Page redirect on login

[lukep11a]

Hi, I wonder if anyone can help me, I have the following login code, and I want to apply to it a page redirect on login, there is an extra column in my login table called 'first_login', it will hold either a 0 or a 1, and I want users to be redirected to 'myaccount.php' if it equals 1 and 'teamselections.php' if it equals 0. I know that it uses the header function but not really sure how to apply it to this code. Does anybody know how I would do this? Any help would be much appreciated.

 

<?php
function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file

    if (!valid_email($u) || !valid_password($p) || !user_exists($u))
    {
        return false; // the name was not valid, or the password, or the email did not exist
    }

    //Now let us look for the user in the database.
    $query = sprintf("
	SELECT userid 
	FROM login 
	WHERE 
	email = '%s' AND password = '%s' 
	AND disabled = 0 AND activated = 1 
	LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
    $result = mysql_query($query);
    // If the database returns a 0 as result we know the login information is incorrect.
    // If the database returns a 1 as result we know  the login was correct and we proceed.
    // If the database returns a result > 1 there are multple users
    // with the same email and password, so the login will fail.
    if (mysql_num_rows($result) != 1)
    {
        return false;
    } else
    {
        // Login was successfull
        $row = mysql_fetch_array($result);
        // Save the user ID for use later
        $_SESSION['userid'] = $row['userid'];
        // Save the email for use later
        $_SESSION['email'] = $u;
        // Now we show the userbox
        return true;
    }
    return false;
}
?>

[Psycho]

Well, sort of hard to say exactly how you would implement this since the function is being called by another process. That process is expecting a True/False to be returned. So, if that other process is doing anything that has to be completed, then you would want to code the reaction in that code.

 

However, if you can safely "exit" the currently running process if logic succeeds, then you can put the logic in the last else condition of this script. Just add 'first_login' to the SELECT fields in your query

    $query = sprintf("
	SELECT userid, first_login
	FROM login 
	WHERE 
	email = '%s' AND password = '%s' 
	AND disabled = 0 AND activated = 1 
	LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));

 

Than add the following to the last else condition

 else
    {
        // Login was successfull
        $row = mysql_fetch_array($result);
        // Save the user ID for use later
        $_SESSION['userid'] = $row['userid'];
        // Save the email for use later
        $_SESSION['email'] = $u;

        //Redirect user
        $redirectPage = ($row['first_login']=='1') ? 'myaccount.php' : 'teamselections.php';
        header("Location: http://www.mydomain.com/{$redirectPage}");
        exit();
    }

[lukep11a]

Thanks for your reply, that doesn't seem to be working though, these are the functions that it is also linking to, do you think it could be something to do with them?

 

function user_exists($email)
{
    if (!valid_email($email))
    {
        return false;
    }

    $query = sprintf("SELECT userid FROM login WHERE email = '%s' LIMIT 1",
        mysql_real_escape_string($email));

    $result = mysql_query($query);

    if (mysql_num_rows($result) > 0)
    {
        return true;
    } else
    {
        return false;
    }

    return false;

}

 

function valid_password($pass, $minlength = 6, $maxlength = 15)
{
    $pass = trim($pass);

    if (empty($pass))
    {
        return false;
    }

    if (strlen($pass) < $minlength)
    {
        return false;
    }

    if (strlen($pass) > $maxlength)
    {
        return false;
    }

    $result = ereg("^[A-Za-z0-9_\-]+$", $pass);

    if ($result)
    {
        return true;
    } else
    {
        return false;
    }

    return false;

}

 

function valid_email($email)
{

    // First, we check that there's one @ symbol, and that the lengths are right
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
    {
        // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    for ($i = 0; $i < sizeof($local_array); $i++)
    {
        if (!ereg("^(([A-Za-z0-9!#$%&#038;'*+/=?^_`{|}~-][A-Za-z0-9!#$%&#038;'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
            $local_array[$i]))
        {
            return false;
        }
    }
    if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
    { // Check if domain is IP. If not, it should be valid domain name
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2)
        {
            return false; // Not enough parts to domain
        }
        for ($i = 0; $i < sizeof($domain_array); $i++)
        {
            if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
            {
                return false;
            }
        }
    }
    return true;
}

[AyKay47]

do you receive any parse errors?

In your functions, you are using ereg() which is deprecated and should no longer be used, user preg_match instead.

Also, i would debug your query(s) using mysql_error()

[Psycho]

Thanks for your reply, that doesn't seem to be working though, these are the functions that it is also linking to, do you think it could be something to do with them?

 

I was not referring the the functions called within "checkLogin()", I was referring to whatever scripts call "checkLogin()". The function currently returns a true or false, so I would assume that those scripts are expecting a true/false response. But, it should still redirect the user and exit() the script - but depending on what those other scripts do that may not be what you need/want. But, I would expect you would receive an error if it is not redirecting.

[lukep11a]

No I am not receiving any errors, and it doesn't seem to be redirecting, it just fails to reload index.php fully. This is the function that calls checkLogin():

 

<?php
if (!isLoggedIn())
{
    // user is not logged in.
    if (isset($_POST['cmdlogin']))
    {
        // retrieve the email and password sent from login form & check the login.
        if (checkLogin($_POST['email'], $_POST['password']))
        {
            show_userbox();
        } else
        {
            echo "Incorrect Login information !";
            show_loginform();
        }
    } else
    {
        // User is not logged in and has not pressed the login button
        // so we show him the loginform
        show_loginform();
    }

} else
{
    // The user is already loggedin, so we show the userbox.
    show_userbox();
}
?>

 

And also the isLoggedIn function:

 

function isLoggedIn()
{

    if (session_is_registered('userid') && session_is_registered('email'))
    {
        return true; // the user is loged in
    } else
    {
        return false; // not logged in
    }

    return false;

}

 

Do you think either of these two need amending aswell?