Php login form fault

[bogaert-y]

Hello everyone,

 

I have changed a login script to make it a bit more up to date. ( SQL injection, SHA1 encoding, $_SESSION )

Since i am new to all this there will be some stupid things in the code, so don't shoot me yet on the details,

but do tell them since I want to learn offcourse. 

 

After a simple login form you get directed to checklogin.php

<?php

session_start();

$host = "localhost";

$username = "admin";

$password = "admin";

$db_name = "request";

$tbl_name = "member";

 

mysql_connect($host, $username, $password)or die("cannot connect");

mysql_select_db($db_name)or die("cannot select DB");

 

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

 

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

 

$encrypted_mypassword = sha1($mypassword);

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";

$result=mysql_query($sql);

 

if(mysql_num_rows($result) == 1){

$_SESSION['myusername'] = $myusername;

$_SESSION['mypassword'] = $encrypted_mypassword;

 

header("location:login_success.php");

}

else {

echo "Wrong Username or Password";

}

 

?>

 

So far so good, when the wrong username is used it gives the correct echo, and with the good one

it directs you to login_succes.php

 

Now login_succes.php:

 

<?

session_start();

if(isset($_SESSION['myusername'])){

    header("location:index.php?page=intro"");

}

?>

 

<html>

<body>

Login Successful

</body>

</html>

 

For some reason strange reason this allways redirects me to the login form called main_login.php

If i put another header in like test.php it redirects me to test.php

Since both are links how can it work for the one but not the other...

I am clueless, i think its a small little thing somewhere that is not correct but not 100% sure.

 

Any ideas?

 

thanks for the help allready,

 

Yannick

[wildteen88]

For some reason strange reason this allways redirects me to the login form called main_login.php

I cant see how as the code you posted does not contain anything that will cause this. The only redirect checklogin.php has is to login_success.php

[bogaert-y]

Indeed, i nowhere in the page have a link to main_login.php anymore.

But the strange thing is offcourse if i change the header index.php?page=intro

into test.php it does go to test.php.

 

That's what is the strangest thing off all why work with one header but not with

the other one...

 

 

[wildteen88]

what is in index.php? maybe there is something within index.php that is causing the redirect to main_login.php

[bogaert-y]

Ohhh crap I had put:

<? 
session_start();
if(isset($_SESSION['myusername'])){
    header("location:main_login.php");
} 
?>

 

In the index.php 

BUT, offcoure the index.php page has to check if the $_SESSION['myusername'] contains

the correct information.

 

When I just change that header also to index.php?page=intro I think the page just goes

into a loop I think, since it's constantly opening the same page.

 

How can I do this when the  $_SESSION['myusername'] is correct continue with the index.php?page=intro, when it's not go back to main_login.php.

 

thanks allready :-)

[wildteen88]

This line here

if(isset($_SESSION['myusername'])){

Is checking to see if the session variable $_SESSION['myusername'] is set. This variable is only set when a user successfully logs in. As it is set it'll redirect to main_login.php.

 

You only want to redirect to main_login.php when that variable is not set. To do this change the above line to

if(!isset($_SESSION['myusername'])){

The ! means NOT.