How to redirect after authentication ??

[ashucool83]

[code]
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="shortcut icon" href="" />
</head>

<body>
<table width="100%" border="0">
  <tr>
    <td><div align="left"><img src="images/myDesiBook_new_2.jpg" width="481" height="100"></div></td>
  </tr>
</table>

<table  width="100%" border="1"> 
    <td width="50%">
</td>
    <td width="50%">
<form action="authenticate.php" method="post" name="login" id="login">
        <p align="left"><em><strong>Please login using your account</strong></em></p>
        <p>Username:
          <input type="text" name="username">
          <br>
          Password:
          <input type="password" name="password">
          <br>
          <input type="submit" value="Login">
          <br>
          If new user please <a href="register.php">Register</a>. </p>
        <p>&nbsp;</p>
        <p>&nbsp;</p>
        <p>&nbsp;</p>
        <p>&nbsp;</p>
        <p>&nbsp; </p>
      </form>
    </td>
</table>

</body>
</html>

[/code]


[code]
<html>
<head>
<title>Library | Login </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
     
<?php
$db = mysql_connect("localhost", "root", "apurva");


if (!$db)
{
  die('Could not connect: ' . mysql_error());
}
else
{
//echo 'Connected successfully';
}
mysql_select_db("sharelib",$db);
        $varUser = $_POST["username"];
$varPass = $_POST["password"];
$result = mysql_query("SELECT * FROM user_table where email = '".$varUser."'
                      and password =PASSWORD('".$varPass."')",$db);

if($result)
{

if($myrow = mysql_fetch_row($result))
{
print "Authenticated Successfully";
//$URL="http://localhost/MyLibrary/home.php";
//header ('Location: $URL');
//header ('Location: http://localhost/MyLibrary/home.php');
}
else
{
// print "you dont exist";
//Trying to redirect to Login Page
print "Authentication Failure";
$URL="http://localhost/MyLibrary/login.php";
header ("Location: $URL");
exit;
}
}
else
{
print "Oooops DB Syntax Problem!!!";
}

mysql_close($db);
?>

</body>
</html>
[/code]

In the above code, I am trying to authenticate the user from the userTable inside a mySQL DB. I sucessfully able to authenticate the user, but it does not redirect to the desired page after authenticating the user.  For Wrong Password --> "Login.php" Correct Password --> "Home.php"

Please help me.

[ronverdonk]

Does it print the Authenticated Successfully message? If not, how do you know that authentication is succcesful? If so you won't redirect because your header statement is commented out and when you uncomment it, you won't  be redirected because headers have already been sent via the print.

[ashucool83]

Yeah, it does print those messages.  I ahve also tried commenting the print statements and just have the headers, it still does not redirect. I just see a blank page instead. :(

[ronverdonk]

The $url in the header vstatement is within single quotes. That doesn't work. If you want to do it like this the header statement must be within double quotes or the url must be concatenated. Like this:
[code]header ("Location: $URL");
or
header ('Location: '. $URL);
[/code]

[ashucool83]

I tried this before, as well again after you mentioned it. Still doesnt work  :(
I read some place that HEADER should be the first thing .... but as I am a newbie, didn't quite understand how to do that before performing the authentication logic ???

[ronverdonk]

It is almost certainly because of the HTML stuff before your PHP code (the META stuff and so on). Take that out. If that doesnot work you better show your code as it is now(!) and not working.

[ashucool83]

[code]<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="shortcut icon" href="" />
</head>

<body>
<table width="100%" border="0">
  <tr>
    <td><div align="left"><img src="images/myDesiBook_new_2.jpg" width="481" height="100"></div></td>
  </tr>
</table>

<table  width="100%" border="1"> 
    <td width="50%">
</td>
    <td width="50%">
<form action="authenticate.php" method="post" name="login" id="login">
        <p align="left"><em><strong>Please login using your account</strong></em></p>
        <p>Username:
          <input type="text" name="username">
          <br>
          Password:
          <input type="password" name="password">
          <br>
          <input type="submit" value="Login">
          <br>
          If new user please <a href="register.php">Register</a>. </p>
        <p>&nbsp;</p>
        <p>&nbsp;</p>
        <p>&nbsp;</p>
        <p>&nbsp;</p>
        <p>&nbsp; </p>
      </form>
    </td>
</table>

</body>
</html>
[/code]


[code]
   
<?php

$db = mysql_connect("localhost", "root", "apurva");

if (!$db)
{
  die('Could not connect: ' . mysql_error());
}
else
{
//echo 'Connected successfully';
}
mysql_select_db("sharelib",$db);
        $varUser = $_POST["username"];
$varPass = $_POST["password"];
$result = mysql_query("SELECT * FROM user_table where email = '".$varUser."'
                      and password =PASSWORD('".$varPass."')",$db);

if($result)
{

if($myrow = mysql_fetch_row($result))
{
//print "Authenticated Successfully";
$URL="http://localhost/MyLibrary/home.php";
//header ('Location: $URL');
//header ('Location: http://localhost/MyLibrary/home.php');
header ("Location: $URL");
}
else
{
// print "you dont exist";
//Trying to redirect to Login Page
//print "Authentication Failure";
$URL="http://localhost/MyLibrary/login.php";
//header ("Location: $URL");
//header ('Location: http://localhost/MyLibrary/login.php');
header ("Location: $URL");
exit;
}
}
else
{
print "Oooops DB Syntax Problem!!!";
}

mysql_close($db);
?>

[/code]

[redarrow]

[code]
<?php

header("location: folder/script.php"); // if a folder is one up to script

or

header("location: script.php"); // if script is already in folder

?>
[/code]

[ronverdonk]

I am sorry for you, but it works on my system. All 3 cases work: successful, not successful and db error.

[ashucool83]

You mean the EXACT same code works in your system ??? ??? Does it redirect to those pages -- home.php if succesful or login.php if failed ?

Code1: Login.php
Code2: Authenticate.php

Based on Code2 it is supposed to redirect to login.php or home.php.

[ronverdonk]

Yes, I'll post the code exactly as I used it. I onlu changed the db parms and userid/password and I did not use the PASSWORD attrib for the select.
[code]<?php

$db = mysql_connect("localhost", "ronverdonk", "ronnie09");

if (!$db)
{
  die('Could not connect: ' . mysql_error());
}
else
{
//echo 'Connected successfully';
}
mysql_select_db("vwso",$db);
        $varUser = "ronverdonk";
        $varPass = "ronnie09";
$result = mysql_query("SELECT * FROM authorized_users where userid = '".$varUser."'
              and passwd='".$varPass."'");
                     

if($result)
{

if($myrow = mysql_fetch_row($result))
{
//print "Authenticated Successfully";
$URL="http://localhost/MyLibrary/home.php";
//header ('Location: $URL');
//header ('Location: http://localhost/MyLibrary/home.php');
header ("Location: $URL");
}
else
{
// print "you dont exist";
//Trying to redirect to Login Page
//print "Authentication Failure";
$URL="http://localhost/MyLibrary/login.php";
//header ("Location: $URL");
//header ('Location: http://localhost/MyLibrary/login.php');
header ("Location: $URL");
exit;
}
}
else
{
print "Oooops DB Syntax Problem!!!";
}

mysql_close($db);
?>[/code]

[ashucool83]

hahah ... I copied your code and editted back to what I needed. Works like a baby!!! I still have no clue  ???

[redarrow]

your database is this as posted from the first post have you seleted it sharelib

[ronverdonk]

You can see what I took out. Did you still use the PASSWORD(pw) in the select statement?

[ashucool83]

[code]
<?php

$db = mysql_connect("localhost", "root", "apurva");

if (!$db)
{
  die('Could not connect: ' . mysql_error());
}
else
{
//echo 'Connected successfully';
}

mysql_select_db("sharelib",$db);
        $varUser = $_POST["username"];
$varPass = $_POST["password"];
$result = mysql_query("SELECT * FROM user_table where email = '".$varUser."'          
  and password =PASSWORD('".$varPass."')",$db);
                     

if($result)
{

if($myrow = mysql_fetch_row($result))
{
//print "Authenticated Successfully";
$URL="http://localhost/MyLibrary/home.php";
//header ('Location: $URL');
//header ('Location: http://localhost/MyLibrary/home.php');
header ("Location: $URL");
}
else
{
// print "you dont exist";
//Trying to redirect to Login Page
//print "Authentication Failure";
$URL="http://localhost/MyLibrary/login.php";
//header ("Location: $URL");
//header ('Location: http://localhost/MyLibrary/login.php');
header ("Location: $URL");
exit;
}
}
else
{
print "Oooops DB Syntax Problem!!!";
}

mysql_close($db);
?>
[/code]

Working Code!!!  Very weird!!!

Thanks folks :D

[ashucool83]

Now that I can go to my home.php page .... do I need to write a cookie to keep my session only for user'A' and not user 'B' cause currently if I type

http://localhost/MyLibrary/home.php

I can still reach the page without the authentication. How do you guys suggest fixing this ?

Thanks

[ronverdonk]

That is a different story. After authentication you need to save your session in the $_SESSION array. At each page (after the session_start) you verify that the $_SESSION variables are still intact. If not, redirect visitor to the login.php page.

[ashucool83]

Thanks ... will read about that and if more questions will post it over here!!!  ;D

[ronverdonk]

See the tutorial about session handling at the zend website:

[url=http://www.zend.com/zend/tut/session.php]http://www.zend.com/zend/tut/session.php[/url]