After signed in redirect to?

[hash1]

Hey guys stumped again here. Im trying to get this to redirect to the members page after it has verified all credentials and then started the users session.

 

Here is what the code looks like

 

<?php
    require_once 'handler.php';
    $username = cleanString($_POST['username']);
    $password = md5($_POST['password']); 
    if(empty($username) || empty($password)){
        echo 'You must enter a username and password!';
    }  
    else{
        $sql = mysql_query("SELECT * FROM users WHERE username='$username'");
        if(mysql_num_rows($sql) < 1){
            echo 'That username does not exist.';
        }  
	        else{
            $sql2 = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
            if(mysql_num_rows($sql2) < 1){
                echo 'Your password is incorrect.';
            }  
		            else{
                $_SESSION['username'] = $username;
                $_SESSION['password'] = $password;

            }
        }
    }
?>  

 

I tried throwing

header("Location: http://phpproject.netii.net/members.php");

 

in the bunch, but that didn't work out very well.

 

Thanks in advanced!

[asmith]

Where did you tried throwing header location line?

 

And what is in your handler?

Where have you put session_start()?

 

in the bunch, but that didn't work out very well.

[/quote[

How it didn't work out very well?

 

[hash1]

Where did you tried throwing header location line?

 

And what is in your handler?

Where have you put session_start()?

 

in the bunch, but that didn't work out very well.

[/quote[

How it didn't work out very well?

 

 

I tried throwing in header right after the two session lines, but this made the script sop functioning.

 

And here is my handler which is where session_start is

   1.
      <?php
   2.
      session_start();
   3.
      mysql_connect("**********", "**********", "**********");
   4.
      mysql_select_db("**********_usys");
   5.
      function cleanString($string){
   6.
      htmlentities(mysql_real_escape_string($string));
   7.
      return $string;
   8.
      }
   9.
      if(!$_SESSION['username'] || !$_SESSION['password']){
  10.
      $loggedIn = False;
  11.
      } else {
  12.
      $loggedIn = True;
  13.
      }
  14.
      ?> 

[asmith]

What is the error you're receiving?

[ignace]

1) Fixed your cleanString function

 

function cleanString($string) {
    $string = htmlentities(mysql_real_escape_string($string));
    return $string;
}

 

2) Use something different then $loggedIn = false|true because if your server accidentically supports register_globals you'll in for some trouble when I type ?loggedIn=true I would use something like a challenge key

 

3) Don't store a user password in the session.

[hash1]

1) Fixed your cleanString function

 

function cleanString($string) {
    $string = htmlentities(mysql_real_escape_string($string));
    return $string;

}

 

2) Use something different then $loggedIn = false|true because if your server accidentically supports register_globals you'll in for some trouble when I type ?loggedIn=true I would use something like a challenge key

 

3) Don't store a user password in the session.

 

Thank you I will keep that in mind!

 

And to answer asmith, I just get a white page and then it redirects to the host companies page?

[asmith]

Have you tried different URL for redirecting?

 

'http://phpproject.netii.net/members.php'  gives me 'not found' error.