ejarnutowski Posted April 29, 2008 Share Posted April 29, 2008 Ok, so I'm trying to manipulate some old code and I realized that I don't believe it should work but it does. There are three pages - A login page, a verification page, and a home page. I dont understand how when an incorrect username is typed in, i get redirected back to the first page saying "incorrect username and password." Any help?? thanks. PS. the lines are (hr) tags PAGE 1 - rmslogin.php <?php session_start(); include '../_private/dbconnect.php'; if (isset($_SESSION['invalid'])) { Print '<br><h2>The username or password you entered was incorrect<br>Please try again<br><br></h2>'; } ?> <form action="rmsloginverify.php" method="post"> <table border="0" id="RMSlogin" cellspacing="0" cellpadding="0"> <tr><td><label><h2>Username: </h2></td><td><input type="text" name="loginname" size="30"/></label></td> <tr><td><label><h2>Password: </h2></td><td><input type="password" name="loginpassword" size="30"/></label></td> </table> <h2><input type="submit" value="Login" /></h2> </form> PAGE 2 - rmsloginverify.php <?php session_start(); include '../_private/dbconnect.php'; if (!isset($_POST['username'])) { $_SESSION['invalid']='invalid'; header("location:rmslogin.php"); } // username and password sent from signup form $username=$_POST['loginname']; $userpassword=md5($_POST['loginpassword']); $sql="SELECT * FROM user WHERE username='$username' and userpassword='$userpassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "rms.php" $_SESSION['username']=$username; $_SESSION['userpassword']=$userpassword; header("location:rms.php"); } ?> PAGE 3 - rms.php <?php session_start(); if (!isset($_SESSION['username'])) { header("location:rmslogin.php"); } else { } include '../_private/dbconnect.php'; $data = mysql_query("SELECT * FROM customer, user WHERE userid=user.id AND username='$username' ORDER BY datesub DESC") or die(mysql_error()); Print "<hr />"; Print "<table cellspacing=10>"; Print "<tr><th><h2>DateSubmitted</h2></th><th><h2>Company</h2></th><th><h2>Domain Name</h2></th><th><h2>% Done</h2></th><th><h2>Last Updated</h2></th><th><h2>Contact Name</h2></th><th><h2>Phone</h2></th><th><h2>Site Cost</h2></th><th><h2>My Payout</h2></th></tr>"; while($info = mysql_fetch_array( $data )) { Print "<tr><td><h2>".$info['datesub'] . "</td></h2> "; Print "<td><h2>".$info['companyname'] . "</td><h/2> "; Print "<td><h2>".$info['domainname'] . "</td></h2>"; Print "<td><h2>".$info['devstatus'] . "</td></h2>"; Print "<td><h2>".$info['lastupdated'] . "</td></h2>"; Print "<td><h2><a href=mailto:".$info['contactemail'] . ">".$info['contactfirst'] . " " . $info['contactlast'] . "</td></h2>"; Print "<td><h2>".$info['contactphone'] . "</td></h2>"; Print "<td><h2>".$info['sitecost'] . "</td></h2>"; Print "<td><h2>".$info['payout'] . "</td></h2></tr>"; } Print "</table>"; Print "<hr/>"; ?> </td> </tr> </table> </td> </tr> </table> </body> </html> Quote Link to comment Share on other sites More sharing options...
zenag Posted April 29, 2008 Share Posted April 29, 2008 just unset session..... if ($_SESSION['invalid']=='invalid') { Print ' <h2>The username or password you entered was incorrect Please try again </h2>';unset($_SESSION['invalid']); } ?> Quote Link to comment Share on other sites More sharing options...
ejarnutowski Posted April 29, 2008 Author Share Posted April 29, 2008 The code works fine for some reason, i just dont get how the user is sent back to rmslogin.php if they type in the incorrect username or password. Quote Link to comment Share on other sites More sharing options...
zenag Posted April 30, 2008 Share Posted April 30, 2008 this will redirect you to rmslogin.php if they typed incorrect username or password <?php $username=$_POST['loginname']; $userpassword=$_POST['loginpassword']; $sql="SELECT * FROM user WHERE username='$username' and password='$userpassword'"; $result=mysql_query($sql); if (mysql_num_rows($result)==0) { $_SESSION['invalid']='invalid'; header("Location:rmslogin.php"); } // Mysql_num_row is counting table row if(mysql_num_rows($result)>1) // If result matched $myusername and $mypassword, table row must be 1 row { // Register $myusername, $mypassword and redirect to file "rms.php" $_SESSION['username']=$username; $_SESSION['userpassword']=$userpassword; header("location:rms.php"); } ?> Quote Link to comment Share on other sites More sharing options...
ejarnutowski Posted April 30, 2008 Author Share Posted April 30, 2008 I appreciate all your help, but the issue is that it works fine and i dont know why. currently, when a user enters incorrect login information, the ARE redirected to rmslogin.php and that page says "The username or password you entered was incorrect Please try again." I just dont see how this could possibly work. Also, on rmsloginverify.php, shouldn't there never be a $_POST['username'] and always send the user back to rmslogin.php because there was only a post of loginname and loginpassword on rmslogin.php? Quote Link to comment Share on other sites More sharing options...
zenag Posted April 30, 2008 Share Posted April 30, 2008 can u able to redirect it to rms.php if username & password entered is correct????? Quote Link to comment Share on other sites More sharing options...
zenag Posted April 30, 2008 Share Posted April 30, 2008 it seems that if username & password entered is corredt it displays the same message .. ""The username or password you entered was incorrect Please try again"" Quote Link to comment Share on other sites More sharing options...
ejarnutowski Posted April 30, 2008 Author Share Posted April 30, 2008 yes it works perfect for some reason. if correct username and password are entered, it's redirected to rms.php. if incorrect username and password are entered or no username or no password are entered, you are redirected back to rmslogin.php with the "incorrect info" error. I just dont get it. it doesn't look like it should work but it does. Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 30, 2008 Share Posted April 30, 2008 Is it really that difficult to understand? In rmsloginverify.php you have these lines: $sql="SELECT * FROM user WHERE username='$username' and password='$userpassword'"; $result=mysql_query($sql); if (mysql_num_rows($result)==0) { $_SESSION['invalid']='invalid'; header("Location:rmslogin.php"); } So if the username & password combination doesn't exist in the table a seesion variable is set and the user is redirected to rmslogin.php In the rmslogin.php page you have these lines: if (isset($_SESSION['invalid'])) { Print '<h2>The username or password you entered was incorrect Please try again</h2>'; } Which detects if that session value has been set (thereby indicating a failed login) and displays an appropriate error message. By the way, don't double post. Quote Link to comment Share on other sites More sharing options...
zenag Posted April 30, 2008 Share Posted April 30, 2008 rmsverifylogin.php first checks for $_POST["username]; but u have not assigned it in login page...just change it to $_POST["loginname]; ...so that it gets redirected to login page . Quote Link to comment Share on other sites More sharing options...
ejarnutowski Posted April 30, 2008 Author Share Posted April 30, 2008 mjdamato - it would be easy to understand if that was the code i posted, but my code is above. The issue is not how do i make it work, but why does it work. i cant fathom why a user can login, surpassing the following code when there is no post of "username" if (!isset($_POST['username'])) { $_SESSION['invalid']='invalid'; header("location:rmslogin.php"); } Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 30, 2008 Share Posted April 30, 2008 mjdamato - it would be easy to understand if that was the code i posted, but my code is above. The issue is not how do i make it work, but why does it work. i cant fathom why a user can login, surpassing the following code when there is no post of "username" if (!isset($_POST['username'])) { $_SESSION['invalid']='invalid'; header("location:rmslogin.php"); } Sorry, I thought that first bit of code was from your previous post. Well, you just need to trace what is going on. The first thing I would do would be to put this code right before that IF statement: echo "<pre>"; print_r($_POST); echo "<pre>"; die(); Do the values make sense to what you expect? Is 'username' one of the values? Take a look at that output and then determine what to check next. Is there any chance the very first page the user is presented to log in is NOT rmslogin.php? Quote Link to comment Share on other sites More sharing options...
ejarnutowski Posted April 30, 2008 Author Share Posted April 30, 2008 i'm positive that it's rmslogin.php. someone mentioned something about not placing an exit function after the header() on rmsloginverify.php, but i was under the impression that header() redirects as soon as its read and no code after will be executed. the biggest thing though, is how would it send the user back to the first page if incorrect username and password where inputted. Quote Link to comment Share on other sites More sharing options...
johnny44 Posted April 30, 2008 Share Posted April 30, 2008 the biggest thing though, is how would it send the user back to the first page if incorrect username and password where inputted. When rmsloginverify.php is called, the header to redirect to rmslogin.php is laid down, since $username is not set. But the script carries on, since no exit command has been declared. And since $loginname and $loginpassword are incorrect, the second header to redirect to rms.php is ignored. So, at the end of the script, you are redirected to rmslogin.php, as per the first header that was laid down. On the other hand, if $loginname and $loginpassword are correct, the second header is successfully laid down and overrides the first header. So you are taken to rms.php instead. Quote Link to comment Share on other sites More sharing options...
ejarnutowski Posted April 30, 2008 Author Share Posted April 30, 2008 great answer, but why would the first header of rmslogin.php be used afer it was omitted initially because there was no username posted? Shouldnt the page just stay on rmsloginverify.php, displaying nothing, because no executions were made? Quote Link to comment Share on other sites More sharing options...
johnny44 Posted April 30, 2008 Share Posted April 30, 2008 ... why would the first header of rmslogin.php be used afer it was omitted initially because there was no username posted? ... Sorry, don't understand the question. If no username is posted, isn't the header committed, rather than omitted? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.