Hello everyone,
I have changed a login script to make it a bit more up to date. ( SQL injection, SHA1 encoding, $_SESSION )
Since i am new to all this there will be some stupid things in the code, so don't shoot me yet on the details,
but do tell them since I want to learn offcourse.
After a simple login form you get directed to checklogin.php
<?php
session_start();
$host = "localhost";
$username = "admin";
$password = "admin";
$db_name = "request";
$tbl_name = "member";
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$encrypted_mypassword = sha1($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);
if(mysql_num_rows($result) == 1){
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $encrypted_mypassword;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
So far so good, when the wrong username is used it gives the correct echo, and with the good one
it directs you to login_succes.php
Now login_succes.php:
<?
session_start();
if(isset($_SESSION['myusername'])){
header("location:index.php?page=intro"");
}
?>
<html>
<body>
Login Successful
</body>
</html>
For some reason strange reason this allways redirects me to the login form called main_login.php
If i put another header in like test.php it redirects me to test.php
Since both are links how can it work for the one but not the other...
I am clueless, i think its a small little thing somewhere that is not correct but not 100% sure.
Any ideas?
thanks for the help allready,
Yannick