Jump to content

Recommended Posts

Hello everyone,

 

I have changed a login script to make it a bit more up to date. ( SQL injection, SHA1 encoding, $_SESSION )

Since i am new to all this there will be some stupid things in the code, so don't shoot me yet on the details,

but do tell them since I want to learn offcourse.  :)

 

After a simple login form you get directed to checklogin.php

<?php

session_start();

$host = "localhost";

$username = "admin";

$password = "admin";

$db_name = "request";

$tbl_name = "member";

 

mysql_connect($host, $username, $password)or die("cannot connect");

mysql_select_db($db_name)or die("cannot select DB");

 

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

 

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

 

$encrypted_mypassword = sha1($mypassword);

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";

$result=mysql_query($sql);

 

if(mysql_num_rows($result) == 1){

$_SESSION['myusername'] = $myusername;

$_SESSION['mypassword'] = $encrypted_mypassword;

 

header("location:login_success.php");

}

else {

echo "Wrong Username or Password";

}

 

?>

 

So far so good, when the wrong username is used it gives the correct echo, and with the good one

it directs you to login_succes.php

 

Now login_succes.php:

 

<?

session_start();

if(isset($_SESSION['myusername'])){

    header("location:index.php?page=intro"");

}

?>

 

<html>

<body>

Login Successful

</body>

</html>

 

For some reason strange reason this allways redirects me to the login form called main_login.php

If i put another header in like test.php it redirects me to test.php

Since both are links how can it work for the one but not the other...

I am clueless, i think its a small little thing somewhere that is not correct but not 100% sure.

 

Any ideas?

 

thanks for the help allready,

 

Yannick

Link to comment
https://forums.phpfreaks.com/topic/240429-php-login-form-fault/
Share on other sites

For some reason strange reason this allways redirects me to the login form called main_login.php

I cant see how as the code you posted does not contain anything that will cause this. The only redirect checklogin.php has is to login_success.php

Indeed, i nowhere in the page have a link to main_login.php anymore.

But the strange thing is offcourse if i change the header index.php?page=intro

into test.php it does go to test.php.

 

That's what is the strangest thing off all why work with one header but not with

the other one...

 

 

Ohhh crap I had put:

<? 
session_start();
if(isset($_SESSION['myusername'])){
    header("location:main_login.php");
} 
?>

 

In the index.php  :wtf:

BUT, offcoure the index.php page has to check if the $_SESSION['myusername'] contains

the correct information.

 

When I just change that header also to index.php?page=intro I think the page just goes

into a loop I think, since it's constantly opening the same page.

 

How can I do this when the  $_SESSION['myusername'] is correct continue with the index.php?page=intro, when it's not go back to main_login.php.

 

thanks allready :-)

This line here

if(isset($_SESSION['myusername'])){

Is checking to see if the session variable $_SESSION['myusername'] is set. This variable is only set when a user successfully logs in. As it is set it'll redirect to main_login.php.

 

You only want to redirect to main_login.php when that variable is not set. To do this change the above line to

if(!isset($_SESSION['myusername'])){

The ! means NOT.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.