SN1P3R_85 Posted November 27, 2008 Share Posted November 27, 2008 I made a basic login php script. The script works fine except for one small error. I made it so if the either the username or password input boxes are empty when the form is posted, it will set a SESSION called response. Then it redirects back to the page that they logged in on, and prints the $_SESSION['response']. The problem im having is that I use the response session for all my errors, and when the username or password does not exist in the database, it sets the response. This second error is overriding the first, so even if the username or password length = 0, then it will still set the second error value. If i comment out the second error, it will display the first one. Oh, i and know an easy way to fix this would be to just add someone to the mysql table named username: "" password: "" but i want to find out what's really wrong with it. Here is the code: <?php session_start(); include( 'SQL_PASS.inc' ); $url = $_SESSION['lastpage']; //variables are last page person was on, username, and password, respectively $username = $_POST['username']; $password = $_POST['password']; $username = mysql_real_escape_string($username); //protecting from mysql injection hackers!!! $password = mysql_real_escape_string($password); if (strlen($username)<=1 || strlen($password)<=1) //checking to see if username or password are unset { $_SESSION['response'] = 'please fill all the fields'; //setting error msg, and redirecting to lastpage header("Location: $url"); } elseif (!$con) { die('Could not connect to database: ' . mysql_error()); //if cannot connect, kills program and displays msg } elseif (!$db_select) { die('Could not select database: ' . mysql_error()); //if cannot select db, kills program and displays msg } $query = "SELECT * FROM `users` WHERE Username='$username' AND Password='$password'"; //making a query with username and password $result = mysql_query($query); if (!$result) { die('Could not run query: ' . mysql_error()); } elseif (mysql_num_rows($result)==0) //if username or password do not exist, then sets error msg, and redirects to last page { $_SESSION['response'] = 'Name or password is wrong, please try again'; header("Location: $url"); } while ($row = mysql_fetch_array($result)) //sets user info { $_SESSION['username'] = $row['Username']; $_SESSION['userlevel'] = $row['Userlevel']; $_SESSION['uservalid'] = true; } mysql_free_result($lgn_result); //free result because table is large and takes alot of memory header("Location: $url"); //redirect to last page ?> Quote Link to comment Share on other sites More sharing options...
dezkit Posted November 27, 2008 Share Posted November 27, 2008 use [ code ] tags Quote Link to comment Share on other sites More sharing options...
SN1P3R_85 Posted November 27, 2008 Author Share Posted November 27, 2008 to do that do i just: script Quote Link to comment Share on other sites More sharing options...
xdracox Posted November 27, 2008 Share Posted November 27, 2008 Try calling exit() after your call to header() so that the script stops executing. Quote Link to comment Share on other sites More sharing options...
SN1P3R_85 Posted November 27, 2008 Author Share Posted November 27, 2008 that did it, thanks alot man Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.