hash1 Posted December 12, 2009 Share Posted December 12, 2009 Hey guys stumped again here. Im trying to get this to redirect to the members page after it has verified all credentials and then started the users session. Here is what the code looks like <?php require_once 'handler.php'; $username = cleanString($_POST['username']); $password = md5($_POST['password']); if(empty($username) || empty($password)){ echo 'You must enter a username and password!'; } else{ $sql = mysql_query("SELECT * FROM users WHERE username='$username'"); if(mysql_num_rows($sql) < 1){ echo 'That username does not exist.'; } else{ $sql2 = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); if(mysql_num_rows($sql2) < 1){ echo 'Your password is incorrect.'; } else{ $_SESSION['username'] = $username; $_SESSION['password'] = $password; } } } ?> I tried throwing header("Location: http://phpproject.netii.net/members.php"); in the bunch, but that didn't work out very well. Thanks in advanced! Quote Link to comment Share on other sites More sharing options...
asmith Posted December 12, 2009 Share Posted December 12, 2009 Where did you tried throwing header location line? And what is in your handler? Where have you put session_start()? in the bunch, but that didn't work out very well. [/quote[ How it didn't work out very well? Quote Link to comment Share on other sites More sharing options...
hash1 Posted December 12, 2009 Author Share Posted December 12, 2009 Where did you tried throwing header location line? And what is in your handler? Where have you put session_start()? in the bunch, but that didn't work out very well. [/quote[ How it didn't work out very well? I tried throwing in header right after the two session lines, but this made the script sop functioning. And here is my handler which is where session_start is 1. <?php 2. session_start(); 3. mysql_connect("**********", "**********", "**********"); 4. mysql_select_db("**********_usys"); 5. function cleanString($string){ 6. htmlentities(mysql_real_escape_string($string)); 7. return $string; 8. } 9. if(!$_SESSION['username'] || !$_SESSION['password']){ 10. $loggedIn = False; 11. } else { 12. $loggedIn = True; 13. } 14. ?> Quote Link to comment Share on other sites More sharing options...
asmith Posted December 12, 2009 Share Posted December 12, 2009 What is the error you're receiving? Quote Link to comment Share on other sites More sharing options...
ignace Posted December 12, 2009 Share Posted December 12, 2009 1) Fixed your cleanString function function cleanString($string) { $string = htmlentities(mysql_real_escape_string($string)); return $string; } 2) Use something different then $loggedIn = false|true because if your server accidentically supports register_globals you'll in for some trouble when I type ?loggedIn=true I would use something like a challenge key 3) Don't store a user password in the session. Quote Link to comment Share on other sites More sharing options...
hash1 Posted December 12, 2009 Author Share Posted December 12, 2009 1) Fixed your cleanString function function cleanString($string) { $string = htmlentities(mysql_real_escape_string($string)); return $string; } 2) Use something different then $loggedIn = false|true because if your server accidentically supports register_globals you'll in for some trouble when I type ?loggedIn=true I would use something like a challenge key 3) Don't store a user password in the session. Thank you I will keep that in mind! And to answer asmith, I just get a white page and then it redirects to the host companies page? Quote Link to comment Share on other sites More sharing options...
asmith Posted December 12, 2009 Share Posted December 12, 2009 Have you tried different URL for redirecting? 'http://phpproject.netii.net/members.php' gives me 'not found' error. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.