Jump to content

Recommended Posts

Hey guys stumped again here. Im trying to get this to redirect to the members page after it has verified all credentials and then started the users session.

 

Here is what the code looks like

 

<?php
    require_once 'handler.php';
    $username = cleanString($_POST['username']);
    $password = md5($_POST['password']); 
    if(empty($username) || empty($password)){
        echo 'You must enter a username and password!';
    }  
    else{
        $sql = mysql_query("SELECT * FROM users WHERE username='$username'");
        if(mysql_num_rows($sql) < 1){
            echo 'That username does not exist.';
        }  
	        else{
            $sql2 = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
            if(mysql_num_rows($sql2) < 1){
                echo 'Your password is incorrect.';
            }  
		            else{
                $_SESSION['username'] = $username;
                $_SESSION['password'] = $password;

            }
        }
    }
?>  

 

I tried throwing

header("Location: http://phpproject.netii.net/members.php");

 

in the bunch, but that didn't work out very well.

 

Thanks in advanced!

Link to comment
https://forums.phpfreaks.com/topic/184893-after-signed-in-redirect-to/
Share on other sites

Where did you tried throwing header location line?

 

And what is in your handler?

Where have you put session_start()?

 

in the bunch, but that didn't work out very well.

[/quote[

How it didn't work out very well?

 

 

I tried throwing in header right after the two session lines, but this made the script sop functioning.

 

And here is my handler which is where session_start is

   1.
      <?php
   2.
      session_start();
   3.
      mysql_connect("**********", "**********", "**********");
   4.
      mysql_select_db("**********_usys");
   5.
      function cleanString($string){
   6.
      htmlentities(mysql_real_escape_string($string));
   7.
      return $string;
   8.
      }
   9.
      if(!$_SESSION['username'] || !$_SESSION['password']){
  10.
      $loggedIn = False;
  11.
      } else {
  12.
      $loggedIn = True;
  13.
      }
  14.
      ?> 

1) Fixed your cleanString function

 

function cleanString($string) {
    $string = htmlentities(mysql_real_escape_string($string));
    return $string;
}

 

2) Use something different then $loggedIn = false|true because if your server accidentically supports register_globals you'll in for some trouble when I type ?loggedIn=true I would use something like a challenge key

 

3) Don't store a user password in the session.

1) Fixed your cleanString function

 

function cleanString($string) {
    $string = htmlentities(mysql_real_escape_string($string));
    return $string;

}

 

2) Use something different then $loggedIn = false|true because if your server accidentically supports register_globals you'll in for some trouble when I type ?loggedIn=true I would use something like a challenge key

 

3) Don't store a user password in the session.

 

Thank you I will keep that in mind!

 

And to answer asmith, I just get a white page and then it redirects to the host companies page?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.