Jump to content

[SOLVED] my login page doesn't redirect Help!

sasori

By sasori
in PHP Coding Help

 Share

Recommended Posts

sasori Advanced Member

sasori

Posted
Posted

i don't know why is my code not redirecting to "loggedin.php" , i don't see anything wrong with it, please have a look at my code,.you might see errors that is not familiar to my eyes. thanks

<?php
//send nothing to browser prior to setcookie

function escape_data($data){
  global $dbc;
  if(ini_get('magic_quotes_gpc')){
    $data = stripslashes($data);
  }else{
    return mysql_real_escape_string(trim($data),$dbc);
  }
}


if(isset($_POST['submitted'])){
  require_once('./includes/mysql_connect.php');
  $errors = array();

  if(empty($_POST['email'])){
    $errors[] = 'You forgot to enter your email address!';
  }else{
    $e = escape_data($_POST['email']);
  }

  //check password

  if(empty($_POST['password'])){
    $errors[] = 'You forgot to enter your password';
  }else{
    $p = escape_data($_POST['password']);
  }

  if(empty($errors)){//if everything is ok
    //retrieve user_id,first_name
    $sql = "SELECT user_id, first_name FROM users WHERE email='$e' AND password1 =SHA('$p')";
    $result = mysql_query($sql) or die (mysql_error());
    $row = mysql_fetch_array($result,MYSQL_NUM) or die (mysql_error());
    if($row){

        setcookie('user_id',$row[0]);
        setcookie('first_name',$row[1]);
        //redirect user to loggedin.php page
        $url = 'http://'. $_SERVER['HTTP_HOST'] .dirname($_SERVER['PHP_SELF']);
        if((substr($url, -1 )== '/') || (substr($url, -1)== '\\')){
          $url = substr($url,0,-1);
        }
        $url .= '/loggedin.php';

        header("Location: $url");
        exit();
    }else{
      $errors[] = 'The email address and password did not match those file';
      //public message
      $errors[] = mysql_error() . '<br /><br />Query: '. $sql;
    }

  }//end if empty errors
mysql_close();
}else{   //end of main submit conditionals
$errors = NULL;
}
$page_title = 'Login';
require('./includes/header.html');
if(!empty($errors)){
  echo '<h1 id="mainhead">Error!</h1>
        <p class="error">The following error(s) occurred: <br />';
        foreach($errors as $msg){
          echo " - $msg<br />\n";
        }
        echo '</p><p>Please try again.</p>';
    }
?>

<!--create form-->
<h2>Login</h2>
<form action="login.php" method="post">
    <p>Email address: <input type="text" name="email" size="20" maxlength="40"/></p>
    <p>Password: <input type="password" name="password" size="20" maxlength="20" /></p>
    <p><input type="submit" name="submit" value="login" /></p>
    <p><input type="hidden" name="submitted" value="TRUE" /></p>
</form>
<?php
require('./includes/footer.html');
?>

 

Link to comment
Share on other sites
Ken2k7 Member

Ken2k7

Posted
Posted

Tell me if anything shows up. :)

 

<?php
//send nothing to browser prior to setcookie

function escape_data($data){
  global $dbc;
  if(ini_get('magic_quotes_gpc')){
    $data = stripslashes($data);
  }else{
    return mysql_real_escape_string(trim($data),$dbc);
  }
}


if(isset($_POST['submitted'])){
  require_once('./includes/mysql_connect.php');
  $errors = array();

  if(empty($_POST['email'])){
    $errors[] = 'You forgot to enter your email address!';
  }else{
    $e = escape_data($_POST['email']);
  }

  //check password

  if(empty($_POST['password'])){
    $errors[] = 'You forgot to enter your password';
  }else{
    $p = escape_data($_POST['password']);
  }

  if(empty($errors)){//if everything is ok
    //retrieve user_id,first_name
    $sql = "SELECT user_id, first_name FROM users WHERE email='$e' AND password1 =SHA('$p')";
    $result = mysql_query($sql) or die (mysql_error());
    $row = mysql_fetch_array($result,MYSQL_NUM) or die (mysql_error());
    if($row){

        setcookie('user_id',$row[0]);
        setcookie('first_name',$row[1]);
        //redirect user to loggedin.php page
        $url = 'http://'. $_SERVER['HTTP_HOST'] .dirname($_SERVER['PHP_SELF']);
        if((substr($url, -1 )== '/') || (substr($url, -1)== '\\')){
          $url = substr($url,0,-1);
        }
        $url .= '/loggedin.php';
        echo 'e';
        header("Location: $url");
        echo 'k';
        exit();
    }else{
      echo 'j';
      $errors[] = 'The email address and password did not match those file';
      //public message
      $errors[] = mysql_error() . '<br /><br />Query: '. $sql;
    }

  }//end if empty errors
mysql_close();
}else{   //end of main submit conditionals
$errors = NULL;
}
$page_title = 'Login';
require('./includes/header.html');
if(!empty($errors)){
  echo '<h1 id="mainhead">Error!</h1>
        <p class="error">The following error(s) occurred: <br />';
        foreach($errors as $msg){
          echo " - $msg<br />\n";
        }
        echo '</p><p>Please try again.</p>';
    }
?>

<!--create form-->
<h2>Login</h2>
<form action="login.php" method="post">
    <p>Email address: <input type="text" name="email" size="20" maxlength="40"/></p>
    <p>Password: <input type="password" name="password" size="20" maxlength="20" /></p>
    <p><input type="submit" name="submit" value="login" /></p>
    <p><input type="hidden" name="submitted" value="TRUE" /></p>
</form>
<?php
require('./includes/footer.html');
?>

Link to comment
Share on other sites
sasori Advanced Member

sasori

Posted
  • Author
Posted

Well that error is why you're not redirecting. Apparently your login information is incorrect as stated in the error message.

 

its impossible...because sir, Im 100% sure, I tried logging in the exact email address and password from my users table (infact i only use 1 password for all dummy email accounts and the all got same password hash,.. any other solutions you might have in mind?

Link to comment
Share on other sites
Ken2k7 Member

Ken2k7

Posted
Posted

1. Please don't call me sir. I'm only 19. It feels weird. Thanks! :)

2. Right before $sql, can you echo $p to see if it's correct? You don't have to post it here. Just verify it's correct.

3. Then echo $sql to make sure that's correct.

Link to comment
Share on other sites
sasori Advanced Member

sasori

Posted
  • Author
Posted

So $p returns nothing or was that $e?

 

both doesn't return anything,.. (even if i corrected my mistake on the function escape_data($data) ,,before it was escape_data($dbc) ..but i think it doesn't have something to do with the problem)

Link to comment
Share on other sites
Ken2k7 Member

Ken2k7

Posted
Posted

Well it may.

 

function escape_data($data){
  global $dbc;
  // if this if condition is true, then you stripslashes($data)
  // but you will return *NOTHING*. So if this condition is true,
  // then calling this function will give you nothing back.
  if(ini_get('magic_quotes_gpc')){
    $data = stripslashes($data);
  }else{
    return mysql_real_escape_string(trim($data),$dbc);
  }
}

 

Read comments above.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.