I try to run this on my cpanel hosting, but nothing come out. when I try at my PC using localhost the page is reload.
Suppose this page will display Loading effect when using login into the system
this are my code
<?php
require_once('Connection/connect.php');
$name = $_GET['username'];
$pwd = $_GET['password'];
?>
<?php
$linktemp="http://$_SERVER[HTTP_HOST]" . "/PointerSystem";
if( ($_GET['username']==NULL) || ($_GET['password']==NULL) ) {
header("Location:index.php?mode=empty");
exit();
} else
{
mysql_select_db($database, $connect) or die(mysql_error());
$query = "SELECT * FROM user WHERE matricID='$name' && password ='$pwd' LIMIT 1";
$result = mysql_query($query);
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
if( $name=="" || $pwd=="" ) {
header("Location:index.php?mode=empty");
exit();
} elseif(($row['matricID']==$name) && ($row['password']==$pwd) ) {
$p1 = $row['matricID'];
$p2 = $row['password'];
session_start();
$_SESSION['name'] = $row['matricID'];
?>
<script language="javascript" type="text/javascript" > window.setTimeout(function() { window.location = 'mainmenu.php'; }, 3000); </script>
<?php
}elseif (($row['matricID']!=$name) || ($row['password']!=$pwd) )/*|| ($row['level']!="admin") || ($row['level']!="user")*/ {
header("Location:index.php?mode=wrong");
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Direct Login</title>
<link rel="stylesheet" type="text/css" href="css/loading.css" />
<link rel="stylesheet" type="text/css" href="css/loading2.css" />
<link rel="stylesheet" type="text/css" href="css/loading4.css" />
<link rel="stylesheet" type="text/css" href="css/loading5.css" />
<script src="js/loading.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
</head>
<body style="background: #fff url('images/bg.jpg') repeat top left;">
<div id="loading2">
<p id="loading-font2">Redirect......</p>
<img id="loading-image2" src="images/ajax-loader2.gif" />
</div>
<div id="loading">
<p id="loading-font">Please Wait, Validation In Progress......</p>
<img id="loading-image" src="images/ajax-loader.gif" />
</div>
<script language="javascript" type="text/javascript">
$(window).load(function(){ $("#loading").hide().delay(700).show(0); $("#loading").fadeOut(5000);});
$(window).on("load",function() { $("#loading2").delay(600).fadeOut(2); $("#loading2").show(); });
</script>
</body>
</html>
PROBLEM Solved. On @TUNAMAXX guid I already change the code above, so here is the correction one. Thank @TUNAMAXX and @vlzvl. Already manage to post the data.
<?php require_once('Connection/connect.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Direct Login</title>
<link rel="stylesheet" type="text/css" href="css/loading.css" />
<link rel="stylesheet" type="text/css" href="css/loading2.css" />
<link rel="stylesheet" type="text/css" href="css/loading4.css" />
<link rel="stylesheet" type="text/css" href="css/loading5.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
</head>
<body style="background: #fff url(images/bg.jpg) repeat top left;">
<?php
$name = $_POST['username'];
$pwd = $_POST['password'];
/*$linktemp="http://$_SERVER[HTTP_HOST]" . "/PointerSystem";*/
if( ($_POST['username']==NULL) || ($_POST['password']==NULL) ) {
header("Location:index.php?mode=empty");
exit();
} else
{
mysql_select_db($database, $connect) or die(mysql_error());
/* -------------------------------------------------------------------------------------------
* I still don't search about SQL Inject yet,Comic that you give me seem like troll Comic ^_^
* ---------------------------------------------------------------------------------------- */
$query = "SELECT * FROM user WHERE matricID='$name' && password ='$pwd' LIMIT 1";
$result = mysql_query($query);
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
if( $name=="" || $pwd=="" ) {
header("Location:index.php?mode=empty");
exit();
} elseif(($row['matricID']==$name) && ($row['password']==$pwd) ) {
/* -------------------------------------------------------------------------------------------
* I thought wanna use this as holder name or Welcome : USER . But not here
* ---------------------------------------------------------------------------------------- */
$p1 = $row['matricID'];
$p2 = $row['password'];
session_start();
$_SESSION['name'] = $row['matricID'];
echo"<script>
window.setTimeout(function() {
window.location = 'mainmenu.php';
}, 3000);
</script>";
}elseif (($row['matricID']!=$name) || ($row['password']!=$pwd)) {
header("Location:index.php?mode=wrong");
exit();
}
}
?>
<div id="loading2">
<p id="loading-font2">Redirect......</p>
<img id="loading-image2" src="images/ajax-loader2.gif" />
</div>
<div id="loading">
<p id="loading-font">Please Wait, Validation In Progress......</p>
<img id="loading-image" src="images/ajax-loader.gif" />
</div>
<script language="javascript" type="text/javascript">
$(window).load(function(){
$("#loading").hide().delay(700).show(0);
$('#loading').fadeOut(5000);
});
$(window).on("load",function() {
$("#loading2").delay(600).fadeOut(2);
$("#loading2").show();
});
</script>
</body>
</html>
There are many, many errors in this code. The first is with outputting any whitespace before a header() call. For instance, the opening and closing PHP tags on lines 5 and 7 generate a newline on line 6. That fouls up the first header() redirect.
I will run through as much of the code as I can and bring back as many fixes as I can.
EDIT: Here is some cleaned up / slightly fixed code. This code might 'work' for now, but it is scary. Do not use this in a production environment!
<?php
require_once('Connection/connect.php');
/* --------------------------------------------------------------
* Explicitly set variable values, even if you make them null
* ------------------------------------------------------------ */
$name = isset($_GET['username']) ? $_GET['username'] : null;
$pwd = isset($_GET['password']) ? $_GET['password'] : null;
/* --------------------------------------------------------------
* You assign this and then never use it?
* ------------------------------------------------------------ */
$linktemp = "http://$_SERVER[HTTP_HOST]" . "/PointerSystem";
if (($name == NULL) || ($pwd == NULL))
{
header("Location:index.php?mode=empty");
exit();
}
else
{
mysql_select_db($database, $connect) or die(mysql_error());
/* --------------------------------------------------------------
* You have opened yourself up for s SQL injection attack here.
* Use the modern mysqli_* functions or PDO, and make sure you
* ALWAYS SANITIZE YOUR INPUTS before sending it to the database
* See: http://xkcd.com/327/
* ------------------------------------------------------------ */
$query = "SELECT * FROM user WHERE matricID='$name' && password ='$pwd' LIMIT 1";
$result = mysql_query($query);
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
/* --------------------------------------------------------------
* Why do you have this test here? It is the same test as on
* line 15. If we failed it then, we're certainly going to fail
* it again now.
* ------------------------------------------------------------ */
if( $name == "" || $pwd == "" )
{
header("Location:index.php?mode=empty");
exit();
}
elseif (($row['matricID'] == $name) && ($row['password'] == $pwd))
{
/* --------------------------------------------------------------
* You assign these and then never use them?
* ------------------------------------------------------------ */
$p1 = $row['matricID'];
$p2 = $row['password'];
session_start();
$_SESSION['name'] = $row['matricID'];
/* --------------------------------------------------------------
* You can get away with closing PHP here...
* ------------------------------------------------------------ */
?>
<script language="javascript" type="text/javascript" > window.setTimeout(function() { window.location = 'mainmenu.php'; }, 3000); </script>
<?php
/* --------------------------------------------------------------
* ...and then opening PHP here because in this part of the if()
* statement, you are not doing a header() redirect. If you were,
* would break right here because you output ** anything **
* before a header() call and PHP will pitch a fit.
*
* HOWEVER, avoid intermixing PHP and HTML like this. It will be
* nightmare to troubleshoot in the future. Yes, PHP will let
* you dothings like this, but it's rarely a good idea.
* ------------------------------------------------------------ */
}
elseif (($row['matricID'] != $name) || ($row['password'] != $pwd))
{
header("Location:index.php?mode=wrong");
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Direct Login</title>
<link rel="stylesheet" type="text/css" href="css/loading.css" />
<link rel="stylesheet" type="text/css" href="css/loading2.css" />
<link rel="stylesheet" type="text/css" href="css/loading4.css" />
<link rel="stylesheet" type="text/css" href="css/loading5.css" />
<script src="js/loading.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
</head>
<body style="background: #fff url('images/bg.jpg') repeat top left;">
<div id="loading2">
<p id="loading-font2">Redirect......</p>
<img id="loading-image2" src="images/ajax-loader2.gif" />
</div>
<div id="loading">
<p id="loading-font">Please Wait, Validation In Progress......</p>
<img id="loading-image" src="images/ajax-loader.gif" />
</div>
<script language="javascript" type="text/javascript">
$(window).load(function(){ $("#loading").hide().delay(700).show(0); $("#loading").fadeOut(5000);});
$(window).on("load",function() { $("#loading2").delay(600).fadeOut(2); $("#loading2").show(); });
</script>
</body>
</html>
I have a feeling that this code will work, but there are some serious problems with it: