SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Zealot
    Join Date
    Jun 2006
    Posts
    170
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Not Going to Header?

    I have a login page, and when they click login, it goes to verify login, which is below:

    PHP Code:
    <?php
    include('loginConfig.php');
    // making the usernames from the form a variable
    $username $_POST['username'];
    $password $_POST['password'];
    $password md5($password);

    // To not get injected....
    $username stripslashes($username);
    $password stripslashes($password);
    $username mysql_real_escape_string($username);
    $password mysql_real_escape_string($password);

    //SQL!
    $sql "SELECT * FROM `members` WHERE username = '$username' and password = '$password'";
    $result mysql_query($sql);
    $count mysql_num_rows($result);

    if(
    $Success == 1){
        
    session_start();
        
    $_SESSION['loggedin'] = 'true';
        
    $_SESSION['username'] = '$username';
        
    header("Location: ../member.php");
        include(
    '../include/blank.php'); 
    }
    //Incorrect Loggin !
    else {
        Global 
    $Title$Title "Failed Loggin"

        
    Global $Content$Content="Incorrect Username or Password.  Please check your credentials, and try again later.";
        include(
    '../include/blank.php'); 
    }

    ?>
    In my database connect file, if Success=1, it establishes the link ID. So, in my code, if Success=1, it should set the sessions, and the usernames, and then redirect to ../member.php. However, its not. Can you look at it and see if you can figure it out?

    PHP Code:
    <?php

    $host 
    "localhost"// host, usually localhost
    $username "***"// database username
    $password "*******"// database password
    $default_dbname "*****";


        function 
    db_connect() {
            global 
    $Success ;
                    
    $Success 0;
            global 
    $dbhost$dbuser$dbpassword;

            
            
    $link_id mysql_connect($host$username$password);
            if(!
    $link_id) {print("<p id='error'>Connection failed to the host $dbhost.</p>");"";
            }
            else 
    $Success 1;
            return 
    $link_id;
            
        }
    mysql_query($con);
    $con mysql_connect("$host""$username""$password") or die("cannot connect to MySQL"); // connecting to MySQL

    if($con) {
    echo 
    'it works';
    } else {
    echo 
    'wtf?!';
    }

    mysql_select_db("$default_dbname") or die ("cannot select database, please check your mysql settings"); // selecting the MySQL database

    ?>
    I tested my connection, and I know I am connected..

  2. #2
    SitePoint Zealot
    Join Date
    Dec 2010
    Posts
    187
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just out of curiosity, what do you think should happen once you redirect someone's browser and after the person is redirected, in the previous page you attempt to include something?

    To cut the story short: header('Location:') redirects people to specified URL. You specified some odd path, either specify fully valid URL or at least absolute path (http://localhost/member.php or /member.php).

    Your session won't store the value of variable $username, it will store exactly what you typed within single quotes - $username, which most likely isn't what you want.

    And in the end, after the header('Location') fails (I assume it fails, you are probably getting some sort of a message which you didn't post) - you attempt to include a file.

    Test your SQL, and after you're done testing - maybe you should also consider of dropping all those "global" keywords, not only is it bad practice - it's extremely hard to debug having global variables all over the place.

  3. #3
    SitePoint Addict
    Join Date
    Jul 2008
    Posts
    220
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    the portion

    PHP Code:
    if($Success == 1){

        
    session_start();

        
    $_SESSION['loggedin'] = 'true';

        
    $_SESSION['username'] = '$username';

        
    header("Location: ../member.php");

        include(
    '../include/blank.php'); 


    will NEVER be executed because u merely define the function db_connect(), and not calling it anywhere.

    and if it is called, anyone clicked the login link will go to member area.

    to solve it, discard the function definition db_connect() and instead simply

    PHP Code:
    $sql "SELECT * FROM `members` WHERE username = '$username' and password = '$password'";

    $result mysql_query($sql);

    $count mysql_num_rows($result);

    if(
    $count === 1){

        
    session_start();

        
    $_SESSION['loggedin'] = 'true';

        
    $_SESSION['username'] = '$username';

        
    header("Location: ../member.php");

        include(
    '../include/blank.php'); 

    }................... 
    also u don't need

    PHP Code:
    ..........
    $password stripslashes($password);

    ..........

    $password mysql_real_escape_string($password); 
    as MD5 will convert any string to alphanumeric.
    I've never been born, nor will I die.
    I am just a passer-by who stumbled across a planet called Earth,
    for a short period of visiting......


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •