user login help

[scmeeker]

I'm creating a very basic user login form.  After verifying the username and password, I would like it to go to another page: listtest5.php.  It keeps going back to the original login (userlogin.html)even when using a valid username and password.  How do I get it to redirect to listtest5.php after a successful login?

 

Thanks for your help!

if ((!isset($_POST["username"])) || (!isset($_POST["password"]))) {
header("Location: listtest5.php");
exit;
}

//connect to server and select database
$mysqli = mysqli_connect("localhost", "", "", "");

//create and issue the query
$sql = "SELECT username, password FROM table WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')";
$result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));

//get the number of rows in the result set; should be 1 if a match
if (mysqli_num_rows($result) == 1) {

header("location:listtest5.php");
exit();

//set authorization cookie
setcookie("auth", "1", 0, "/", "whereever.com", 0);


} else {
//redirect back to login form if not authorized
header("Location: userlogin.html");
exit;
}
?>

[Alex]

I'm guessing you have some kind of verification code on listtest5.php that checks if a certain cookie is set and your problem is that you're setting the cookie after you call exit(); so that bit of code will never execute.

 

//set authorization cookie
setcookie("auth", "1", 0, "/", "whereever.com", 0);
header("location:listtest5.php");
exit();

[scmeeker]

I don't have the cookie set up on listtest5.php yet.  At this point I'm really trying to get it to redirect to another page of my choice after verification of the username and password.  I tried removing the cookie to test that but it still didn't work.

[Andy-H]

Probably a stupid question but I'm assuming you used the SQL PASSWORD() function when the user registered to insert their details to your "table" table? and that the field was set to the correct datatype to store the hash? I duno what it should be as I have never seen the SQL PASSWORD() function but read up and it uses sha1 twice.

-------------------------------------------------------------------
Prior to MySQL 4.1
-------------------------------------------------------------------
mysql> SELECT PASSWORD('mypass');
+--------------------+
| PASSWORD('mypass') |
+--------------------+
| 6f8c114b58f2ce9e   |
+--------------------+
-------------------------------------------------------------------
As of MySQL 4.1
-------------------------------------------------------------------
mysql> SELECT PASSWORD('mypass');
+-------------------------------------------+
| PASSWORD('mypass')                        |
+-------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------+
-------------------------------------------------------------------

 

See http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html

[Andy-H]

Also you should really give some kind of error message if the details are incorrect, rather than just redirecting to the login (HTML) page.

[scmeeker]

Thanks so much for both of you're help but I got it worked out!    I ended up getting some different code...that one wasn't working out so well.