Displaying HTML in PHP page

[danno74]

Greetings,

New to PHP so bear with me.

I have a login page whose index.php goes through about 6 .php files to determine if the person is logged in. I am trying to put a confidentiality notice in the main login page.

Here is the code:

<?php 
// Login & Session example by sde 
// auth.php 

// start session 
session_start();  

// convert username and password from _POST or _SESSION 
if($_POST){ 
  $_SESSION['username']=$_POST["username"]; 
  $_SESSION['password']=$_POST["password"];   
} 

// query for a user/pass match 
$result=mysql_query("select * from users  
  where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'"); 

// retrieve number of rows resulted 
$num=mysql_num_rows($result);  

// print login form and exit if failed. 
if($num < 1){ 
  echo "You are not authenticated.  Please login.<br><br> 
   
  <form method=POST action=index.php> 
  username: <input type=text name=\"username\"> <BR><BR>
  password: <input type=password name=\"password\"> <BR><BR>
  <input type=submit value='Login'> 
  </form>"; 
   
  exit; 
} 
else
?>

I want to place the HTML formatted text after the if ($num < 1) statement, but I can't figure it out. Can someone help me find a way around this?

Thank you so much.

 

[vacunita]

It should either go inside the echo statement that has the "you are not authenticated and the form part",
or create an new echo statement for it.


What seems to be giving you problems?



----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[jpadie]

something like this perhaps

<?php 
// Login & Session example by sde 
// auth.php 

// start session 
session_start();  

// convert username and password from _POST or _SESSION 
if(isset($_POST['username']) && isset($_POST['password'])){
  $_SESSION['username'] = $_POST["username"]; 
  $_SESSION['password'] = $_POST["password"];   
} 

// query for a user/pass match 
$username = mysql_real_escape_string(trim($_SESSION['username']));
$password = mysql_real_escape_string(trim($_SESSION['password']));
$result=mysql_result(mysql_query("	select 
							count(*) as cnt 
						from 
							users  
  						where 
							username='$username'
							and `password` = '$password'"), 0,0);
 
// print login form and exit if failed. 
if($result !== 1){ 
  echo <<<HTML
  TYPE YOU CONFIDENTIALITY NOTICE HERE
  
  You are not authenticated.  Please login.<br><br> 
   
  <form method="POST" action="index.php"> 
  username: <input type=text name="username"> <br/><br/>
  password: <input type=password name="password"> <br/><br/>
  <input type="submit" value='Login'> 
  </form>
HTML;
	unset ($_SESSION);
  	exit; 
} 
?>

 

[danno74]

The message I need to enter has some HTML formatting I am grabbing from another page. The section is rather large, and I was trying to use some divs to organize the page a bit better in conjunction with a CSS style sheet. When i insert it, I get a blank page. When I put the HTML in a file named loginpage.php, then write it like this:

if($num < 1){ 
include("loginpage.php");
} 
else
?>

I get the login screen on the left, statement on the center like I want it, but also get the page contents of the page you get to after loging in on the right hand side. so is somethign wrong with my if statement?

 

[vacunita]

Does your loginpage.php contain anything else besides the confidentiality agreement?

Is your else statement well formed?

I would use jpadie's suggestion if you want to insert large amounts of html. Though the include method should also work.



----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[danno74]

V - it contains the following:

<div id="container"> 
  <div id="side-a">
  <p><b>You are not authenticated, please login.</b></p>
  	<form method=POST action=index.php> 
  		<BR><b>Username:</b><br />
		<input type=text name=\"username\"> <BR><BR>
		<BR><b>Password:</b><br />
		<input type=password name=\"password\"> <BR><BR>
		
	<input class="formButton" value="Log in" type="submit" onmouseover="this.className='formButton btnhov'" onmouseout="this.className='formButton'"><br>		
		
  </form>
  </div>
  <div id="side-b">
			<p><b>Information Sensitivity:</b></p>
			<p>TEXT<b>TEXT</b></p>
			<p><b>TEXT</b></p>
	      <ul>
	        <li>TEXT</li>
	        <li>TEXT</li>
	        <li>TEXT</li>
	        <li>TEXT</li>
	      </ul>
	      <p>TEXT</p>
		<BR/>
		</div>
	</div>

Does that break anything I'm trying to do? Like I said, it displays correctly, but includes the internal page you need to login to get to.

jpadie - I put your page in, and it came up, but when I attempt to login, it brings me back to the same page. To alleviate this problem, I tried to edit my index.php with an if statement since the ELSE statement was bringing up the nav.php, but your code removes the ELSE:

<?php 
// Login & Session 
// index.php 

// connect to database 
include("inc/connect.php"); 

// include auth and nav 
include("inc/auth.php"); 

// set cookie
include("inc/cookie.php"); 

// begin content 
if($result = 1){
echo "Welcome, " .$_SESSION['username'];
include("inc/nav.php"); 
}

// close mysql connection 
mysql_close(); 
?>

Thanks for your help all, this is a great learning experience.

 

[jpadie]

if($result = 1){

this line is meaningless as it will always evaluate to true. read up on comparison operators in the manual.

i cannot judge why my code does not behave as it should on your system. you have not provided the full code. you do not need an else statement if you are not doing anything within it.

 

[danno74]

Correct me if I'm wrong, but this is what I thought the code in the first post did - if the login doesn't exist or is incorrect, display the login page, otherwise (else) display the nav.php with the content this user is trying to get to.

 

[jpadie]

you have not read up on comparison operators yet.
= is not the same as == which is not the same as ===

there was a reason why i suggested that you did so, and a reason why I wrote my code with a !== as the comparison operator.

 

[danno74]

Figured it out.

I use the original code from my first post, and replace all the " in the HTML with '. The echo statement sees the " as an end to the statement, and thus causes the blank screen.

http://www.tizag.com/phpT/echo.php

Found in this tutorial. Page appears and functions correctly.