Jump to content

Recommended Posts

Hi all !! I m new here and i want to ask your help..:)

 

This is the code from a login.php page that i code:

login.php

 

<?php

 

ini_set ('display_errors',1);

error_reporting (E_ALL & ~E_NOTICE);

 

if (isset ($_POST['submit'])){

        if ($dbc = @mysql_connect('localhost','web','@qwerty@'))

                {

                        if (!@mysql_select_db ('web_site'))

                        {

                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');

                        }

                }else{

                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');

                        }

 

 

                $query =  'select * from users where user_name = "'.$_POST['username'].'" and password = "'.md5($_POST['password']). '"';

                $select_user = mysql_query($query);

 

 

 

 

if (mysql_num_rows($select_user) != 0)

{

    session_start();

    session_register('authorized');

    $_SESSION['authorized'] = true;

 

    header("Location: admin.php");

    exit;

}

else

{

    header("Location: login_form.php");

    exit;

}

 

}

?>

 

This code is in the admin.php

 

<?php
if ($_SESSION['authorized'] != true)
{
    header("Location: login_form.php");
    exit;
}
?>

 

The problem is that when i type the username and the password in login_form.php it doesn't redirect me in admin.php and it stays in login_form.php

 

Do you have any idea on why this happens?

 

Thanks !

Link to comment
https://forums.phpfreaks.com/topic/178524-solved-header-function-help-in-loginphp/
Share on other sites

Use error_reporting (E_ALL); because hiding NOTICE messages could also be hiding the reason why your code is not working. Have you echoed (see print_r) what is in the $_POST array? Perhaps your form is not sending what you think it is.

lose the 'session_register('authorized');' line.

 

check to make sure you have username and password in the db matching the ones from the posted form.

 

try again.

 

The username and the password in db are matching exactly with the posted form . Also what you mean to lose this line ?

 

And here is the form code . Maybe you ll found here some problem

 

<html>
<head><title>[login]</title></head>
<body bgcolor="black">

<p>
<p>
<br>
<br>
<br>
<br>
<br>

<table align="center" border="1" bgcolor="white">
<tr><td></td></tr>
<tr><td></td><td>
<form method="POST" action="login.php"><br>
Username:<input type="text" name="username"><br><br>
Password:<input type="password" name="password"><br><br>
<input type="submit" value="Login" name="submit">
</form>
</td><td></td></tr>
<tr><td></td></tr>
</table>


</body>

what you mean to lose this line ?

 

WARNING: This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged

 

in reference to session_register() .. i just meant take that line out if you are running PHP v5.3.0+ (which you should be).

 

i believe it's not allowing you to set $_SESSION vars;

well, it's gotta be either your query or connection then.

 

place some echo's throughout your code to make sure you are reaching the right places.

 

echo your query, ie:

 

//just below your query add the following:
echo $query;

 

then match EXACTLY (i can't stress this enough .. too many times the field names, case-sensitivity, password hashing do not match or exist) you field names in your db to those in your query, and make sure your db connection is working too.

well, it's gotta be either your query or connection then.

 

place some echo's throughout your code to make sure you are reaching the right places.

 

echo your query, ie:

 

//just below your query add the following:
echo $query;

 

then match EXACTLY (i can't stress this enough .. too many times the field names, case-sensitivity, password hashing do not match or exist) you field names in your db to those in your query, and make sure your db connection is working too.

 

I check the db fields 10 times :P and the registers...

 

Also i run this to check if the connection established and no error return...

 

<?php

if ($dbc = @mysql_connect('localhost','web','@qwerty@'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }


?>

 

When you echo the md5() of the password you are entering, do you get exactly what is in the password field in the database?

 

You are asking the query to find rows WHERE user_name = $_POST['username'] AND password = md5($_POST['password']). That comparison is failing to find any matching rows. You need to investigate why the comparison is failing. We cannot help you do that because we don't have access to your database to look what is in it, nor do we know what your username and password is.

Ok i ll try to saw you how is my db..

 

Name:  web_site

 

Here are tow screenshots:

 

http://img34.imageshack.us/img34/3070/snapshot1f.png

 

and

 

http://img41.imageshack.us/img41/9457/snapshot2j.png

 

And here is the query echoing...

 

http://img21.imageshack.us/img21/1003/snapshot3h.png

 

Are all good in my opinion..:s

Snapshot 3 tells you what your problem is. Basically speaking you cannot modify headers after you have started output to the screen. Since session_start and header() both require modifying headers so you cannot have output before them. Looking at your code I cannot see any output but I'm assuming that...

 

<?php

ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset ($_POST['submit'])){
        if ($dbc = @mysql_connect('localhost','web','@qwerty@'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }


                $query =  'select * from users where user_name = "'.$_POST['username'].'" and password = "'.md5($_POST['password']). '"';
                $select_user = mysql_query($query);




if (mysql_num_rows($select_user) != 0)
{
    session_start();
    session_register('authorized');

 

... is the very top of the page. If you have anything before <?php even if it's a space or a newline character then your code will not work. To help work out what it is, click 'View Source' in your browser and check what characters you have before the error messages.

Snapshot 3 tells you what your problem is. Basically speaking you cannot modify headers after you have started output to the screen. Since session_start and header() both require modifying headers so you cannot have output before them. Looking at your code I cannot see any output but I'm assuming that...

 

<?php

ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset ($_POST['submit'])){
        if ($dbc = @mysql_connect('localhost','web','@qwerty@'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }


                $query =  'select * from users where user_name = "'.$_POST['username'].'" and password = "'.md5($_POST['password']). '"';
                $select_user = mysql_query($query);




if (mysql_num_rows($select_user) != 0)
{
    session_start();
    session_register('authorized');

 

... is the very top of the page. If you have anything before <?php even if it's a space or a newline character then your code will not work. To help work out what it is, click 'View Source' in your browser and check what characters you have before the error messages.

 

lol ..no .. The error :

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/login/login.php:23) in /var/www/login/login.php on line 27

Warning: Cannot modify header information - headers already sent by (output started at /var/www/login/login.php:23) in /var/www/login/login.php on line 31

 

occurs because i have type in the code

 

echo $query;

 

to see if the query do the right things...:)

Hmmm i see something curious...

 

If i type the correct password the error under the echo $query;  is :

 

select * from users where user_name = "admin" and password = "78fcb88c0a7fba8cead390bb78983705"

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/login/login.php:23) in /var/www/login/login.php on line 27

 

Warning: Cannot modify header information - headers already sent by (output started at /var/www/login/login.php:23) in /var/www/login/login.php on line 31

 

and if i type a wrong password the error become :

 

select * from users where user_name = "admin" and password = "9cdfb439c7876e703e307864c9167a15"

Warning: Cannot modify header information - headers already sent by (output started at /var/www/login/login.php:23) in /var/www/login/login.php on line 36

 

What you say ..?

D'uh, sorry my bad, I just got up :)

 

Let's try that one again. The error messages being different indicates that you are getting a row from the database because both session_start and header are failing. With the wrong password only session_start fails because you pass into the else statement. Therefore looking at your code again (at least whats posted), you don't have session_start at the top of admin.php meaning you will get sent straight back to where you came from since without starting the session $_SESSION['authorised'] will be false.

D'uh, sorry my bad, I just got up :)

 

Let's try that one again. The error messages being different indicates that you are getting a row from the database because both session_start and header are failing. With the wrong password only session_start fails because you pass into the else statement. Therefore looking at your code again (at least whats posted), you don't have session_start at the top of admin.php meaning you will get sent straight back to where you came from since without starting the session $_SESSION['authorised'] will be false.

 

 

Oh YEAH thanks A LOT cags... I add a session_start(); in admin.php and worked .. Thanks a lot all of you guyz!!

This board roolez!! Keep up the good work...

 

PROBLEM SOLVED!!

  • 3 weeks later...

i wont open a new thread but i have a question about redirecting....

i wonder why my code doesnt redirect me...

 

.......

foreach ($_POST as $key => $value)

{

if ($req == '1')

{

if ($value == '')

{header("Location: http://www.mypage.com");}

}

...........

 

:rtfm::confused:

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.