redirect with variable

[justinede]

hello all,

 

When i try my code out it dosnt work... no such page..

 

user sends mail from personal page > after the mail is sent, it redirects to the success page

 

here is my code for the sendmail.php:

<?php
// recipient. enter your own email here
$to  = 'justin*********@gmail.com';
// subject
$subject = 'justinledelson.com comments';

// message
$message = 'From: '.$_POST['name'].'<br>
		E-Mail: '.$_POST['email'].'<br>
		Message: '.$_POST['message'].'<br><br>
		This is made by Justin Edelson, if you have any questions, please contact me.<br>
		http://justinledelson.com
';

// To send HTML mail, the Content-type header must be set
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

// Additional headers
$headers .= 'From: '.$_POST['name'].' <'.$_POST['email'].'>' . "\r\n";

/* first we need to require our MathGuard class */
	require ("ClassMathGuard.php");
	/* this condition checks the user input. Don't change the condition, 
	just the body within the curly braces */
	if (MathGuard :: checkResult($_REQUEST['mathguard_answer'], 
		$_REQUEST['mathguard_code'])) {	
	//insert your code that will be executed when user enters the correct answer
	// Mail it
		if (mail($to, $subject, $message, $headers)) {
		header("location:http://www.justinledelson.com/login/users/$myusername.php");//create a success page
		}
	} else {
		echo ("Bad answer, go back to school !");	
	}

?>

 

my guess is that this particular script dosnt know what $myusername is.

the user is already signed in so the session is started...

 

idk if im making sense. thanks for the help

[allenskd]

What does $myusername carries? it's nowhere in the code so I assume thats the problem

[justinede]

i know thats the problem.

i just dont know how to correctly put it in..

when the user hits this, they are already logged in and $myusername is a session.

[lore_lanu]

If you havent already, you should include this into your code:

 

session_start();
$_SESSION['myusername'] = $myusername;

[justinede]

still didnt work...

[lore_lanu]

What exactly is happening when you run the script?

 

If you are getting "http://www.justinledelson.com/login/users/$myusername.php" in your address bar, then php is not recgnizing the use of your variable.

 

If it is going to a 404 page that means that you have not created a page for that user.

[Q]

If you havent already, you should include this into your code:

 

session_start();
$_SESSION['myusername'] = $myusername;

 

This is almost correct, switch the $myusername and $_SESSION["myusername"], like this:

session_start();
$myusername = $_SESSION['myusername'];

[lore_lanu]

Ag, I hate it when I do that. Thanks for the correction, Q.

[justinede]

i believe i am getting $myusername.php in my address bar.

idk why this is happening.

 

here is my checklogin script:

 

<?php
ob_start();
session_start();
$host="...."; // Host name
$username="....."; // Mysql username
$password="......"; // Mysql password
$db_name="justin_client"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
header("location:users/$myusername.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

[justinede]

my checklogin all works...

[Q]

Try this instead:

header("location:http://www.justinledelson.com/login/users/" . $myusername.php);//create a success page

 

That's what I always do

 

But, do you have a script to handle the page they will be redirected to? - It is after all a diferent page pr. user.

 

Why not make it like this?:

header("location:http://www.justinledelson.com/login/users/thanks.php?usr=" . $myusername);//create a success page

[justinede]

now its going to a not found.

 

it isnt inserting the period between the filename and the .php

[Q]

I'm not sure I understand what you're tryin' to do then.

 

You have a .php for each user with the same name as the username?

[lore_lanu]

header("location:http://www.justinledelson.com/login/users/" . $myusername . ".php");//create a success page

 

And it won't create the target page for you, if you don't write a code to make it/create one, you'll get a 404 error.

[justinede]

that works, but now its all messed up.

its saying that I am not the correct user.

but my session is still registered because if i go to the user page in my address bar it works.

 

here is my code that prevents other users from viewing other people's pages.

<?php
session_start();
if($_SESSION['myusername'] !== "Josh"){
header("location:http://justinledelson.com/includes/errors/unauthorized.php");
} else {
}
?>

 

you can all try it out...

 

here is the login info.. go to justinledelson.com and go to the clients tab.

user: Josh

pass: josh1

 

go to the contact tab and try it out.

[lore_lanu]

<?php
session_start();
if($_SESSION['myusername'] != "Josh"){
header("location:http://justinledelson.com/includes/errors/unauthorized.php");
}
?>

However, this script will have to be modified once you have many users, and you don't need to have an empty else statement taking up space.

[justinede]

still dosnt work