ektelei to sql statement kai ektupwnei ama einai epituxis
    if&#40;mysql_query&#40;$sql&#41;&#41;
    &#123;
      echo "New Data inserted";
    &#125;
    
    mysql_close&#40;$con&#41;;
  &#125;

  //dialegei to biblio gia tripopiisi
  if&#40; $_GET&#91;'edit'&#93;==1&#41;
  &#123;
   //connection me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

   //dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
   mysql_query&#40;"SET NAMES utf8"&#41;;

   //sql statement
    //echo $sql="SELECT author.name as name, author.surname, book.title FROM book, autor WHERE 1 AND id = '".$_GET&#91;'id'&#93;."'; ";
   
   $sql="SELECT author.id, author.name, author.surname, book.title, book.year, book.publisher FROM book, author, id WHERE 1
        AND book.id = '".$_GET&#91;'id'&#93;."'
        AND author.id = id.id_author
        AND id.id_user = ".$_SESSION&#91;"id"&#93;."";
   
    $result = mysql_query&#40;$sql&#41;;

   //apothikeuei ta dedomena tou bibliou se meteblites
    while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
    &#123;
     $authorid=$row&#91;'id'&#93;;
      $autors = $row&#91;'surname'&#93;;
     $autorn = $row&#91;'name'&#93;;  
     $title = $row&#91;'title'&#93;;  
      $year  = $row&#91;'year'&#93;;
      $name  = $row&#91;'name'&#93;;
      $publisher = $row&#91;'publisher'&#93;;
    &#125;
    mysql_close&#40;$con&#41;;
  ?>

    <div class="global">
    <form action="index.php?update=1" method="post">
    <div class="lable">Ονομα Συγγραφέα&#58; </div><div>  <input type="text" name="bautors" value="<?php echo $autorn;?>" /></div>
    <div class="lable">Επιθετο Συγγραφέα&#58; </div><div> <input type="text" name="bautorn" value="<?php echo $autors;?>" /></div>   
    <div class="lable">Τίτλος&#58;</div><div> <input type="text" name="bname" value="<?php echo $title; ?>"/></div>
    <div class="lable">Χρονολογία Εκδοσης&#58;  </div><div> <input type="text" name="byear" value="<?php echo $year; ?>"/></div>
    <div class="lable">Εκδόσεις&#58; </div><div> <input type="text" name="bprint" value="<?php echo $publisher;?>"/></div>

    <input type="hidden" name="bid" value="<?php echo $_GET&#91;"id"&#93;; ?>"/>
    <input type="hidden" name="aid" value="<?php echo $authorid; ?>"/>
    <input type="submit" />
    </form>
    </div>

  <?php
  &#125;

  //apothikeuei mia allagi
  if&#40; $_GET&#91;'update'&#93;==1&#41;
  &#123;
   //connection me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
     die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

   //dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
   mysql_query&#40;"SET NAMES utf8"&#41;;
   
   //print_r&#40;$_POST&#41;;
   
   //sql statement gia to update tou biblioy
    $sql="UPDATE book SET title = '".$_POST&#91;"bname"&#93;."', year=".$_POST&#91;"byear"&#93;.", publisher='".$_POST&#91;"bprint"&#93;."' WHERE id = ".$_POST&#91;"bid"&#93;."";

    if&#40;mysql_query&#40;$sql&#41;&#41;
    &#123;
      echo "Book data updated ";
    &#125;
    else
    &#123;
      echo "error in update book ";
    &#125;

   //update ton author
   $sql="UPDATE author SET name = '".$_POST&#91;"bautorn"&#93;."', surname='".$_POST&#91;"bautors"&#93;."' WHERE 1
       AND author.id = ".$_POST&#91;"aid"&#93;."";
        
    if&#40;mysql_query&#40;$sql&#41;&#41;
    &#123;
      echo "Author data updated";
    &#125;
    else
    &#123;
      echo "error in author update";
    &#125;    
   
   mysql_close&#40;$con&#41;;
  &#125;

  //ektupwnei tin forma gia neo biblio
  if&#40; $_GET&#91;'new'&#93;==1&#41;
  &#123;
  ?>
    <div class="global">
    <form action="index.php?saveNew=1" method="post">
    <div class="lable">Ονομα Συγγραφέα&#58;</div><div> <input type="text" name="bautor" /></div>
   <div class="lable">Επιθετο Συγγραφέα&#58;</div><div> <input type="text" name="bautors" /></div>   
    <div class="lable">Τίτλος&#58;</div><div> <input type="text" name="btitle" /></div>
    <div class="lable">Χρονολογία Εκδοσης&#58;  </div><div> <input type="text" name="byear" /></div>
    <div class="lable">Εκδόσεις&#58; </div><div> <input type="text" name="bprint" /></div>
    <input type="submit" />
    </form>
    </div>

  <?php
  &#125;

  //diagrafei to epelegmeno biblio
  if&#40; $_GET&#91;'delete'&#93;==1&#41;
  &#123;
   //sundesi me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

   //dialegei thn basi
    mysql_select_db&#40;"ergasia", $con&#41;;

   //sql statement
    $sql="DELETE FROM book WHERE id = '".$_GET&#91;"id"&#93;."'";

    if&#40;mysql_query&#40;$sql&#41;&#41;
    &#123;
      echo "data deleted";
    &#125;
    else
    &#123;
      echo "error in data deleted";
    &#125;

    mysql_close&#40;$con&#41;;
  &#125;

  //ektipvnei tin basi
  if&#40; $_GET&#91;'show'&#93;==1&#41;
  &#123;
   //sundesi me tin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;
    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

   //dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
   //eksagogi ton dedomenon se utf8
   mysql_query&#40;"SET NAMES utf8"&#41;;
   //sql statement
   
   $sql= "SELECT distinct book.id as id, book.title, book.year, book.publisher, author.name, author.surname
         FROM book, author, user, id
        WHERE 1
        AND id.id_author = author.id
        AND id.id_book = book.id
        AND id.id_user = ".$_SESSION&#91;'id'&#93;."";  
           
    $result = mysql_query&#40;$sql&#41;;
   echo "<br>";echo "<br>";
    $z=1;

    echo "<div class='globalout'>";

   //ektuponei ta blblia, analoga me ton epilegmeno tropo
    while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
    &#123;
     //print_r&#40;$row&#41;;echo "<HR>";
   
      if&#40;$_GET&#91;'way'&#93;==1&#41;
      &#123;
        echo "<div>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .&#40;" .$row&#91;'year'&#93;. "&#41;.<i>" .$row&#91;'title'&#93;. "</i>." .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
      &#125;

      if&#40;$_GET&#91;'way'&#93;==2&#41;
      &#123;
        echo "<div><b>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. "</b>, " .$row&#91;'year'&#93;. " " .$row&#91;'title'&#93;. ", <i>" .$row&#91;'publisher'&#93;. "</i>," .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
      &#125;

      if&#40;$_GET&#91;'way'&#93;==3&#41;
      &#123;
        echo "<div>".$z.".&nbsp;&nbsp;&nbsp;&nbsp;".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .<i>" .$row&#91;'year'&#93;. "</i>." .$row&#91;'title'&#93;."&#58; ".$row&#91;'publisher'&#93;." <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
        $z++;
      &#125;
    &#125;

    echo "</div>";
    mysql_close&#40;$con&#41;;
  &#125;

  //ektipwnei tin forma tis anazitisis
  if&#40;$_GET&#91;"search"&#93;==1&#41;
  &#123;
  ?>
    <div class="global">
    <form action="index.php?startsearch=1" method="post">
    <div class="lable"></div><div> <input type="text" name="s_search" /><input type="submit" value="αναζήτηση" /></div>
    </form>
    </div>
  <?php
  &#125;

  //
  if&#40;$_GET&#91;"startsearch"&#93;==1&#41;
  &#123;
   if&#40;!empty&#40;$_POST&#91;"s_search"&#93;&#41;&#41;
   &#123;
     $con = mysql_connect&#40;"localhost","root",""&#41;;
     if &#40;!$con&#41;
     &#123;
     die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
     &#125;

     mysql_select_db&#40;"ergasia", $con&#41;;
     mysql_query&#40;"SET NAMES utf8"&#41;;
     
     $sql ="SELECT book.id as id, book.title FROM book, id WHERE 1
         AND book.id = id.id_book
         AND book.title LIKE '%".$_POST&#91;"s_search"&#93;."%'
         AND id.id_user = ".$_SESSION&#91;'id'&#93;."";  
         
     $result = mysql_query&#40;$sql&#41;;

     echo "<div> Results for&#58; ".$_POST&#91;"s_search"&#93;."<br><br>";
   
     while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
     &#123;
      echo "<div><a href='./index.php?showbook=".$row&#91;'id'&#93;."'>".$row&#91;'title'&#93;."</a></div><br>";
     &#125;

     echo "</div>";

     mysql_close&#40;$con&#41;;
   &#125;
   else
   &#123;
     echo "Αναζήτηση χωρίς αποτέλεσμα!";
   &#125;
  &#125;

  if&#40; !empty&#40;$_GET&#91;"showbook"&#93;&#41;&#41;
  &#123;
  //connect stin basi
  $con = mysql_connect&#40;"localhost","root",""&#41;;

  if &#40;!$con&#41;
  &#123;
   die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
  &#125;

  //dialegei tin basi
  mysql_select_db&#40;"ergasia", $con&#41;;
  mysql_query&#40;"SET NAMES utf8"&#41;;
  
  //sql statement
  //$sql="SELECT * FROM book,  WHERE 1 AND book.id =".$_GET&#91;"showbook"&#93;."";
   
    $sql= "SELECT book.title, book.year, book.publisher, author.name, author.surname
         FROM book, author, user, id
        WHERE 1
        AND id.id_author = author.id
        AND book.id =".$_GET&#91;"showbook"&#93;."
        AND id.id_user = user.id
        AND id.id = ".$_SESSION&#91;'id'&#93;."";  
  
  
  $result = mysql_query&#40;$sql&#41;;

  echo "<div>";

  //ektipwsi
  while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
  &#123;
     echo "<div>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .&#40;" .$row&#91;'year'&#93;. "&#41;.<i>" .$row&#91;'title'&#93;. "</i>." .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$_GET&#91;"showbook"&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$_GET&#91;"showbook"&#93;."'>edit</a></div>";
  &#125;

  echo "</div>";

  //aposundesi apo tin basi
  mysql_close&#40;$con&#41;;
  &#125;


  //ektipwnei to arxiko minima
  if&#40;empty&#40;$_GET&#41; OR $_GET&#91;'login'&#93;==1&#41;
  &#123;
    echo "Καλως ορίσατε ".$_SESSION&#91;'username'&#93;." ".$_SESSION&#91;'usersname'&#93;." Παρακαλώ διαλέξτε τον τρόπο παρουσίασης";
  &#125;


&#125;

?>

  </div>
 </div>
 <div id="navigation">
  <ul>
   <li><a href="./index.php">Αρχική</a></li>
   <li><a href="./index.php?new=1">Νέο Βιβλίο</a></li>  
   <li><a href="./index.php?show=1&way=1">Παρουσίαση Α΄</a></li>
   <li><a href="./index.php?show=1&way=2">Παρουσίαση Β΄</a></li>
   <li><a href="./index.php?show=1&way=3">Παρουσίαση Γ΄</a></li>
   <li><a href="./index.php?search=1">Ερευνά</a></li>
   <li><a href="./index.php?logout=1">Αποσύνδεση</a></li>
  </ul>
 </div>

 <div id="footer">
  <p>Layout08 from http&#58;//www.free-css.com/free-css-layouts/page1.php</p>
 </div>
</div>
</body>
</html>

Απάντηση

Επιστροφή στο “PHP Προγραμματισμός”

Μέλη σε σύνδεση

Μέλη σε αυτήν τη Δ. Συζήτηση: Δεν υπάρχουν εγγεγραμμένα μέλη και 1 επισκέπτης