I have taken on the task of moving a PHP/MySql website to a new host.
I am setting up the files in a sub-directory of my website to make sure I get it right.
There is an administrative function on the first host when logging in takes the user to admin functions i.e. Add or update members, edit content pages (content in MySql database), etc.
The log in works on the first host but not on my duplication website setup.
The log in records the user and time when some one is in the admin area.
If I login for my site, the login just returns to the login screen (no admin functions show).
However, if I try to login again the system tells me someone is already logged in.
So the log in is being recorded properly but the admin function page is not showing.
A Check Login function uses
if(check_login())
header(“Location: admin.php”);
but never displays the functions using admin.php.
Works on first system not on my test system.
Any help is appreciated.
Yes I am new to serious php work but have learned alot.
May I show you this section below?
I read about always using exit();
When I put it in with more brackets {}, I got a blank page with 0 in the upper left corner.
Probably placement of exit(); with brackets?
<?php
$base_url = "../";
session_start();
include($base_url.'db_connections/db_connection.php');
include($base_url.'db_connections/DBConnect_admin.php');
include($base_url.'includes/ad.php');
//force_logout();
// see if the person is already logged in
if(check_login())
header("Location: admin.php");
$title = "Administration Area - Login";
$error = "";
if(isset($_POST['submit']))
{
$error = login();
if(empty($error))
header("Location: admin.php");
}
Browsers usually accept relative URLs like yours but technically they are not allowed. I always send full URLs to the Location header. I don’t know if that is the cause of your problem but it’s a good idea to correct it.
Also, when redirecting from a page that has been accessed by POST method (such as from a html form with method=“post”) it is recommended to use “303 See Other” response code:
NOT that using a redirect just to pull up an admin panel is a good idea either; why aren’t you just calling it flat without screwing around on the extra handshakes and page loads?!?
if (check_login()) {
include('admin.php');
exit();
}
Or are you sending markup before that? As I often say, if you have to resort to a redirect from inside your php, there’s probably something wrong with how you’ve built your code.
You’ve gone too far with this statement. There’s one very valid reason to use redirects: to change the url of the page after a form has been submitted via POST. For example the login form is at http://example.com/login and after successful login a page with product listing is displayed. If you don’t use a redirect then you are still at http://example.com/login on the product listing page. Two problems with that:
you can’t bookmark the URL or copy & paste so that it will lead to the page you are currently on
when you hit reload on the target page the browser wants to resubmit the login form and displays alerts causing confusion among users
In fact, NOT using redirects in such cases causes usability problems. Usually POST requests are not hitting the server frequently compared to GET requests and using redirects in such cases has no visible impact on server load.
Thanks for the advice. This project is another person’s coding.
Trying to adopt or change it if necessary. I am treading lightly because of my lack of experience with PHP and MySql.
Only got notice of 1 reply. Glad to see others.
Thanks again.
If you use the Live HTTP Headers add on for Firefox, and log in to the site, do you see the "Location: " header in the response at all, or doesn’t it appear to do anything?
I installed Live HTTP Headers. Wasn’t sure how to use it then I say to myself (I do that a lot), try Tools.
Doesn’t show any information but neither does this forum page.
Unless I am using it wrong.
Found it under Tools page Info.
What am I looking for now? It does have information.
I think part of my problem is the php is not finding the php/MySql pages properly.
It’s a bit of tricky one. When you look at the page, press CTRL + SHIFT + L , and a bar will appear at the left side of the screen
Alternatively, you could go to View (ALT + V) > Sidebar > Live HTTP Headers
When it works you will get a bar at the left side on the screen that scrolls by text when you load a page at a rate that will make you a little bit dizzy
An example of such a text will look like
[COLOR="#0000CD"]http://www.sitepoint.com/[/COLOR]
[COLOR="#008000"]GET / HTTP/1.1
Host: www.sitepoint.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.7,nl;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
[/COLOR]
[COLOR="#FF0000"]HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Fri, 28 Oct 2011 18:42:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: W3 Total Cache/0.9.2.3
Last-Modified: Fri, 28 Oct 2011 18:41:57 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Content-Encoding: gzip
X-Pingback: http://www.sitepoint.com/xmlrpc.php
Cache-Control: max-age=3600
Expires: Fri, 28 Oct 2011 19:42:29 GMT
X-Cache: MISS from blogs.sitepoint.com
X-Cache-Lookup: MISS from blogs.sitepoint.com:80
Content-Length: 11136
X-Varnish: 597800873
Age: 0
Via: 1.1 varnish[/COLOR]
The blue part is the URL requested, the green part are the outgoing headers (the headers your browser sends to the server to request the resource) and the red lines are the reply headers. The Location: should be somewhere in the reply headers for your-script.php (replace “your-script” with however your script is called).
Hey, what you posted in your previous post is what http headers are. First, you have the request headers and below (after the blank line) the response headers. So you got header info!
Okay. Just so know what you’re looking for, there should be something like
username=myusername&password=mypassword
where “username” is the name of the HTML form field where you enter your username, “password” is the name of the HTML form field where you enter your password, and “myusername” and “mypassword” are your username and password, respectively. There may be more fields in there, but it usually the minimum needed.
Found Username and Password.
Noticed: HTTP/1.1 302 Found after username & password which maybe the root of my problem.
Login records into database table and let me know if I try to login again but doesn’t want to show Admin functions in admin.php.
Conclusion to my problem came down to losing $_Session variable, but thanks to reading common problems I found a suggestion to use session_start(); at the beginning of pages to read the session variables.
After weeks, of learning PHP & MySql, I am happy to get this application working.
Strange because, it works at another hosting company developed by another company.