Πρόβλημα στο log in

Σε αυτή την περιοχή μπορείτε να βρείτε ή να αναζητήσετε πληροφορίες σχετικές με την PHP

Συντονιστές: WebDev Moderators, Super-Moderators, PHP Moderators

Απάντηση
nzak
Δημοσιεύσεις: 118
Εγγραφή: 16 Ιούλ 2010 09:59
Τοποθεσία: GR

Πρόβλημα στο log in

Δημοσίευση από nzak » 10 Μάιος 2011 12:41

Παιδιά καλημέρα. Έχω ένα προβληματάκι σε μία εργασία που κάνω όσον αφορά το log in του χρήστη. έχω τα εξής αρχεία:

index.php

Κώδικας: Επιλογή όλων

<?php session_start&#40;&#41;;
//header &#40;'Content-type&#58; text/html; charset=utf-8'&#41;;

    if&#40; $_GET&#91;'logout'&#93;==1&#41;
    &#123;
        $_SESSION&#91;'login'&#93;=0;
    &#125;

    if&#40; $_GET&#91;'login'&#93;==1&#41;
    &#123;
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
           die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

        mysql_select_db&#40;"ergasia", $con&#41;;
	    mysql_query&#40;"SET NAMES utf8"&#41;;
	
        $sql="SELECT * FROM user WHERE 1 AND log = '".$_POST&#91;"fname"&#93;."';";
        $result = mysql_query&#40;$sql&#41;;

        while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
        &#123;
           $id        = $row&#91;'id'&#93;;
           $suser     = $row&#91;'log'&#93;;
           $spassword = $row&#91;'password'&#93;;
		   $username  = $row&#91;'name'&#93;;
		   $usersname = $row&#91;'surname'&#93;;		   
        &#125;

        if&#40; $_POST&#91;"fpassword"&#93; == $spassword &#41;
        &#123;
            $_SESSION&#91;'login'&#93; = 1;
            $_SESSION&#91;'id'&#93;    = $id;
			$_SESSION&#91;'username'&#93;    = $username;
			$_SESSION&#91;'usersname'&#93;    = $usersname;			
        &#125;
        else
        &#123;
            $_SESSION&#91;'login'&#93; = 0;
            $_SESSION&#91;'id'&#93;    = "";
        &#125;
        mysql_close&#40;$con&#41;;
    &#125;
?>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http&#58;//www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Free Css Layout</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<div id="container">
<div id="header"><h1>Τα βιβλία μου.</h1></div>
  <div id="wrapper">
    <div id="content">



<?php

//ektipwnei tin forma sundesis otan den einai sundesmenos kanenas xristis
if&#40;$_SESSION&#91;'login'&#93;==0&#41;
&#123;
?>
    <div class="globallogin">
    <form action="index.php?login=1" method="post">
    <div class="login">Username&#58;     </div><div> <input type="text" name="fname" />         </div>
    <div class="login">Password&#58; </div><div> <input type="password" name="fpassword" /> </div>
    <input type="hidden" name="login" value="1">
    <input type="submit" />
    </form>
    </div>

<?php
&#125;
else
&#123;
	//apothikeuei ena neo biblio
    if&#40; $_GET&#91;'saveNew'&#93;==1&#41;
    &#123;
		//sundesi me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
            die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;
		
		//dialegei tin basi
        mysql_select_db&#40;"ergasia", $con&#41;;
	    mysql_query&#40;"SET NAMES utf8"&#41;;
	
		//print_r&#40;$_POST&#41;;echo "<HR>";
		
		//sql statement insert book
        $sql ="INSERT INTO book &#40;id, title, year, publisher&#41; VALUES &#40;'', '".$_POST&#91;"btitle"&#93;."','".$_POST&#91;"byear"&#93;."','".$_POST&#91;"bprint"&#93;."'&#41;;";
		mysql_query&#40;$sql&#41;;
		
		//sql statement insert autor
		$sql ="INSERT INTO author &#40;id, name, surname&#41; VALUES &#40;'', '".$_POST&#91;"bautor"&#93;."','".$_POST&#91;"bautors"&#93;."'&#41;;";
		mysql_query&#40;$sql&#41;;
		
		//
        $result = mysql_query&#40;"SELECT max&#40;id&#41; as max from book"&#41;;
		$row = mysql_fetch_array&#40;$result&#41;;
		$id_book=$row&#91;'max'&#93;;
				
		$result = mysql_query&#40;"SELECT max&#40;id&#41; as max from author"&#41;;
		$row = mysql_fetch_array&#40;$result&#41;;
		$id_autor=$row&#91;'max'&#93;;
				
		$sql ="INSERT INTO id &#40;id,id_author,id_book,id_user&#41; VALUES &#40;'',$id_autor ,$id_book , ".$_SESSION&#91;"id"&#93;."&#41;;";
			
		//ektelei to sql statement kai ektupwnei ama einai epituxis
        if&#40;mysql_query&#40;$sql&#41;&#41;
        &#123;
            echo "New Data inserted";
        &#125;
        
        mysql_close&#40;$con&#41;;
    &#125;

	//dialegei to biblio gia tripopiisi
    if&#40; $_GET&#91;'edit'&#93;==1&#41;
    &#123;
		//connection me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
           die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

		//dialegei tin basi
        mysql_select_db&#40;"ergasia", $con&#41;;
		mysql_query&#40;"SET NAMES utf8"&#41;;

		//sql statement 
        //echo $sql="SELECT author.name as name, author.surname, book.title FROM book, autor WHERE 1 AND id = '".$_GET&#91;'id'&#93;."'; ";
		
		$sql="SELECT author.id, author.name, author.surname, book.title, book.year, book.publisher FROM book, author, id WHERE 1 
				   AND book.id = '".$_GET&#91;'id'&#93;."'
				   AND author.id = id.id_author
				   AND id.id_user = ".$_SESSION&#91;"id"&#93;.";";
		
        $result = mysql_query&#40;$sql&#41;;

		//apothikeuei ta dedomena tou bibliou se meteblites
        while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
        &#123;
			$authorid=$row&#91;'id'&#93;;
            $autors = $row&#91;'surname'&#93;;
		    $autorn = $row&#91;'name'&#93;;	
		    $title  = $row&#91;'title'&#93;;	
            $year   = $row&#91;'year'&#93;;
            $name   = $row&#91;'name'&#93;;
            $publisher  = $row&#91;'publisher'&#93;;
        &#125;
        mysql_close&#40;$con&#41;;
    ?>

        <div class="global">
        <form action="index.php?update=1" method="post">
        <div class="lable">Ονομα Συγγραφέα&#58;  </div><div>   <input type="text" name="bautors" value="<?php echo $autorn;?>" /></div>
        <div class="lable">Επιθετο Συγγραφέα&#58;  </div><div> <input type="text" name="bautorn" value="<?php echo $autors;?>" /></div>		
        <div class="lable">Τίτλος&#58;</div><div> <input type="text" name="bname"  value="<?php echo $title; ?>"/></div>
        <div class="lable">Χρονολογία Εκδοσης&#58;    </div><div> <input type="text" name="byear"  value="<?php echo $year; ?>"/></div>
        <div class="lable">Εκδόσεις&#58; </div><div> <input type="text" name="bprint" value="<?php echo $publisher;?>"/></div>

        <input type="hidden" name="bid" value="<?php echo $_GET&#91;"id"&#93;; ?>"/>
        <input type="hidden" name="aid" value="<?php echo $authorid; ?>"/>
        <input type="submit" />
        </form>
        </div>

    <?php
    &#125;

	//apothikeuei mia allagi
    if&#40; $_GET&#91;'update'&#93;==1&#41;
    &#123;
		//connection me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
          die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

		//dialegei tin basi
        mysql_select_db&#40;"ergasia", $con&#41;;
		mysql_query&#40;"SET NAMES utf8"&#41;;
		
		//print_r&#40;$_POST&#41;;
		
		//sql statement gia to update tou biblioy
        $sql="UPDATE book SET title = '".$_POST&#91;"bname"&#93;."', year=".$_POST&#91;"byear"&#93;.", publisher='".$_POST&#91;"bprint"&#93;."' WHERE id = ".$_POST&#91;"bid"&#93;.";";

        if&#40;mysql_query&#40;$sql&#41;&#41;
        &#123;
            echo "Book data updated ";
        &#125;
        else
        &#123;
            echo "error in update book ";
        &#125;

		//update ton author
		$sql="UPDATE author SET name = '".$_POST&#91;"bautorn"&#93;."', surname='".$_POST&#91;"bautors"&#93;."' WHERE 1
              AND author.id = ".$_POST&#91;"aid"&#93;.";"; 
				   
        if&#40;mysql_query&#40;$sql&#41;&#41;
        &#123;
            echo "Author data updated";
        &#125;
        else
        &#123;
            echo "error in author update";
        &#125;        
		
		mysql_close&#40;$con&#41;;
    &#125;

	//ektupwnei tin forma gia neo biblio
    if&#40; $_GET&#91;'new'&#93;==1&#41;
    &#123;
    ?>
        <div class="global">
        <form action="index.php?saveNew=1" method="post">
        <div class="lable">Ονομα Συγγραφέα&#58;</div><div> <input type="text" name="bautor" /></div>
		<div class="lable">Επιθετο Συγγραφέα&#58;</div><div> <input type="text" name="bautors" /></div>		
        <div class="lable">Τίτλος&#58;</div><div> <input type="text" name="btitle"  /></div>
        <div class="lable">Χρονολογία Εκδοσης&#58;    </div><div> <input type="text" name="byear"  /></div>
        <div class="lable">Εκδόσεις&#58; </div><div> <input type="text" name="bprint" /></div>
        <input type="submit" />
        </form>
        </div>

    <?php
    &#125;

	//diagrafei to epelegmeno biblio
    if&#40; $_GET&#91;'delete'&#93;==1&#41;
    &#123;
		//sundesi me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
            die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

		//dialegei thn basi
        mysql_select_db&#40;"ergasia", $con&#41;;

		//sql statement
        $sql="DELETE FROM book WHERE id = '".$_GET&#91;"id"&#93;."';";

        if&#40;mysql_query&#40;$sql&#41;&#41;
        &#123;
            echo "data deleted";
        &#125;
        else
        &#123;
            echo "error in data deleted";
        &#125;

        mysql_close&#40;$con&#41;;
    &#125;

	//ektipvnei tin basi
    if&#40; $_GET&#91;'show'&#93;==1&#41;
    &#123;
		//sundesi me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
           die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

		//dialegei tin basi
        mysql_select_db&#40;"ergasia", $con&#41;;
		//eksagogi ton dedomenon se utf8
		mysql_query&#40;"SET NAMES utf8"&#41;;
		//sql statement
		
		$sql= "SELECT distinct book.id as id, book.title, book.year, book.publisher, author.name, author.surname 
		            FROM book, author, user, id 
				    WHERE 1 
					AND id.id_author = author.id
					AND id.id_book = book.id
					AND id.id_user = ".$_SESSION&#91;'id'&#93;.";"; 	
							
        $result = mysql_query&#40;$sql&#41;;
		echo "<br>";echo "<br>";
        $z=1;

        echo "<div class='globalout'>";

		//ektuponei ta blblia, analoga me ton epilegmeno tropo
        while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
        &#123;
		    //print_r&#40;$row&#41;;echo "<HR>";
		
            if&#40;$_GET&#91;'way'&#93;==1&#41;
            &#123;
                echo "<div>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .&#40;" .$row&#91;'year'&#93;. "&#41;.<i>" .$row&#91;'title'&#93;. "</i>." .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
            &#125;

            if&#40;$_GET&#91;'way'&#93;==2&#41;
            &#123;
                echo "<div><b>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. "</b>, " .$row&#91;'year'&#93;. " " .$row&#91;'title'&#93;. ", <i>" .$row&#91;'publisher'&#93;. "</i>," .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
            &#125;

            if&#40;$_GET&#91;'way'&#93;==3&#41;
            &#123;
                echo "<div>".$z.".&nbsp;&nbsp;&nbsp;&nbsp;".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .<i>" .$row&#91;'year'&#93;. "</i>." .$row&#91;'title'&#93;."&#58; ".$row&#91;'publisher'&#93;." <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
                $z++;
            &#125;
        &#125;

        echo "</div>";
        mysql_close&#40;$con&#41;;
    &#125;

	//ektipwnei tin forma tis anazitisis
    if&#40;$_GET&#91;"search"&#93;==1&#41;
    &#123;
    ?>
        <div class="global">
        <form action="index.php?startsearch=1" method="post">
        <div class="lable"></div><div> <input type="text" name="s_search"  /><input type="submit" value="αναζήτηση" /></div>
        </form>
        </div>
    <?php
    &#125;

	// 
    if&#40;$_GET&#91;"startsearch"&#93;==1&#41;
    &#123;
		if&#40;!empty&#40;$_POST&#91;"s_search"&#93;&#41;&#41;
		&#123;
			$con = mysql_connect&#40;"localhost","root",""&#41;;
			if &#40;!$con&#41;
			&#123;
			die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
			&#125;

			mysql_select_db&#40;"ergasia", $con&#41;;
			mysql_query&#40;"SET NAMES utf8"&#41;;
			
			$sql ="SELECT book.id as id, book.title FROM book, id WHERE 1
						AND book.id = id.id_book
						AND book.title LIKE '%".$_POST&#91;"s_search"&#93;."%'
						AND id.id_user = ".$_SESSION&#91;'id'&#93;.";"; 	
						
			$result = mysql_query&#40;$sql&#41;;

			echo "<div> Results for&#58; ".$_POST&#91;"s_search"&#93;."<br><br>";
		
			while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
			&#123;
				echo "<div><a href='./index.php?showbook=".$row&#91;'id'&#93;."'>".$row&#91;'title'&#93;."</a></div><br>";
			&#125;

			echo "</div>";

			mysql_close&#40;$con&#41;;
		&#125;
		else
		&#123;
			echo "Αναζήτηση χωρίς αποτέλεσμα!";
		&#125;
    &#125;

    if&#40; !empty&#40;$_GET&#91;"showbook"&#93;&#41;&#41;
    &#123;
    //connect stin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;

    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

    //dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
	mysql_query&#40;"SET NAMES utf8"&#41;;
	
    //sql statement
    //$sql="SELECT * FROM book,   WHERE 1 AND book.id =".$_GET&#91;"showbook"&#93;.";";
		
		 $sql= "SELECT book.title, book.year, book.publisher, author.name, author.surname 
		            FROM book, author, user, id 
				    WHERE 1 
					AND id.id_author = author.id
					AND book.id =".$_GET&#91;"showbook"&#93;."
					AND id.id_user = user.id
					AND id.id = ".$_SESSION&#91;'id'&#93;.";"; 	
	
	
    $result = mysql_query&#40;$sql&#41;;

    echo "<div>";

    //ektipwsi
    while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
    &#123;
         echo "<div>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .&#40;" .$row&#91;'year'&#93;. "&#41;.<i>" .$row&#91;'title'&#93;. "</i>." .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$_GET&#91;"showbook"&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$_GET&#91;"showbook"&#93;."'>edit</a></div>";
    &#125;

    echo "</div>";

    //aposundesi apo tin basi
    mysql_close&#40;$con&#41;;
    &#125;


    //ektipwnei to arxiko minima
    if&#40;empty&#40;$_GET&#41; OR $_GET&#91;'login'&#93;==1&#41;
    &#123;
       echo "Καλως ορίσατε ".$_SESSION&#91;'username'&#93;." ".$_SESSION&#91;'usersname'&#93;." Παρακαλώ διαλέξτε τον τρόπο παρουσίασης";
    &#125;


&#125;

?>

    </div>
  </div>
  <div id="navigation">
    <ul>
      <li><a href="./index.php">Αρχική</a></li>
      <li><a href="./index.php?new=1">Νέο Βιβλίο</a></li>	  
      <li><a href="./index.php?show=1&way=1">Παρουσίαση Α΄</a></li>
      <li><a href="./index.php?show=1&way=2">Παρουσίαση Β΄</a></li>
      <li><a href="./index.php?show=1&way=3">Παρουσίαση Γ΄</a></li>
      <li><a href="./index.php?search=1">Ερευνά</a></li>
      <li><a href="./index.php?logout=1">Αποσύνδεση</a></li>
    </ul>
  </div>

  <div id="footer">
    <p>Layout08 from http&#58;//www.free-css.com/free-css-layouts/page1.php</p>
  </div>
</div>
</body>
</html>
και το

sql_dump.sql

Κώδικας: Επιλογή όλων

-- phpMyAdmin SQL Dump
-- version 3.2.0.1
-- http&#58;//www.phpmyadmin.net
--
-- Host&#58; localhost
-- Erstellungszeit&#58; 09. Juni 2010 um 21&#58;59
-- Server Version&#58; 5.1.37
-- PHP-Version&#58; 5.3.0

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Datenbank&#58; `ergasia`
--

-- --------------------------------------------------------

--
-- Tabellenstruktur f&#252;r Tabelle `author`
--

CREATE TABLE IF NOT EXISTS `author` &#40;
  `id` int&#40;4&#41; NOT NULL AUTO_INCREMENT,
  `name` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
  `surname` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
  UNIQUE KEY `id` &#40;`id`&#41;,
  UNIQUE KEY `id_2` &#40;`id`&#41;
&#41; ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ;

--
-- Daten f&#252;r Tabelle `author`
--

INSERT INTO `author` &#40;`id`, `name`, `surname`&#41; VALUES
&#40;1, 'Κιουντούζης', 'Ευάγγελος'&#41;,
&#40;2, 'Άρθουρ', 'Καίσλερ'&#41;,
&#40;7, 'Καλλας', 'Μαρια'&#41;,
&#40;6, 'Αρης', 'Τζοχας'&#41;;

-- --------------------------------------------------------

--
-- Tabellenstruktur f&#252;r Tabelle `book`
--

CREATE TABLE IF NOT EXISTS `book` &#40;
  `id` int&#40;4&#41; NOT NULL AUTO_INCREMENT,
  `title` text CHARACTER SET utf8 NOT NULL,
  `year` int&#40;11&#41; NOT NULL,
  `publisher` text CHARACTER SET utf8 NOT NULL,
  PRIMARY KEY &#40;`id`&#41;
&#41; ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=23 ;

--
-- Daten f&#252;r Tabelle `book`
--

INSERT INTO `book` &#40;`id`, `title`, `year`, `publisher`&#41; VALUES
&#40;5, 'Μεθοδολογίες Ανάλυσης και Σχεδιασμού Πληροφοριακών Συστημάτων', 2001, 'Μπένος'&#41;,
&#40;2, 'Το Φάντασμα στη Μηχανή', 1977, 'Χατζηνικολής'&#41;,
&#40;1, 'Μια φορα', 2009, 'Χατζηνικολής'&#41;,
&#40;22, 'Η ζωη μου', 1961, 'Μουντζουρης'&#41;,
&#40;21, 'Η ζωη ειναι ωραια', 2006, 'Ρουσος'&#41;;

-- --------------------------------------------------------

--
-- Tabellenstruktur f&#252;r Tabelle `id`
--

CREATE TABLE IF NOT EXISTS `id` &#40;
  `id` int&#40;11&#41; NOT NULL AUTO_INCREMENT,
  `id_author` int&#40;11&#41; NOT NULL,
  `id_book` int&#40;11&#41; NOT NULL,
  `id_user` int&#40;11&#41; NOT NULL,
  UNIQUE KEY `id` &#40;`id`&#41;
&#41; ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=20 ;

--
-- Daten f&#252;r Tabelle `id`
--

INSERT INTO `id` &#40;`id`, `id_author`, `id_book`, `id_user`&#41; VALUES
&#40;1, 1, 5, 1&#41;,
&#40;2, 2, 2, 2&#41;,
&#40;3, 1, 1, 2&#41;,
&#40;18, 6, 21, 2&#41;,
&#40;19, 7, 22, 1&#41;;

-- --------------------------------------------------------

--
-- Tabellenstruktur f&#252;r Tabelle `user`
--

CREATE TABLE IF NOT EXISTS `user` &#40;
  `id` int&#40;4&#41; NOT NULL AUTO_INCREMENT,
  `log` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
  `password` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
  `name` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
  `surname` varchar&#40;30&#41; CHARACTER SET utf8 NOT NULL,
  UNIQUE KEY `id` &#40;`id`&#41;
&#41; ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=3 ;

--
-- Daten f&#252;r Tabelle `user`
--

INSERT INTO `user` &#40;`id`, `log`, `password`, `name`, `surname`&#41; VALUES
&#40;1, 'user1', 'user1', 'Ευάγγελος', 'Διαμαντης'&#41;,
&#40;2, 'user2', 'user2', 'Πετρος', 'Καραδημας'&#41;;
Μήπως μπορείτε να μου πείτε τι κάνω λάθος. Δεν ξέρω και πάρα πολλά πράγματα από php. Πρόσφατα ξεκίνησα να ασχολούμαι. Ευχαριστώ!

Άβαταρ μέλους
stevebat
Script Master
Δημοσιεύσεις: 307
Εγγραφή: 05 Αύγ 2009 15:54
Επικοινωνία:

Πρόβλημα στο log in

Δημοσίευση από stevebat » 10 Μάιος 2011 15:03

Συγνώμη αυτό το $sql="SELECT * FROM user WHERE 1 AND log = '".$_POST["fname"]."';";

υπάρχει το WHERE 1 ...?? γιατί πρώτη φορά το βλέπω; Και δεν λέει το google τίποτα


Αν ισχύει βάλε αυτό είδα πολλά λάθη

Γιατί κάνεις 10 φορές connect στη βάση;

Κώδικας: Επιλογή όλων

<?php session_start&#40;&#41;;
//header &#40;'Content-type&#58; text/html; charset=utf-8'&#41;;

    if&#40; $_GET&#91;'logout'&#93;==1&#41;
    &#123;
        $_SESSION&#91;'login'&#93;=0;
    &#125;

    if&#40; $_GET&#91;'login'&#93;==1&#41;
    &#123;
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
           die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

        mysql_select_db&#40;"ergasia", $con&#41;;
       mysql_query&#40;"SET NAMES utf8"&#41;;
   
        $sql="SELECT * FROM user WHERE 1 AND log = '".$_POST&#91;"fname"&#93;."'";
        $result = mysql_query&#40;$sql&#41;;

        while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
        &#123;
           $id        = $row&#91;'id'&#93;;
           $suser     = $row&#91;'log'&#93;;
           $spassword = $row&#91;'password'&#93;;
         $username  = $row&#91;'name'&#93;;
         $usersname = $row&#91;'surname'&#93;;         
        &#125;

        if&#40; $_POST&#91;"fpassword"&#93; == $spassword &#41;
        &#123;
            $_SESSION&#91;'login'&#93; = 1;
            $_SESSION&#91;'id'&#93;    = $id;
         $_SESSION&#91;'username'&#93;    = $username;
         $_SESSION&#91;'usersname'&#93;    = $usersname;         
        &#125;
        else
        &#123;
            $_SESSION&#91;'login'&#93; = 0;
            $_SESSION&#91;'id'&#93;    = "";
        &#125;
        mysql_close&#40;$con&#41;;
    &#125;
?>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http&#58;//www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Free Css Layout</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<div id="container">
<div id="header"><h1>Τα βιβλία μου.</h1></div>
  <div id="wrapper">
    <div id="content">



<?php

//ektipwnei tin forma sundesis otan den einai sundesmenos kanenas xristis
if&#40;$_SESSION&#91;'login'&#93;==0&#41;
&#123;
?>
    <div class="globallogin">
    <form action="index.php?login=1" method="post">
    <div class="login">Username&#58;     </div><div> <input type="text" name="fname" />         </div>
    <div class="login">Password&#58; </div><div> <input type="password" name="fpassword" /> </div>
    <input type="hidden" name="login" value="1">
    <input type="submit" />
    </form>
    </div>

<?php
&#125;
else
&#123;
   //apothikeuei ena neo biblio
    if&#40; $_GET&#91;'saveNew'&#93;==1&#41;
    &#123;
      //sundesi me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
            die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;
      
      //dialegei tin basi
        mysql_select_db&#40;"ergasia", $con&#41;;
       mysql_query&#40;"SET NAMES utf8"&#41;;
   
      //print_r&#40;$_POST&#41;;echo "<HR>";
      
      //sql statement insert book
        $sql ="INSERT INTO book &#40;id, title, year, publisher&#41; VALUES &#40;'', '".$_POST&#91;"btitle"&#93;."','".$_POST&#91;"byear"&#93;."','".$_POST&#91;"bprint"&#93;."'&#41;";
      mysql_query&#40;$sql&#41;;
      
      //sql statement insert autor
      $sql ="INSERT INTO author &#40;id, name, surname&#41; VALUES &#40;'', '".$_POST&#91;"bautor"&#93;."','".$_POST&#91;"bautors"&#93;."'&#41;";
      mysql_query&#40;$sql&#41;;
      
      //
        $result = mysql_query&#40;"SELECT max&#40;id&#41; as max from book"&#41;;
      $row = mysql_fetch_array&#40;$result&#41;;
      $id_book=$row&#91;'max'&#93;;
            
      $result = mysql_query&#40;"SELECT max&#40;id&#41; as max from author"&#41;;
      $row = mysql_fetch_array&#40;$result&#41;;
      $id_autor=$row&#91;'max'&#93;;
            
      $sql ="INSERT INTO id &#40;id,id_author,id_book,id_user&#41; VALUES &#40;'',$id_autor ,$id_book , ".$_SESSION&#91;"id"&#93;."&#41;";
         
      //ektelei to sql statement kai ektupwnei ama einai epituxis
        if&#40;mysql_query&#40;$sql&#41;&#41;
        &#123;
            echo "New Data inserted";
        &#125;
       
        mysql_close&#40;$con&#41;;
    &#125;

   //dialegei to biblio gia tripopiisi
    if&#40; $_GET&#91;'edit'&#93;==1&#41;
    &#123;
      //connection me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
           die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

      //dialegei tin basi
        mysql_select_db&#40;"ergasia", $con&#41;;
      mysql_query&#40;"SET NAMES utf8"&#41;;

      //sql statement
        //echo $sql="SELECT author.name as name, author.surname, book.title FROM book, autor WHERE 1 AND id = '".$_GET&#91;'id'&#93;."'; ";
      
      $sql="SELECT author.id, author.name, author.surname, book.title, book.year, book.publisher FROM book, author, id WHERE 1
               AND book.id = '".$_GET&#91;'id'&#93;."'
               AND author.id = id.id_author
               AND id.id_user = ".$_SESSION&#91;"id"&#93;."";
      
        $result = mysql_query&#40;$sql&#41;;

      //apothikeuei ta dedomena tou bibliou se meteblites
        while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
        &#123;
         $authorid=$row&#91;'id'&#93;;
            $autors = $row&#91;'surname'&#93;;
          $autorn = $row&#91;'name'&#93;;   
          $title  = $row&#91;'title'&#93;;   
            $year   = $row&#91;'year'&#93;;
            $name   = $row&#91;'name'&#93;;
            $publisher  = $row&#91;'publisher'&#93;;
        &#125;
        mysql_close&#40;$con&#41;;
    ?>

        <div class="global">
        <form action="index.php?update=1" method="post">
        <div class="lable">Ονομα Συγγραφέα&#58;  </div><div>   <input type="text" name="bautors" value="<?php echo $autorn;?>" /></div>
        <div class="lable">Επιθετο Συγγραφέα&#58;  </div><div> <input type="text" name="bautorn" value="<?php echo $autors;?>" /></div>      
        <div class="lable">Τίτλος&#58;</div><div> <input type="text" name="bname"  value="<?php echo $title; ?>"/></div>
        <div class="lable">Χρονολογία Εκδοσης&#58;    </div><div> <input type="text" name="byear"  value="<?php echo $year; ?>"/></div>
        <div class="lable">Εκδόσεις&#58; </div><div> <input type="text" name="bprint" value="<?php echo $publisher;?>"/></div>

        <input type="hidden" name="bid" value="<?php echo $_GET&#91;"id"&#93;; ?>"/>
        <input type="hidden" name="aid" value="<?php echo $authorid; ?>"/>
        <input type="submit" />
        </form>
        </div>

    <?php
    &#125;

   //apothikeuei mia allagi
    if&#40; $_GET&#91;'update'&#93;==1&#41;
    &#123;
      //connection me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
          die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

      //dialegei tin basi
        mysql_select_db&#40;"ergasia", $con&#41;;
      mysql_query&#40;"SET NAMES utf8"&#41;;
      
      //print_r&#40;$_POST&#41;;
      
      //sql statement gia to update tou biblioy
        $sql="UPDATE book SET title = '".$_POST&#91;"bname"&#93;."', year=".$_POST&#91;"byear"&#93;.", publisher='".$_POST&#91;"bprint"&#93;."' WHERE id = ".$_POST&#91;"bid"&#93;."";

        if&#40;mysql_query&#40;$sql&#41;&#41;
        &#123;
            echo "Book data updated ";
        &#125;
        else
        &#123;
            echo "error in update book ";
        &#125;

      //update ton author
      $sql="UPDATE author SET name = '".$_POST&#91;"bautorn"&#93;."', surname='".$_POST&#91;"bautors"&#93;."' WHERE 1
              AND author.id = ".$_POST&#91;"aid"&#93;."";
               
        if&#40;mysql_query&#40;$sql&#41;&#41;
        &#123;
            echo "Author data updated";
        &#125;
        else
        &#123;
            echo "error in author update";
        &#125;       
      
      mysql_close&#40;$con&#41;;
    &#125;

   //ektupwnei tin forma gia neo biblio
    if&#40; $_GET&#91;'new'&#93;==1&#41;
    &#123;
    ?>
        <div class="global">
        <form action="index.php?saveNew=1" method="post">
        <div class="lable">Ονομα Συγγραφέα&#58;</div><div> <input type="text" name="bautor" /></div>
      <div class="lable">Επιθετο Συγγραφέα&#58;</div><div> <input type="text" name="bautors" /></div>      
        <div class="lable">Τίτλος&#58;</div><div> <input type="text" name="btitle"  /></div>
        <div class="lable">Χρονολογία Εκδοσης&#58;    </div><div> <input type="text" name="byear"  /></div>
        <div class="lable">Εκδόσεις&#58; </div><div> <input type="text" name="bprint" /></div>
        <input type="submit" />
        </form>
        </div>

    <?php
    &#125;

   //diagrafei to epelegmeno biblio
    if&#40; $_GET&#91;'delete'&#93;==1&#41;
    &#123;
      //sundesi me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
            die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

      //dialegei thn basi
        mysql_select_db&#40;"ergasia", $con&#41;;

      //sql statement
        $sql="DELETE FROM book WHERE id = '".$_GET&#91;"id"&#93;."'";

        if&#40;mysql_query&#40;$sql&#41;&#41;
        &#123;
            echo "data deleted";
        &#125;
        else
        &#123;
            echo "error in data deleted";
        &#125;

        mysql_close&#40;$con&#41;;
    &#125;

   //ektipvnei tin basi
    if&#40; $_GET&#91;'show'&#93;==1&#41;
    &#123;
      //sundesi me tin basi
        $con = mysql_connect&#40;"localhost","root",""&#41;;
        if &#40;!$con&#41;
        &#123;
           die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
        &#125;

      //dialegei tin basi
        mysql_select_db&#40;"ergasia", $con&#41;;
      //eksagogi ton dedomenon se utf8
      mysql_query&#40;"SET NAMES utf8"&#41;;
      //sql statement
      
      $sql= "SELECT distinct book.id as id, book.title, book.year, book.publisher, author.name, author.surname
                  FROM book, author, user, id
                WHERE 1
               AND id.id_author = author.id
               AND id.id_book = book.id
               AND id.id_user = ".$_SESSION&#91;'id'&#93;."";    
                     
        $result = mysql_query&#40;$sql&#41;;
      echo "<br>";echo "<br>";
        $z=1;

        echo "<div class='globalout'>";

      //ektuponei ta blblia, analoga me ton epilegmeno tropo
        while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
        &#123;
          //print_r&#40;$row&#41;;echo "<HR>";
      
            if&#40;$_GET&#91;'way'&#93;==1&#41;
            &#123;
                echo "<div>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .&#40;" .$row&#91;'year'&#93;. "&#41;.<i>" .$row&#91;'title'&#93;. "</i>." .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
            &#125;

            if&#40;$_GET&#91;'way'&#93;==2&#41;
            &#123;
                echo "<div><b>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. "</b>, " .$row&#91;'year'&#93;. " " .$row&#91;'title'&#93;. ", <i>" .$row&#91;'publisher'&#93;. "</i>," .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
            &#125;

            if&#40;$_GET&#91;'way'&#93;==3&#41;
            &#123;
                echo "<div>".$z.".&nbsp;&nbsp;&nbsp;&nbsp;".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .<i>" .$row&#91;'year'&#93;. "</i>." .$row&#91;'title'&#93;."&#58; ".$row&#91;'publisher'&#93;." <a href='./index.php?delete=1&id=".$row&#91;'id'&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$row&#91;'id'&#93;."'>edit</a></div>";
                $z++;
            &#125;
        &#125;

        echo "</div>";
        mysql_close&#40;$con&#41;;
    &#125;

   //ektipwnei tin forma tis anazitisis
    if&#40;$_GET&#91;"search"&#93;==1&#41;
    &#123;
    ?>
        <div class="global">
        <form action="index.php?startsearch=1" method="post">
        <div class="lable"></div><div> <input type="text" name="s_search"  /><input type="submit" value="αναζήτηση" /></div>
        </form>
        </div>
    <?php
    &#125;

   //
    if&#40;$_GET&#91;"startsearch"&#93;==1&#41;
    &#123;
      if&#40;!empty&#40;$_POST&#91;"s_search"&#93;&#41;&#41;
      &#123;
         $con = mysql_connect&#40;"localhost","root",""&#41;;
         if &#40;!$con&#41;
         &#123;
         die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
         &#125;

         mysql_select_db&#40;"ergasia", $con&#41;;
         mysql_query&#40;"SET NAMES utf8"&#41;;
         
         $sql ="SELECT book.id as id, book.title FROM book, id WHERE 1
                  AND book.id = id.id_book
                  AND book.title LIKE '%".$_POST&#91;"s_search"&#93;."%'
                  AND id.id_user = ".$_SESSION&#91;'id'&#93;."";    
                  
         $result = mysql_query&#40;$sql&#41;;

         echo "<div> Results for&#58; ".$_POST&#91;"s_search"&#93;."<br><br>";
      
         while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
         &#123;
            echo "<div><a href='./index.php?showbook=".$row&#91;'id'&#93;."'>".$row&#91;'title'&#93;."</a></div><br>";
         &#125;

         echo "</div>";

         mysql_close&#40;$con&#41;;
      &#125;
      else
      &#123;
         echo "Αναζήτηση χωρίς αποτέλεσμα!";
      &#125;
    &#125;

    if&#40; !empty&#40;$_GET&#91;"showbook"&#93;&#41;&#41;
    &#123;
    //connect stin basi
    $con = mysql_connect&#40;"localhost","root",""&#41;;

    if &#40;!$con&#41;
    &#123;
      die&#40;'Could not connect&#58; ' . mysql_error&#40;&#41;&#41;;
    &#125;

    //dialegei tin basi
    mysql_select_db&#40;"ergasia", $con&#41;;
   mysql_query&#40;"SET NAMES utf8"&#41;;
   
    //sql statement
    //$sql="SELECT * FROM book,   WHERE 1 AND book.id =".$_GET&#91;"showbook"&#93;."";
      
       $sql= "SELECT book.title, book.year, book.publisher, author.name, author.surname
                  FROM book, author, user, id
                WHERE 1
               AND id.id_author = author.id
               AND book.id =".$_GET&#91;"showbook"&#93;."
               AND id.id_user = user.id
               AND id.id = ".$_SESSION&#91;'id'&#93;."";    
   
   
    $result = mysql_query&#40;$sql&#41;;

    echo "<div>";

    //ektipwsi
    while&#40;$row = mysql_fetch_array&#40;$result&#41;&#41;
    &#123;
         echo "<div>".$row&#91;'surname'&#93;. " ".$row&#91;'name'&#93;. " .&#40;" .$row&#91;'year'&#93;. "&#41;.<i>" .$row&#91;'title'&#93;. "</i>." .$row&#91;'publisher'&#93;.". <a href='./index.php?delete=1&id=".$_GET&#91;"showbook"&#93;."'>delete</a> <a href='./index.php?edit=1&id=".$_GET&#91;"showbook"&#93;."'>edit</a></div>";
    &#125;

    echo "</div>";

    //aposundesi apo tin basi
    mysql_close&#40;$con&#41;;
    &#125;


    //ektipwnei to arxiko minima
    if&#40;empty&#40;$_GET&#41; OR $_GET&#91;'login'&#93;==1&#41;
    &#123;
       echo "Καλως ορίσατε ".$_SESSION&#91;'username'&#93;." ".$_SESSION&#91;'usersname'&#93;." Παρακαλώ διαλέξτε τον τρόπο παρουσίασης";
    &#125;


&#125;

?>

    </div>
  </div>
  <div id="navigation">
    <ul>
      <li><a href="./index.php">Αρχική</a></li>
      <li><a href="./index.php?new=1">Νέο Βιβλίο</a></li>    
      <li><a href="./index.php?show=1&way=1">Παρουσίαση Α΄</a></li>
      <li><a href="./index.php?show=1&way=2">Παρουσίαση Β΄</a></li>
      <li><a href="./index.php?show=1&way=3">Παρουσίαση Γ΄</a></li>
      <li><a href="./index.php?search=1">Ερευνά</a></li>
      <li><a href="./index.php?logout=1">Αποσύνδεση</a></li>
    </ul>
  </div>

  <div id="footer">
    <p>Layout08 from http&#58;//www.free-css.com/free-css-layouts/page1.php</p>
  </div>
</div>
</body>
</html>

Απάντηση

Επιστροφή στο “PHP Προγραμματισμός”

Μέλη σε σύνδεση

Μέλη σε αυτήν τη Δ. Συζήτηση: Δεν υπάρχουν εγγεγραμμένα μέλη και 0 επισκέπτες