Jump to content

PLEASE HELP... why does this code work? it's not making sense to me!


ejarnutowski

Recommended Posts

Below are two pages used for an account login - one for entering the login information and one for verifying that information.  When a user types in the wrong login information, they are redirected back to the first page and it says "The username or password you entered was incorrect  Please try again."  Please explain how this happens.  it's driving me nuts!  ALSO, why wouldnt the user be redirected back to the first page every single time since there is no $_POST['username'] from the first page.  Please help.  Thanks in advance.

 

 

FIRST PAGE - rmslogin.php

 

<?php


         session_start();

                                        if (isset($_SESSION['invalid'])) {
                                                Print '<br><h2>The username or password you entered was incorrect<br>Please try again<br><br></h2>';
                                        }
                                ?>

			<form action="rmsloginverify.php" method="post">
                                    <table border="0" id="RMSlogin" cellspacing="0" cellpadding="0">
                                    <tr><td><label><h2>Username: </h2></td><td><input type="text" name="loginname" size="30"/></label></td> 
                                    <tr><td><label><h2>Password: </h2></td><td><input type="password" name="loginpassword" size="30"/></label></td>
                                    </table>
                                    <h2><input type="submit" value="Login" /></h2>
                                    </form><br>

 

SECOND PAGE - rmsloginverify.php

 

<?php

session_start();

        if (!isset($_POST['username'])) {
                $_SESSION['invalid']='invalid';
                header("location:rmslogin.php");
        }
        

// username and password sent from signup form 
$username=$_POST['loginname']; 
$userpassword=md5($_POST['loginpassword']);

$sql="SELECT * FROM user WHERE username='$username' and userpassword='$userpassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "rms.php"
$_SESSION['username']=$username;
$_SESSION['userpassword']=$userpassword;
header("location:rms.php");
}

?>

Link to comment
Share on other sites

Hi,

 

login functionality is kept for security purpose on site so that only valid user get entry in the system.So when your system sees that they don't have matching username and password combination it means either he is new user or someone is trying to get entry without credentials to your site.

 

Now technically on your first page

 

what is happening is you are given a form to enter the login info then your hit submit and then this is been POST to other page.

 

on second page validations are been done.

 

1.If some one has not given any username you don't need to check wether this user belongs to your site right ????

so if username is empty it is been redirected to your first page forcing user to give his/her correct username nad password.

 

$_SESSION['invalid']='invalid';

invalid is a flag to identify the invalid session.

 

session keeps the variable live in one to other page .Kindly reset on first page once you show the message to user

i.e

 

if (isset($_SESSION['invalid'])) {

                                                Print '<br><h2>The username or password you entered was incorrect<br>Please try again<br><br></h2>';

$_SESSION['invalid']='';                                        }

 

else it will keep on showing you this message :-)

 

hope this much understanding will give you insight of what is going on in your code.

 

Have a gr8 day.

 

Link to comment
Share on other sites

i understand what would make the redirection happen, however, there is no $_POST['username'] from the previous page and the rest of the code runs.  i understand that it would make sense if it was $_POST['loginname'] but it's still working with $_POST['username'].  in the current code, with incorrect login information, how is that user being sent back to the first page? 

Link to comment
Share on other sites

In the second file, placing:

exit;

 

immediately after

header("location:rmslogin.php");

 

would generate the behaviour that you were expecting. The lack of the exit command is what generates the behaviour that you are actually seeing. But someone correct me if I'm wrong.

Link to comment
Share on other sites

my guess would be

 

if($count==1){

// Register $myusername, $mypassword and redirect to file "rms.php"

$_SESSION['username']=$username;

 

NOTE HERE YOU ARE POPULATING THE USERNAME IN SESSION ON CONDITION OF COUNT ONE AND ONCE THE SESSION GOT FILLED YOU ARE NOT RESETTING TO SOMETHING I MEAN UNSET IT .... SO NEXT CHANCE WHEN YOU WILL REFRESH IT WILL DO JUSTICE TO THE CODE.

 

(uppercase is simply used to show my response in your code)

 

$_SESSION['userpassword']=$userpassword;

header("location:rms.php");

}

 

Regards

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.