[SOLVED] Server Side Login Fails

[freddyw]

So I have a simple log in to get to the admin options of a website

 

heres the code

HTML

<html>
    <body>
        <form action="adminslog.php" method="post"><br>
         <input type ="password" name="password">
         <input type ="submit" value ="Log in">
         </form>
    </body>
<html>

 

 

PHP

<?

ini_set("display_errors", "1");
error_reporting(E_ALL);

$strCurrentPassword = "AADDMIINN";
$strPassswordEntered = $_POST ['password'];
if ($strPassswordEntered == $strCurrentPassword) 
    {
      echo "Redirecting to Admin Control";
header('Refresh: 0; URL=http://www.mysite/admins.html');

exit;
    
    } 
?>

 

first of all apologies to the people with short tags, I've changed it to <?php it still does the same. After any password is entered, right or wrong it leaves the page blank instead of bringing up the page it should

 

any ideas?

 

 

[.josh]

you are echoing something before your header call.  You cannot have any output before headers are sent.

[freddyw]

The page is now like this

 

<?

ini_set("display_errors", "1");
error_reporting(E_ALL);

$strCurrentPassword = "AADDMIINN";
$strPassswordEntered = $_POST ['password'];
if ($strPassswordEntered == $strCurrentPassword)
    {
header('Refresh: 0; URL=http://www.mysite/admins.html');
echo "Redirecting to Admin Control";

exit;
   
    }
?>

 

still nothing, am i being stupid and missing something obvious?

[gergy008]

Fixed. Use Location instead of refresh.

 

<?

ini_set("display_errors", "1");
error_reporting(E_ALL);

$strCurrentPassword = "AADDMIINN";
$strPassswordEntered = $_POST ['password'];
if ($strPassswordEntered == $strCurrentPassword) 
    {
      echo "Redirecting to Admin Control";
      header("Location: http://www.mysite/admins.html");

exit;
    
    }  
?>

 

Also, Arn't you best off using .htaccess for this?

[.josh]

<?php
$strCurrentPassword = "AADDMIINN";
$strPassswordEntered = $_POST['password'];
if ($strPassswordEntered == $strCurrentPassword)
    {
header('Location: http://www.mysite/admins.html');
exit;
    }
?>

 

 

and make sure you don't have any whitespace before your opening php tag.

[.josh]

well considering you aren't setting a session variable and checking for it on logged in pages, .htaccess would be better, yes.

[freddyw]

Thanks to Both you guys.

 

I read Gergy's first and that got it working. I noticed crayon took out the echo, which makes sense as its an instant redirect.

 

I fairly new to PHP and no *very little* about htaccess, but will look into it

 

*= nothing

 

Thanks. Appreciate the help

[gergy008]

Thanks to Both you guys.

 

I read Gergy's first and that got it working. I noticed crayon took out the echo, which makes sense as its an instant redirect.

 

I fairly new to PHP and no *very little* about htaccess, but will look into it

 

*= nothing

 

Thanks. Appreciate the help

 

Harhar Lol, I didn't  understand it intil an hour of reading a tutorial from google.