0

I'm currently building a system for a football league. And are currently working on the script file for adding results. Most of the script works and the result is always successfully added to the database. However the authentication part seems to fail. The if statement on line 12 does not seem to fire and I can't understand why.

My code can be found in the pastebin link here: http://pastebin.com/ty4pdGgn

<?PHP

include 'functions.php';
dbConnect();

//$userEmail = mysql_real_escape_string($_POST["userEmailText"]);
$userCode = mysql_real_escape_string($_POST["userPasscodeText"]);

$authenticated = false;

$userEmail = "[email protected]";
if ($userEmail == "[email protected]") {
        header('Location: ../results.php?error=authentication');
}

$allUsers = mysql_query("SELECT * FROM accounts WHERE email = '$userEmail'");
while ($thisUser = mysql_fetch_assoc($allUsers)){
        if ($userCode != $thisUser['passCode']) {
                header('Location: ../results.php?error=authentication2');
        }
        echo $thisUser['passCode'];
        $authenticated = true;
        $userID = $thisUser['userID'];
}

if (!$authenticated) {
        header('Location: ../results.php?error=authentication3');
}

$dateSubmitted = $_POST['submissionDate'];
$homeTeam = $_POST['homeTeam'];
$awayTeam = $_POST['awayTeam'];
$homeGoals = $_POST['homeGoals'];
$awayGoals = $_POST['awayGoals'];

if ($homeTeam == $awayTeam) {
        header("Location: ../results.php?error=team");
}

if (getTeamLeague($homeTeam) != getTeamLeague($awayTeam)) {
        header("Location: ../results.php?error=league");
} else {
        $leagueID = getTeamLeague($homeTeam);
}

if ($homeGoals > $awayGoals) {
        $winnerID = $homeTeam;
} else if ($homeGoals < $awayGoals) {
        $winnerID = $awayTeam;
} else if ($homeGoals == $awayGoals) {
        $winnerID = -1;
}

$cQuery = mysql_query("INSERT INTO results VALUES ('', $userID, '$dateSubmitted', $leagueID, $homeTeam, $homeGoals, $awayTeam, $awayGoals, $winnerID, 0)");

if ($cQuery){
        header('Location: ../results.php');
} else {
                echo mysql_error();
}


?>

Any help with this matter will be much appreciated. The functions.php contains no errors as this is all to do with database entry and not the authentication.

Improve this question
8
  • does using === help? Commented Sep 4, 2013 at 22:47
  • Cannot reproduce, codepad.org/5ISM5cqp also your want to exit/die after any redirect Commented Sep 4, 2013 at 22:52
  • 1
    comment out the header() line on your pesky IF, and instead echo "is true" then put an else and echo "is false", then after the closing } of the else put exit(); (simple code for testing something specific). What gets echoed? I'm sure it will be "is true" and you'll find the IF is not actually "not firing" :) Commented Sep 4, 2013 at 22:54
  • You may have a point about the exit(); I totally forgot about that! Thank you very much I shall try that now! Commented Sep 4, 2013 at 22:55
  • 1
    just after any header redirects, if you have other code which can echo/DB query etc after the redirect, it will do that first. fyi, you can use exit(header(location: blah));. The test I put in my last comment saves me a lot of pain, as it narrows down problems. ie showed you "is true" which means your IF is working and you need to rethink where the issue lies ;) Commented Sep 4, 2013 at 23:04

2 Answers 2

Reset to default
1

Put a die(); after the header("Location:...");

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

As your comparison code (the "if" part on line 12) that you pasted has to work, i have two advice:

  1. Put a die(); or exit(); after the header() part.
  2. Try looking here, as I am not sure if header() will work, while the location path you set is relative. Basic advice is to always use base paths for redirects, like "http://your.site.com/script.php").
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.