Jump to content

Archived

This topic is now archived and is closed to further replies.

simcoweb

login won't redirect upon submit

Recommended Posts

I have a login page with the following code:

[code]<?
// Declare loginError so a value is always available
$loginError = "";
// Enable sessions
// Set Session Value
$_SESSION['loggedin'] = @$eg_Result1['username'];

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);

include 'dbconfig.php';
// Connect to database
$eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $eg_objConn1);
// Validate users input
if(!empty($_POST))
{
// Check username has a value
if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!";
// Check password has a value
if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!";
// Check if any errors were returned and run relevant code
if(empty($eg_error))
{
// Get Record Set
$eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros`  WHERE `plateau_pros`.`username` = '".@$_POST['username']."' AND `plateau_pros`.`password` = '".@$_POST['password']."'", $eg_objConn1);
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC);
// Conditional statement
//if(!empty($eg_Result1['memberid']))
//{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}
}
?>[/code]

The problem is that once the person enters username/password and hits submit it winds up right back at the login.php page instead of forwarding (upon successful validation) to the members.php page as instructed. My eyes are bugging out trying to spot the problem. So, perhaps some 'new eyes' could help me out here ?  :P

Share this post


Link to post
Share on other sites
Hi Simcoweb

just did some looking around and found this page http://php.about.com/od/learnphp/ht/phpredirection.htm 
with reference to the header() construct

take a look and have a look at "heres how" number 2, it mentions that header wont work if any text has been sent to the browser before the header() is called. maybe thats your problem

hope that has shed some light, if thats not the problem...i am no help at all and I shall crawl back under my stone without a coffee...
Paul

Share this post


Link to post
Share on other sites
Hi Paul:

Thanks for the post. I'm aware of that aspect of the headers but normally that would produce a 'Premature end to script headers' error message which would indicate some HTML has been passed before the header. In this case everything is working except the redirection to the member's page after the login attempt. It's got to be something in the if/else statements that i'm not spotting. Some sort of syntax error or bad logic in my code.

Share this post


Link to post
Share on other sites
I wish I could say that took care of it :(  Unfortunately it didn't. Still just comes right back to the login page after submit.

Share this post


Link to post
Share on other sites
Still looking for a resolution on this one. Once again, after entering username/password it just returns to the login page. Not sure why.

Share this post


Link to post
Share on other sites
Hi Simcoweb
spotted you probelm I think. look at your code here
[code]
//if(!empty($eg_Result1['memberid']))
//{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}

[/code]

you have commented out the if statement and the starting '{' of the if/else statement. dont know if you meant to do this but there we go, i have a feeling that you did mean to do it because when you un-comment them, there is not enough closing '}', it requires one more at the end.

Share this post


Link to post
Share on other sites
Hi Paul:

Thanks for your post and for spotting that missing element. I did change the code to this:

[code]<?
// Enable sessions
session_start();
// Set Session Value
$_SESSION['loggedin'] = @$eg_Result1['username'];
// Declare loginError so a value is always available
$loginError = "";

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);

include 'dbconfig.php';
// Connect to database
$eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $eg_objConn1);
// Validate users input
if(!empty($_POST))
{
// Check username has a value
if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!";
// Check password has a value
if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!";
// Check if any errors were returned and run relevant code
if(empty($eg_error))
{
// Get Record Set
$eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros`  WHERE `plateau_pros`.`username` = '".@$_POST['username']."' AND `plateau_pros`.`password` = '".@$_POST['password']."'", $eg_objConn1);
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC);
// Conditional statement
if(!empty($eg_Result1['memberid']))
{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}
}
}
?>[/code]

Which reinstates that 'if' statement. I originally disabled it as one of the many experiements to get the redirection to work. Even with the reinstating and repairing of the code (as above) the redirection still doesn't work (*sigh*). Perhaps with this revised code there's still something missing?

Share this post


Link to post
Share on other sites
Hi simcoweb

try this one for size

[quote]$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC);[/quote]

is your line, you are preventing any errors in this query, maybe thats your problem try this one

[code]$eg_Result1 = mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());[/code]

let me know and I will make something else up to throw at you....

Share this post


Link to post
Share on other sites
heh... no errors displayed. Figures. It appears it's making the query without a hitch. Then it either hits a spot that tells it to quit or it's quitting on its own. Obviously it should query the database, check the username/password to make sure they exist, then if successful redirect to the stated page. If error, it would return to the login page and show the errors. Only no errors are being shown.

Share this post


Link to post
Share on other sites
something else that may be causeing something

in your origonal query you SELECT plateau_pros.memberid FROM plateau_pros

but in your if statement you only used the memberid to see if its empty, it will be, because memberid on its own is not in the results set, it should be looking for
[code]
if(!empty($eg_Result1['plateau_pros.memberid']))
{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}
[/code]

told you i could come up with something else...

Share this post


Link to post
Share on other sites
do you echo out $loginError anywhere to see if that is being set during this if/else statement to see whether the failing side of the if/else is working OK???

Share this post


Link to post
Share on other sites
heh..well, at least that produced an error. Unfortunately it's an error that the username doesn't exist in my database. But, I know it does cuz i'm looking right at it. Me thinks there's a problem with the query.

Share this post


Link to post
Share on other sites
try this then, first assign the posted variables to normal variables before putting them in the query construct
[code]
$uname = $_POST['username'];
$pword = $_POST['password'];
$eg_recResult1 = mysql_query("SELECT memberid FROM plateau_pros  WHERE username = '$uname' AND password = '$pword'", eg_objConn1);
$eg_Result1 = mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());
if(!empty($eg_Result1['memberid']))
{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}

[/code]


Share this post


Link to post
Share on other sites
Hmmm...here's what I noticed. My validation is checking the entry of something into the fields. However, there's nothing checking the posted info with the data in the database.

Right now i'm getting 'User not found' errors no matter what I type in even though the user IS in the database. I need some authentication code to use the SELECT data against a comparison. Not sure how to do that.

Share this post


Link to post
Share on other sites
I've modified the code a bit to include a check against the results:

[code]$username = $_POST['username'];
$password = $_POST['password'];
// Get Record Set
$eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros`  WHERE `plateau_pros`.`username` = '$username' AND `plateau_pros`.`password` = '$password'", $eg_objConn1);
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());

if (mysql_num_rows($eg_recResult1) == 1) {
      // the user id and password match,
      // set the session
      $_SESSION['loggedin'] = true;
// Conditional statement
// if(!empty($eg_Result1['plateau_pros.username']))
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}[/code]

STILL it won't redirect. ARRGGGGGGGGGGGH!

Share this post


Link to post
Share on other sites
in your modified code you have two conditional statements doing the same thing
[quote]
if (mysql_num_rows($eg_recResult1) == 1) {                      <---------------this one checks to see if one row is returned(i.e user ok)
      // the user id and password match,
      // set the session
      $_SESSION['loggedin'] = true;
// Conditional statement
// if(!empty($eg_Result1['plateau_pros.username']))              <-----and this one checks thats its not empty
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}
[/quote]

can you not

[code]
if (mysql_num_rows($eg_recResult1) == 1) {  //checks that a valid row is returned and only one so it must be the user in question.
      // set the session
      $_SESSION['loggedin'] = true;
// Go to page
header("Location: members.php");
break;                                          //try break; instead of exit, exit; tries to output a message
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}[/code]

and if you are only calling data from one table - plateau_pros, I dont think you need the plateau_pros.column_name only the column name, just copy and paste this query in a see what ahppens

[code]
$eg_recResult1 = mysql_query("SELECT memberid FROM plateau_pros  WHERE username = '$username' AND password = '$password'", eg_objConn1);
[/code]

Share this post


Link to post
Share on other sites
Hi Paul:

Thanks for your persistence! I'm sure we'll nail this eventually.

Ok, regarding the two conditional statements, if you notice the lower one is commented out while replacing it with the one above. I was experimenting to see if perhaps the check for a valid member was not working with the lower statement.

I utilized your modified query statement and upon submit got this error:

[quote]Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home2/wwwxxxx/public_html/login.php on line 31
Error in query: $eg_Result1.[/quote]

Line 31 is the query. I've made no other changes in the code except to actually delete the 2nd conditional statement that was previously commented out.

Share this post


Link to post
Share on other sites
the only line that we know throws a "Named Error" is
[code]
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());

[/code]

the last part tells it to tell us " Error in query: $eg_result1." if there is a problem with it...and voila it worked

just got to figure out exactly what this means
[quote]
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource

[/quote]

Share this post


Link to post
Share on other sites
This is a baffler to say the least. I can't imagine what the problem is with the query. It's the right database, the right table and the right fields. I don't see a syntax error.

I rewrote it slightly to see if that fixed it. The 'resource' reference went away but the sql error persists. Here's the  new snippet:

[code]// Get Record Set
$eg_recResult1 = ("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'");
mysql_query($eg_recResult1);
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());[/code]

Share this post


Link to post
Share on other sites
please give this a try.... copy and paste it where it needs to go ...as is...

[code]
//build the query and run it - assign it to variable called query

$query = mysql_query("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'") or die ('Error in query: $query. ' . mysql_error());

// call for the result set - assign it to variable called $result

$result = mysql_fetch_assoc($query) or die ('Error in query: $result. ' . mysql_error());

//count the rows in the resultant results set

if (mysql_num_rows($result) == 1)
                {
                    //if a row exists i.e username and password match a person, start a session and re-direct, the break out of if statement

                    $_SESSION['loggedin'] = true;
    header("Location: members.php");
    exit;
}
else
{
                    //otherwise $loginError becomes the string below

    $loginError = "Your user name and password do not match any in our database!";
}

[/code]

I think I found another problem in your code, thats the problem with things looking the same...see if I spotted it right.... you had a query called "$eg_recResult1" then you had a variable calling the result set called "$eg_Result1" you then in the IF statement tried to count the lines in "$eg_recResult1" when the resultant rows are actually held by "$eg_Result1" so I have changed the names completley in the above................it changed on the first post on this page after you made some changes, from then on all other changes will not have worked

if the query throws an error is will say "Error in query: $query"
if calling the result set throws an error it will say "Error in query: $result"

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.