rnintulsa Posted August 1, 2008 Share Posted August 1, 2008 Ok, I have been studying trying to learn where I go wrong here. I am new to programming and php. Here is my latest coding for this login. I had to take out the header which would have redirected the user to his page when successfully logged in. My problem is: How do I redirect after authentication without getting the header error message? I have read akitchen's page on the subject, but don't know enough to get all the verbage. I do understand the concept however. My knowledge of php is very limited, and so please explain any suggestions. <?php error_reporting(E_ALL); session_start( ); // if username and password are set and not empty then proceed with the rest of the process if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'password' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'password' ] != '' ) { $link = mysql_connect( 'host', 'username', 'password' ); $db_selected = mysql_select_db('dbname', $link); $username = mysql_real_escape_string($_POST['username'], $link); $password = mysql_real_escape_string($_POST['password'], $link); if (!$db_selected) { echo"Connection to the database failed. Please try again later." ; exit; } //checks for username and password in db table. $results = mysql_query("select * from users where username='" . $username . "' and password = '" . $password . "'" ,$link ) or die(mysql_error()); $num_rows = mysql_num_rows($results); //greater than zero if( $num_rows > 0 ) { $_SESSION['username'] = $username; } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>KDesign</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <link type="text/css" rel="stylesheet" href="css/kdesign.css"/> </head> <body> <div id="container"> <div id="header"> <img src="images/logo_sm.gif"> <div id="d_by_d"> <p> Design by Design </p> </div> <p> ADDRESS<br><br> PHONE <br><br> <a href="mailto:BLABLA?subject=KDesigns">MAIL@KDESIGNS.NET</a><br> </p> </div> <div id="top_nav"> <a href="index.html">HOME</a> <span class="rd_bld">|</span> <a href="services.htm">SERVICES</a> <span class="rd_bld">|</span> <a href="portfolio.htm">PORTFOLIO</a> <span class="rd_bld">|</span> <a href="contact.htm">CONTACT</a> <span class="rd_bld">|</span> <a href="login.php"><span class="rd_bld">CLIENT ENTRANCE</span></a> </div> <div id="2col_left_nav"> <img src="images/Clients/ImageClient.jpg" height="250" width="250"><br><br> </div> <div id="2col_content"> <br><br> <?php include( 'sessions.php' ); show_statement( ); if (isset($_SESSION['username'])) { echo '<br />'; echo 'Logged in as '.$_SESSION['username'].''; echo '<br /><a href="logout.php">Log out</a><br />'; } else { echo 'Please login to view your company files.<br />'; } ?> </body> </html> <form action="login2.php" method="post"> <p> Name: <input type="text" name="username"/> </p> <p> Password: <input type="password" name="password"/> </p> <p> <input type="submit" value="Log In"/> </p> </form> </div> </div><!--end container div--> <div id="copyright"> © 2008 KDesigns All Rights Reserved. </div> </body> </html> My sessions page: <?php function set_statement( $statement ) { $_SESSION[ 'show_statement' ] = $statement; } function show_statement( ) { if( isset( $_SESSION[ 'show_statement' ] ) && $_SESSION[ 'show_statement' ] != '' ) { echo '<p id="statement">' . $_SESSION[ 'show_statement' ] . '</p>'; unset( $_SESSION[ 'show_statement' ] ); } } ?> DB table create table users ( id int not null auto_increment, username varchar( 50 ) not null, password varchar( 100 ) not null, authority varchar( 10 ) not null default 'user', primary key(id) ) Do you see what I mean? Is this logical? Is it done simply? I need this basic login to be sound so that I can then expand what it does. Thank you for looking. Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 1, 2008 Author Share Posted August 1, 2008 Would this be better if I sent the form page to a page that runs the php login script? I will work on that while I see if anyone replies. Thanks. Quote Link to comment Share on other sites More sharing options...
lemmin Posted August 1, 2008 Share Posted August 1, 2008 Check if they are logged in at the top of the page, not in the middle. Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 1, 2008 Author Share Posted August 1, 2008 My question may seem off because I really don't know, but to me it looks like I have checked that in both the top and the middle. Am I correct? So you are saying remove the if (isset from the middle of the page? Thank you. Quote Link to comment Share on other sites More sharing options...
JD* Posted August 1, 2008 Share Posted August 1, 2008 Do the following: echo "<script type=\"text/javascript\">window.location=\"wherewegoonsuccess\"</script>"; change the location and put it at the bottom of your success code. Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 1, 2008 Author Share Posted August 1, 2008 Where is the bottom of my success code? Here? if( $num_rows > 0 ) { $_SESSION['username'] = $username; PUT THE LINE HERE? (THIS IS WHERE I HAD THE HEADER) } Thanks JD* for your help. Quote Link to comment Share on other sites More sharing options...
lemmin Posted August 1, 2008 Share Posted August 1, 2008 Your code is set up to display text on the current page insted of redirecting. If you don't want to show anything, and redirect the user instead, if he/she is not logged in, then just put the header here: if( $num_rows > 0 ) { $_SESSION['username'] = $username; } else header("Location: login.php"); You don't need the check in the middle of the page after you do that. EDIT: If you had the header where you just said or where I suggested, there shouldn't be a problem. Make sure you don't have any whitespaces above your <?php tag. Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 1, 2008 Author Share Posted August 1, 2008 Thanks Lemmin. Acutally what I wanted was for it to redirect if they were logged in correctly. Which makes the looping to the same page kind of silly. So I have tried this, and it works. (so far) Is this a better way? Check it out. First page is just a form with action to the php run_login.php page run_login.php page: <?php error_reporting(E_ALL); session_start( ); // if username and password are set and not empty then proceed with the rest of the process if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'password' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'password' ] != '' ) { //$link = mysql_connect( 'host', 'username', 'password' ); //$db_selected = mysql_select_db('dbname', $link); $username = mysql_real_escape_string($_POST['username'], $link); $password = mysql_real_escape_string($_POST['password'], $link); if (!$db_selected) { echo"Connection to the database failed. Please try again later." ; exit; } //checks for username and password in db table. $results = mysql_query("select * from users where username='" . $username . "' and password = '" . $password . "'" ,$link ) or die(mysql_error()); $num_rows = mysql_num_rows($results); //greater than zero if( $num_rows > 0 ) { $_SESSION['username'] = $username; //redirect header('Location:orion.php'); } } ?> This actually works and redirects. (Why does it work now? this way when it wouldn't when it was all on one page looping around?) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.