Jump to content

Redirect Issue


CEVGames

Recommended Posts

First let me say I am learning PHP as I do this, so bear with me if any of my mistakes are just silly!

I have a log in system in place.  I can register and send the e-mail.  I have a log in page that allows the user to log in.  If the wrong name/password combo is entered it displays an incorrect log in message on the same page.  However, when the correct information is entered, it does not redirect to the proper page (play.php).  Now if I am not logged in and I manually go to play.php via the address bar, it will redirect me to the error page (as it should).  However if I do log in, and manually go to play.php, it will allow me access and does show the cookies (username and score) that I have set to print.  Here are the codes I have for each page.  Can someone please tell me where I am going wrong!    (*on db.php I have tried with and without ob_start(); figuring at first I wouldn't need it because I did not output anything!  I have tried tons of combinations including a log in function).

 

on db.php

<?php
session_start(); 
mysql_connect("localhost", "dbuser", "dbpassword"); 
mysql_select_db("myDB");

{ 
if (isset($_POST['username']) && isset($_POST['pword']))
{ 
$username = mysql_real_escape_string($_POST['username']); 
$password = md5( mysql_real_escape_string($_POST['pword']) );
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
$rows = mysql_num_rows($sql); 

if ($rows<1)
{ 
echo "&serverResponse=Incorrect username/password"; 
}
else 
{
ob_start;
header( "Location: play.php" ) ;
$_SESSION['username'] = $username;
$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
$row=mysql_fetch_assoc($result);
$total = $row['total'];
setcookie("username", "$username", time()+3600);
setcookie("total", "$total", time()+3600);



} 
}}
?>

 

on login.php

<?php
include("db.php"); 

?>

 

 

on play.php

<?php
include("db.php"); 
if ((isset($_COOKIE["username"])) && (isset ($_COOKIE["total"]))) {
print ("&username=" . $_COOKIE["username"]);
print ("&total=" . $_COOKIE["total"]);}

else {
ob_start();
header('Location: nogo.php');
}

 

Link to comment
Share on other sites

surely you need to have the database connection there instead of floating, pop the connection handle into the first mysql_ function, then the queries will inherit the connections from the first one.

 

That may not be the issue, but always good practice to instantiate a connection handle.

 

You need to set a limiter to the sql too so that you only get 1 row returned, that's usually a good place to start, and do a print_r to see what is actually available when you have run the checks on the cookie:-

 

<?php
include("db.php"); 
if ((isset($_COOKIE["username"]) && !empty($_COOKIE["username"])) && (isset ($_COOKIE["total"]) && !empty($_COOKIE["total"]))) {
print_r($_COOKIE);
echo "username: ".$_COOKIE['username'];
echo "total:".$_COOKIE['total'];
}
else {
header('Location: nogo.php');
exit;//good practice to have an exit after the header call too
}

 

Try that, and see what's returned.

 

Rw

Link to comment
Share on other sites

@Pikachu:

 

When I put the code in you recommended I get this error in regards to line one of your code:

 

Parse error: syntax error, unexpected T_LNUMBER in /home/victimo1/public_html/db.php on line 2

 

???  Did I do something wrong?

 

@rwwd:

 

I’m lost by most of what you said.  (Like I said really new at this.)

 

“connection there instead of floating, pop the connection handle into the first mysql_ function, then the queries will inherit the connections from the first one.

 

That may not be the issue, but always good practice to instantiate a connection handle.” 

Do you mean use a function?  Like the log in function I initially used?

 

When you are talking about getting one row returned I am a bit confused because only one entry should return for each user because duplicate entries are not allowed for user name or e-mail address.

 

What exactly will this code do?  Based on being able to manually go to the play.php page, I don’t see how the issue would be on the play.php page instead of the db.php page.  It does not even attempt to redirect or move from the log in page.

 

 

I'm sorry if I'm asking a lot of questions and I am confused by some of this.  I want to be able to understand what I am doing as well as just do it.

Link to comment
Share on other sites

@pikachu,

 

I tried ()'s around the 1, but I was wrong.  8)

 

So I did it with the , instead, and I got nothing back; same situation.  :-\

 

I feel hopeless, but figure you guys are geniuses.  :D  - If worse comes to worse I can always do an echo that says click continue and insert a continue button, but I would hate to do that because I think it looks tacky.

Link to comment
Share on other sites

try this:-

 

db.php

<?php
session_start(); 
$conn = mysql_connect("localhost", "dbuser", "dbpassword"); 
mysql_select_db("myDB", $conn);

if (isset($_POST['username']) && isset($_POST['pword'])){ 

$username = mysql_real_escape_string(strip_tags($_POST['username'])); 
$password = md5(mysql_real_escape_string(strip_tags($_POST['pword'])));

//I assume at this point that your checking that the md5 value matches what's in the DB, check that the varchar
//limit exceeds 32 chars, else it WILL not function 

$sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1"); 

if (mysql_num_rows($sql) == 0){ 

echo "&serverResponse=Incorrect username/password"; 

}	
else{
$_SESSION['username'] = $username;

$result = mysql_query("SELECT `total` FROM `usersystem` WHERE username` = '".$username."' LIMIT 1") or die( mysql_error() );

$row=mysql_fetch_assoc($result);

$total = $row['total'];

setcookie("username", $username, time()+3600);
setcookie("total", $total, time()+3600);
header( "Location: play.php" );
} 
}
?>

 

play.php

<?php
include("db.php"); 
if((isset($_COOKIE["username"])) && (isset($_COOKIE["total"]))) {
echo "username:".$_COOKIE['username'];
echo "total:".$_COOKIE['total'];
}
else{
header('Location: nogo.php');
exit;
}

 

Ok, I have done that lot a little better, but I have only formatted what was there a little better, and changed the logic a little, I'm not saying that it will be better, but at least things are in the right order now.

 

Rw

Link to comment
Share on other sites

Thanks for your dedication to this I really appreciate it!

 

db.php:

<?php
ini_set('display_errors', 1);
error_reporting(-1);
session_start(); 
mysql_connect("localhost", "victimo1_victest", "HighFlyer1922"); 
mysql_select_db("victimo1_myDB");

{ 
if (isset($_POST['username']) && isset($_POST['pword']))
{ 

$username = mysql_real_escape_string($_POST['username']); 
$password = md5( mysql_real_escape_string($_POST['pword']) );
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
$rows = mysql_num_rows($sql); 

if ($rows<1)
{ 
echo "&serverResponse=Incorrect username/password"; 
}
else 
{
if( headers_sent() ){
     echo '&serverResponse=Headers already sent. Can\'t redirect.'
}
header( "Location: play.php" ) ;
$_SESSION['username'] = $username;
$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
$row=mysql_fetch_assoc($result);
$total = $row['total'];
setcookie("username", "$username", time()+3600);
setcookie("total", "$total", time()+3600);



} 
}}
?>

 

login.php

<?php
include("db.php"); 

?>


<HTML>
<HEAD>
<meta http-equiv=Content-Type content="text/html;  charset=ISO-8859-1">
<TITLE>login</TITLE>
</HEAD>
<BODY bgcolor="#000000">
<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"
WIDTH="550" HEIGHT="400" id="login" ALIGN="">
<PARAM NAME=movie VALUE="login.swf"> <PARAM NAME=quality VALUE=high> <PARAM NAME=bgcolor VALUE=#000000> <EMBED src="login.swf" quality=high bgcolor=#000000  WIDTH="550" HEIGHT="400" NAME="login" ALIGN=""
TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
</OBJECT>
</BODY>
</HTML>

 

 

play.php

<?php
include("db.php"); 
echo ($_COOKIE["total"]);
echo ($_COOKIE["username"]);
if ((isset($_COOKIE["username"])) && (isset ($_COOKIE["total"]))) {
print ("&username=" . $_COOKIE["username"]);
print ("&total=" . $_COOKIE["total"]);}

else {
ob_start();
header('Location: nogo.php');
}

?>

 

I've been reverting when things do work.  :shrug:

 

Link to comment
Share on other sites

$_SESSION['username'] = $username;
$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
$row=mysql_fetch_assoc($result);
$total = $row['total'];
setcookie("username", "$username", time()+3600);
setcookie("total", "$total", time()+3600);
header( "Location: play.php" );//this should be here!!!!
exit;

 

Now everything above the header gets called & set provided the information is correct & assigned correctly from the query..

 

When the header is called, your effectively pointing the script to run elsewhere, and to the best of my knowledge, anything that is under this call doesn't get actioned; or is possibly ignored, I don't think that php parses anything post header call, as it is treated as an exit, this is why it is good practise to place the exit DIRECTLY after a header call.

 

I may not solve this, but at least I can offer some tit-bits of experience and benefit of knowledge; well at least, while I am not so tired that the screen is seeming to blur quite a bit. Bed time!

 

Rw

Link to comment
Share on other sites

Well I feel a bit better that it's not just me!  Maybe I will try to take the log in out of flash and some how recreate it using photoshop and slices.  Maybe I can treat a slice as a layer to give it the same look.  Blah.  Thanks guys.  If you think of anything else, please let me know.    In the mean time I am going to get to this and maybe taking it out of flash will have some effect.  Ehh... :-\

Link to comment
Share on other sites

All this is based on the assumption that all these files are in the same directory, then again, if the header couldn't find the file you would get the generic error message of: page could not be found.

 

I'll check tomorrow to see if there has been a resolution to this, all the best!

 

[EDIT]: My graphics skill's would shame a 3 year old, code behind my site's I consider Ok, but my graphics are poor!! Thankfully I can pass that stuff to another dept, I really wish I knew how to operate PS to create simple buttons with some PAZAZZ!!

 

Rw

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.