0

Tricky title, I'm sorry I don't know the right terms for PHP stuff.

But I'm trying to get $msg to go from empty to some text upon incorrect code.

Current code:

<?php
$msg = '';

if ($pass === ("123")) {
    echo $msg;
} else {
    $msg = 'Wrong code';
}

$pass = ($_POST['code']);
?>

<form autocomplete="off" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);>" method="post" target="_self" accept-charset="UTF-8"> 
    <input type="password" name="code"/>
</form>

What am I doing wrong here?

Murad Hasan
  • 9,565
  • 2
  • 21
  • 42
realsub
  • 27
  • 1
  • 5
  • 1
    `msg = 'Wrong code';` is a syntax error. – Don't Panic May 12 '16 at 16:28
  • PHP variable should start with `$` sign. – Murad Hasan May 12 '16 at 16:29
  • Try `$msg='wtf';` When you already know how to assign a (blank) value to a variable then how can you not know how to give it another value – Hanky Panky May 12 '16 at 16:29
  • Side note, when you `echo $msg` in the `if` part, it's an empty string, so you won't see anything. – Don't Panic May 12 '16 at 16:30
  • Sorry boys, miss on my side. I have that $ in the actual code. – realsub May 12 '16 at 16:31
  • So the missing dollar sign was a red herring. What are you actually trying to do that isn't working? I know, _"I'm trying to get $msg to go from empty to some text upon incorrect code."_, but after the correction this code looks like it could do that. – Don't Panic May 12 '16 at 16:32
  • and `$pass` is defined where exactly? and is coming from where? or is that irrelevant? – Funk Forty Niner May 12 '16 at 16:32
  • @realsub what is $pass.and what is the error.enable error reporting. – Madhawa Priyashantha May 12 '16 at 16:32
  • Once again, sorry. I missed some more important code. I bet is what's wrong here. I'm not getting an error, the $msg just stays empty. – realsub May 12 '16 at 16:39
  • What has the form got to do with setting `$msg` to anything??? – RiggsFolly May 12 '16 at 16:44
  • 1
    And why do people consider `htmlspecialchars($_SERVER['PHP_SELF'])` is necessary or even sensible. **No seriously, please, someone explain that to me !!** – RiggsFolly May 12 '16 at 16:45
  • @RiggsFolly because there's a submit button, and once that's pressed; if the input field is empty or has the incorrect code I want it to set the $msg to something along the lines of "Try again, wrong code". Oh and the php_self thing, because copy & paste is a magical thing. – realsub May 12 '16 at 16:56
  • @RiggsFolly http://stackoverflow.com/questions/6080022/php-self-and-xss – miken32 May 12 '16 at 19:30

3 Answers3

0

Solution:

Your code has missing the $ sign at the assignment portion of msg. So i list up some steps for you at the bottom of the post.

After running this you will get an warning E_NOTICE : type 8 -- Undefined variable: pass -- at line 3. Because you did not define $pass. You use ===, which check both type and value, and return false which means the condition goes to else portion and assign the $msg, after whole block the $msg print the Wrong code as output.

$msg = '';
if ($pass === "123") {
  echo $msg;
  } else {
  $msg = 'Wrong code';
}
echo $msg; //Wrong code

As you are coding in the PHP platform, you need to maintain some convention of variable declaration.

Rules for PHP variables: Online Guide

  1. A variable starts with the $ sign, followed by the name of the variable
  2. A variable name must start with a letter or the underscore character
  3. A variable name cannot start with a number
  4. A variable name can only contain alpha-numeric characters and underscores (A-z, 0-9, and _ )
  5. Variable names are case-sensitive ($age and $AGE are two different variables)
Murad Hasan
  • 9,565
  • 2
  • 21
  • 42
0

Your code: 

<?php echo htmlspecialchars($_SERVER['PHP_SELF']);>

is missing the closing ?

Syntax:

<?php [code goes here] ?>

But aside of that, your use of === is testing not just the value, but also the type. Depending on how you get something in $pass [it's not shown in your code], that test could succeed or fail because "123" and 123 are not the same and/or some automatic conversion you're triggering by the 'superfluous' parenthesis you are using around it. If unsure, cast it to string and/or use the == instead of === comparison.

Ref: How do the PHP equality (== double equals) and identity (=== triple equals) comparison operators differ?

Community
  • 1
  • 1
0

There are a few ways to do this.

Assign "Success" to $msg and it will echo that on success, otherwise you echo $msg = 'Wrong code'; if it fails, along with checking if the POST array is not empty and everything set inside of it.

Plus, the way you have it now, would have thrown you a few notices about undefined variable/index and the POST array was located in the wrong spot along with brackets around 123 which shouldn't be there because you don't need them; it's just extra code for nothing, same for ($_POST['code']).

<?php 

error_reporting(E_ALL);
ini_set('display_errors', 1);

$msg = 'Success'; // or put it as empty, the choice is yours

if(!empty($_POST['code'])){

$pass = $_POST['code'];


    if ($pass === "123") {
        echo $msg;
    } else {
        echo $msg = 'Wrong code';
    }

}

?>

<form autocomplete="off" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post" target="_self" accept-charset="UTF-8"> 
    <input type="password" name="code"/>
<input type="submit" name="submit">

</form>

Or you can do it like this and using isset() for the $msg variable:

$msg = '';

if(!empty($_POST['code'])){

$pass = $_POST['code'];


    if ($pass === "123") {
        $msg = 'Success';
    } else {
        $msg = 'Wrong code';
    }

}

if(isset($msg)){
echo $msg;
}

I'm hoping that you're not planning on storing plain text passwords.

Use one of the following:

Important sidenote about column length:

If and when you do decide to use password_hash() or the compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.

You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.

Other links of interest:

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141