melting_dog Posted July 3, 2010 Share Posted July 3, 2010 Hi all. Im probably missing something here so forgive me if this is a noob question. I have created a login page for a site I am building at home with xampp. For the last week its been fine but just today when I try to use the login it redirects me to main.php - theres no such page in my folder structure. my login looks something like this: Login in page: <form name="form1" method="post" action="loginProcess.php"> <input name="name" type="text" value="Name" size="40" maxlength="100" /> <input name="password" type="password" value="password" size="40" maxlength="100" /> <label><input type="submit" name="Submit" id="Submit" value="Submit" /></label> </form> loginProcess page (which doesnt actually get reached): $name=$_POST['name']; $password=$_POST['password']; $name = stripslashes($name); $password = stripslashes($password); $name = mysql_real_escape_string($name); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE firstName='$name' and password='$password'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_register("name"); session_register("password"); header("location:loginSuccess.php"); } else { $wrong = '<h3 style = "text-align: center;">Sorry! Wrong Username or Password</h3>'; } ob_end_flush(); ?> Oddly enough, when I put in an incorrect name or password it does redirect to the right page. - Just wierd anyone know why this is happening? Quote Link to comment Share on other sites More sharing options...
robert_gsfame Posted July 3, 2010 Share Posted July 3, 2010 try changing this--> $sql="SELECT * FROM $tbl_name WHERE firstName='$name' and password='$password'"; into this--> $sql="SELECT * FROM $tbl_name WHERE firstName='$name' AND password='$password'"; and this--> if($count==1){ session_register("name"); session_register("password"); header("location:loginSuccess.php"); } into this--> if(!empty($count)){ session_start(); $_SESSION['name']=$name; $_SESSION['password']=$password; header("location:loginSuccess.php"); } let see if it works Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2010 Share Posted July 3, 2010 Firstly, if you're going to use any $_SESSION data, you need to have session_start(); at the beginning of the script. Also, session_register() is deprecated. and should be changed to use the correct syntax (see below). And I can't think of any good reason to store a password in a $_SESSION var. Lastly, after a header() redirect, you should always follow it with exit(); to prevent the script form executing any further. $_SESSION['name'] = $name; Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2010 Share Posted July 3, 2010 Double post . . . deleted . . . Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2010 Share Posted July 3, 2010 and this--> if($count==1){ session_register("name"); session_register("password"); header("location:loginSuccess.php"); } into this--> if(!empty($count)){ session_start(); $_SESSION['name']=$name; $_SESSION['password']=$password; header("location:loginSuccess.php"); } I disagree. I think the query result should be verified to match one, and only one, record. Quote Link to comment Share on other sites More sharing options...
robert_gsfame Posted July 3, 2010 Share Posted July 3, 2010 yeah...but when u register, u have done the checking part...so (!empty($count)) or ($count==1) is the same Quote Link to comment Share on other sites More sharing options...
melting_dog Posted July 3, 2010 Author Share Posted July 3, 2010 Firstly, if you're going to use any $_SESSION data, you need to have session_start(); at the beginning of the script. Also, session_register() is deprecated. and should be changed to use the correct syntax (see below). And I can't think of any good reason to store a password in a $_SESSION var. Lastly, after a header() redirect, you should always follow it with exit(); to prevent the script form executing any further. $_SESSION['name'] = $name; Thanks Robert and Pikachu. I have updated the session_register to $_SESSION. It seems as if the session_start wasw the problem: i had it on a thrid page that redirected from loginProcess.php but have changed it to where robert suggested. So alls fine now but i might have to do some more testing... Cheers Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2010 Share Posted July 3, 2010 They aren't the same, really. The expected result is exactly one record, not a record set of one or more records. Anything other than one record can indicate a data problem. Why not check for it since the query is being run anyhow, and trigger_error() and/or die() if it fails? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.