bogaert-y Posted June 26, 2011 Share Posted June 26, 2011 Hello everyone, I have changed a login script to make it a bit more up to date. ( SQL injection, SHA1 encoding, $_SESSION ) Since i am new to all this there will be some stupid things in the code, so don't shoot me yet on the details, but do tell them since I want to learn offcourse. After a simple login form you get directed to checklogin.php <?php session_start(); $host = "localhost"; $username = "admin"; $password = "admin"; $db_name = "request"; $tbl_name = "member"; mysql_connect($host, $username, $password)or die("cannot connect"); mysql_select_db($db_name)or die("cannot select DB"); $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $encrypted_mypassword = sha1($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'"; $result=mysql_query($sql); if(mysql_num_rows($result) == 1){ $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $encrypted_mypassword; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> So far so good, when the wrong username is used it gives the correct echo, and with the good one it directs you to login_succes.php Now login_succes.php: <? session_start(); if(isset($_SESSION['myusername'])){ header("location:index.php?page=intro""); } ?> <html> <body> Login Successful </body> </html> For some reason strange reason this allways redirects me to the login form called main_login.php If i put another header in like test.php it redirects me to test.php Since both are links how can it work for the one but not the other... I am clueless, i think its a small little thing somewhere that is not correct but not 100% sure. Any ideas? thanks for the help allready, Yannick Quote Link to comment https://forums.phpfreaks.com/topic/240429-php-login-form-fault/ Share on other sites More sharing options...
wildteen88 Posted June 26, 2011 Share Posted June 26, 2011 For some reason strange reason this allways redirects me to the login form called main_login.php I cant see how as the code you posted does not contain anything that will cause this. The only redirect checklogin.php has is to login_success.php Quote Link to comment https://forums.phpfreaks.com/topic/240429-php-login-form-fault/#findComment-1234934 Share on other sites More sharing options...
bogaert-y Posted June 26, 2011 Author Share Posted June 26, 2011 Indeed, i nowhere in the page have a link to main_login.php anymore. But the strange thing is offcourse if i change the header index.php?page=intro into test.php it does go to test.php. That's what is the strangest thing off all why work with one header but not with the other one... Quote Link to comment https://forums.phpfreaks.com/topic/240429-php-login-form-fault/#findComment-1234936 Share on other sites More sharing options...
wildteen88 Posted June 26, 2011 Share Posted June 26, 2011 what is in index.php? maybe there is something within index.php that is causing the redirect to main_login.php Quote Link to comment https://forums.phpfreaks.com/topic/240429-php-login-form-fault/#findComment-1234937 Share on other sites More sharing options...
bogaert-y Posted June 26, 2011 Author Share Posted June 26, 2011 Ohhh crap I had put: <? session_start(); if(isset($_SESSION['myusername'])){ header("location:main_login.php"); } ?> In the index.php BUT, offcoure the index.php page has to check if the $_SESSION['myusername'] contains the correct information. When I just change that header also to index.php?page=intro I think the page just goes into a loop I think, since it's constantly opening the same page. How can I do this when the $_SESSION['myusername'] is correct continue with the index.php?page=intro, when it's not go back to main_login.php. thanks allready :-) Quote Link to comment https://forums.phpfreaks.com/topic/240429-php-login-form-fault/#findComment-1234938 Share on other sites More sharing options...
wildteen88 Posted June 26, 2011 Share Posted June 26, 2011 This line here if(isset($_SESSION['myusername'])){ Is checking to see if the session variable $_SESSION['myusername'] is set. This variable is only set when a user successfully logs in. As it is set it'll redirect to main_login.php. You only want to redirect to main_login.php when that variable is not set. To do this change the above line to if(!isset($_SESSION['myusername'])){ The ! means NOT. Quote Link to comment https://forums.phpfreaks.com/topic/240429-php-login-form-fault/#findComment-1234939 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.