Jump to content

login won't redirect upon submit


simcoweb

Recommended Posts

I have a login page with the following code:

[code]<?
// Declare loginError so a value is always available
$loginError = "";
// Enable sessions
// Set Session Value
$_SESSION['loggedin'] = @$eg_Result1['username'];

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);

include 'dbconfig.php';
// Connect to database
$eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $eg_objConn1);
// Validate users input
if(!empty($_POST))
{
// Check username has a value
if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!";
// Check password has a value
if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!";
// Check if any errors were returned and run relevant code
if(empty($eg_error))
{
// Get Record Set
$eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros`  WHERE `plateau_pros`.`username` = '".@$_POST['username']."' AND `plateau_pros`.`password` = '".@$_POST['password']."'", $eg_objConn1);
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC);
// Conditional statement
//if(!empty($eg_Result1['memberid']))
//{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}
}
?>[/code]

The problem is that once the person enters username/password and hits submit it winds up right back at the login.php page instead of forwarding (upon successful validation) to the members.php page as instructed. My eyes are bugging out trying to spot the problem. So, perhaps some 'new eyes' could help me out here ?  :P
Link to comment
Share on other sites

Hi Simcoweb

just did some looking around and found this page http://php.about.com/od/learnphp/ht/phpredirection.htm 
with reference to the header() construct

take a look and have a look at "heres how" number 2, it mentions that header wont work if any text has been sent to the browser before the header() is called. maybe thats your problem

hope that has shed some light, if thats not the problem...i am no help at all and I shall crawl back under my stone without a coffee...
Paul
Link to comment
Share on other sites

Hi Paul:

Thanks for the post. I'm aware of that aspect of the headers but normally that would produce a 'Premature end to script headers' error message which would indicate some HTML has been passed before the header. In this case everything is working except the redirection to the member's page after the login attempt. It's got to be something in the if/else statements that i'm not spotting. Some sort of syntax error or bad logic in my code.
Link to comment
Share on other sites

Hi Simcoweb
spotted you probelm I think. look at your code here
[code]
//if(!empty($eg_Result1['memberid']))
//{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}

[/code]

you have commented out the if statement and the starting '{' of the if/else statement. dont know if you meant to do this but there we go, i have a feeling that you did mean to do it because when you un-comment them, there is not enough closing '}', it requires one more at the end.
Link to comment
Share on other sites

Hi Paul:

Thanks for your post and for spotting that missing element. I did change the code to this:

[code]<?
// Enable sessions
session_start();
// Set Session Value
$_SESSION['loggedin'] = @$eg_Result1['username'];
// Declare loginError so a value is always available
$loginError = "";

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);

include 'dbconfig.php';
// Connect to database
$eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $eg_objConn1);
// Validate users input
if(!empty($_POST))
{
// Check username has a value
if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!";
// Check password has a value
if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!";
// Check if any errors were returned and run relevant code
if(empty($eg_error))
{
// Get Record Set
$eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros`  WHERE `plateau_pros`.`username` = '".@$_POST['username']."' AND `plateau_pros`.`password` = '".@$_POST['password']."'", $eg_objConn1);
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC);
// Conditional statement
if(!empty($eg_Result1['memberid']))
{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}
}
}
?>[/code]

Which reinstates that 'if' statement. I originally disabled it as one of the many experiements to get the redirection to work. Even with the reinstating and repairing of the code (as above) the redirection still doesn't work (*sigh*). Perhaps with this revised code there's still something missing?
Link to comment
Share on other sites

Hi simcoweb

try this one for size

[quote]$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC);[/quote]

is your line, you are preventing any errors in this query, maybe thats your problem try this one

[code]$eg_Result1 = mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());[/code]

let me know and I will make something else up to throw at you....
Link to comment
Share on other sites

heh... no errors displayed. Figures. It appears it's making the query without a hitch. Then it either hits a spot that tells it to quit or it's quitting on its own. Obviously it should query the database, check the username/password to make sure they exist, then if successful redirect to the stated page. If error, it would return to the login page and show the errors. Only no errors are being shown.
Link to comment
Share on other sites

something else that may be causeing something

in your origonal query you SELECT plateau_pros.memberid FROM plateau_pros

but in your if statement you only used the memberid to see if its empty, it will be, because memberid on its own is not in the results set, it should be looking for
[code]
if(!empty($eg_Result1['plateau_pros.memberid']))
{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}
[/code]

told you i could come up with something else...
Link to comment
Share on other sites

try this then, first assign the posted variables to normal variables before putting them in the query construct
[code]
$uname = $_POST['username'];
$pword = $_POST['password'];
$eg_recResult1 = mysql_query("SELECT memberid FROM plateau_pros  WHERE username = '$uname' AND password = '$pword'", eg_objConn1);
$eg_Result1 = mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());
if(!empty($eg_Result1['memberid']))
{
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}

[/code]


Link to comment
Share on other sites

Hmmm...here's what I noticed. My validation is checking the entry of something into the fields. However, there's nothing checking the posted info with the data in the database.

Right now i'm getting 'User not found' errors no matter what I type in even though the user IS in the database. I need some authentication code to use the SELECT data against a comparison. Not sure how to do that.
Link to comment
Share on other sites

I've modified the code a bit to include a check against the results:

[code]$username = $_POST['username'];
$password = $_POST['password'];
// Get Record Set
$eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros`  WHERE `plateau_pros`.`username` = '$username' AND `plateau_pros`.`password` = '$password'", $eg_objConn1);
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());

if (mysql_num_rows($eg_recResult1) == 1) {
      // the user id and password match,
      // set the session
      $_SESSION['loggedin'] = true;
// Conditional statement
// if(!empty($eg_Result1['plateau_pros.username']))
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}[/code]

STILL it won't redirect. ARRGGGGGGGGGGGH!
Link to comment
Share on other sites

in your modified code you have two conditional statements doing the same thing
[quote]
if (mysql_num_rows($eg_recResult1) == 1) {                      <---------------this one checks to see if one row is returned(i.e user ok)
      // the user id and password match,
      // set the session
      $_SESSION['loggedin'] = true;
// Conditional statement
// if(!empty($eg_Result1['plateau_pros.username']))              <-----and this one checks thats its not empty
// Go to page
header("Location: members.php");
exit;
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}
[/quote]

can you not

[code]
if (mysql_num_rows($eg_recResult1) == 1) {  //checks that a valid row is returned and only one so it must be the user in question.
      // set the session
      $_SESSION['loggedin'] = true;
// Go to page
header("Location: members.php");
break;                                          //try break; instead of exit, exit; tries to output a message
}
else
{
$loginError = "Your user name and password do not match any in our database!";
}[/code]

and if you are only calling data from one table - plateau_pros, I dont think you need the plateau_pros.column_name only the column name, just copy and paste this query in a see what ahppens

[code]
$eg_recResult1 = mysql_query("SELECT memberid FROM plateau_pros  WHERE username = '$username' AND password = '$password'", eg_objConn1);
[/code]
Link to comment
Share on other sites

Hi Paul:

Thanks for your persistence! I'm sure we'll nail this eventually.

Ok, regarding the two conditional statements, if you notice the lower one is commented out while replacing it with the one above. I was experimenting to see if perhaps the check for a valid member was not working with the lower statement.

I utilized your modified query statement and upon submit got this error:

[quote]Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home2/wwwxxxx/public_html/login.php on line 31
Error in query: $eg_Result1.[/quote]

Line 31 is the query. I've made no other changes in the code except to actually delete the 2nd conditional statement that was previously commented out.
Link to comment
Share on other sites

the only line that we know throws a "Named Error" is
[code]
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());

[/code]

the last part tells it to tell us " Error in query: $eg_result1." if there is a problem with it...and voila it worked

just got to figure out exactly what this means
[quote]
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource

[/quote]
Link to comment
Share on other sites

This is a baffler to say the least. I can't imagine what the problem is with the query. It's the right database, the right table and the right fields. I don't see a syntax error.

I rewrote it slightly to see if that fixed it. The 'resource' reference went away but the sql error persists. Here's the  new snippet:

[code]// Get Record Set
$eg_recResult1 = ("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'");
mysql_query($eg_recResult1);
$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());[/code]
Link to comment
Share on other sites

please give this a try.... copy and paste it where it needs to go ...as is...

[code]
//build the query and run it - assign it to variable called query

$query = mysql_query("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'") or die ('Error in query: $query. ' . mysql_error());

// call for the result set - assign it to variable called $result

$result = mysql_fetch_assoc($query) or die ('Error in query: $result. ' . mysql_error());

//count the rows in the resultant results set

if (mysql_num_rows($result) == 1)
                {
                    //if a row exists i.e username and password match a person, start a session and re-direct, the break out of if statement

                    $_SESSION['loggedin'] = true;
    header("Location: members.php");
    exit;
}
else
{
                    //otherwise $loginError becomes the string below

    $loginError = "Your user name and password do not match any in our database!";
}

[/code]

I think I found another problem in your code, thats the problem with things looking the same...see if I spotted it right.... you had a query called "$eg_recResult1" then you had a variable calling the result set called "$eg_Result1" you then in the IF statement tried to count the lines in "$eg_recResult1" when the resultant rows are actually held by "$eg_Result1" so I have changed the names completley in the above................it changed on the first post on this page after you made some changes, from then on all other changes will not have worked

if the query throws an error is will say "Error in query: $query"
if calling the result set throws an error it will say "Error in query: $result"
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.