APD1993 Posted March 14, 2012 Share Posted March 14, 2012 I am currently creating a multi-user login system, and I have created the database in MySQL, but the problem is that my PHP script is not working as expected. I would like it so that if the user enters in a correct username + password combination, then they are redirected to a webpage called "congrats.php" for example. However, with my current PHP code, if I include a redirection instruction based on the correct input, then when I run the script, then the user is instantly taken to the congrats.php page without filling in any login details. I'm quite sure that the database has been connected to, as due to the layout of my script at the moment, the text that reads "You did it!" appears 4 times, the same number of rows in my MySQL database. My PHP coding for this is: <html><head><title>Multi-User Log In Form</title></head> <body> <?php $self = $_SERVER['PHP_SELF']; $username = $_POST['username']; $password = $_POST['password']; ?> <form action = "<?php echo $self; ?>" method = "post"> Username <input type = "text" name = "username" size = "8"> Password <input type = "password" name = "password" size = "8"> <input type = "submit" value="Submit"> </form> <?php $conn = @mysql_connect("localhost", "root", "") or die ("Err: Conn"); $rs = @mysql_select_db("test3", $conn) or die ("Err: Db"); $sql = "select * from users"; $rs = mysql_query($sql, $conn); while ($row = mysql_fetch_array($rs)) { $name = $row["uname"]; $pass = $row["pword"]; if ($username = $name && $password = $pass) { //CODE FOR REDIRECTION SHOULD GO HERE //header("location:congrats.php"); echo "You did it!"; } else { echo "Invalid username and password combination"; } } ?></body> </html> Any help in trying to get it so that my PHP script will redirect only if a correct username + password combination is entered would be greatly appreciated Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 14, 2012 Share Posted March 14, 2012 ok, this is mostly wrong: $conn = @mysql_connect("localhost", "root", "") or die ("Err: Conn"); $rs = @mysql_select_db("test3", $conn) or die ("Err: Db"); $sql = "select * from users"; $rs = mysql_query($sql, $conn); while ($row = mysql_fetch_array($rs)) { $name = $row["uname"]; $pass = $row["pword"]; if ($username = $name && $password = $pass) change it to this: $conn = mysql_connect("localhost", "root", "") or die ("Err: Conn"); $rs = mysql_select_db("test3", $conn) or die ("Err: Db"); $name = mysql_real_escape_string(trim($name)); $pass = mysql_real_escape_string(trim($pass)); $sql = "select id from users where name='$name' and pass='$pass'"; $rs = mysql_query($sql, $conn); if (mysql_num_rows($rs) >= 1){ //do your success stuff here such as header('Location: congrats.php') } else { //do failure stuff here } [/code] Quote Link to comment Share on other sites More sharing options...
APD1993 Posted March 14, 2012 Author Share Posted March 14, 2012 ok, this is mostly wrong: $conn = @mysql_connect("localhost", "root", "") or die ("Err: Conn"); $rs = @mysql_select_db("test3", $conn) or die ("Err: Db"); $sql = "select * from users"; $rs = mysql_query($sql, $conn); while ($row = mysql_fetch_array($rs)) { $name = $row["uname"]; $pass = $row["pword"]; if ($username = $name && $password = $pass) change it to this: $conn = mysql_connect("localhost", "root", "") or die ("Err: Conn"); $rs = mysql_select_db("test3", $conn) or die ("Err: Db"); $name = mysql_real_escape_string(trim($name)); $pass = mysql_real_escape_string(trim($pass)); $sql = "select id from users where name='$name' and pass='$pass'"; $rs = mysql_query($sql, $conn); if (mysql_num_rows($rs) >= 1){ //do your success stuff here such as header('Location: congrats.php') } else { //do failure stuff here } [/code] I seem to be getting closer, but it still will not redirect on successful input :/ My code now reads as follows: <html><head><title>Multi-User Log In Form</title></head> <body> <?php $self = $_SERVER['PHP_SELF']; $username = $_POST['username']; $password = $_POST['password']; ?> <form action = "<?php echo $self; ?>" method = "post"> Username <input type = "text" name = "username" size = "8"> Password <input type = "password" name = "password" size = "8"> <input type = "submit" value="Submit"> </form> <?php $conn = mysql_connect("localhost", "root", "") or die ("Err: Conn"); $rs = mysql_select_db("test3", $conn) or die ("Err: Db"); $name = mysql_real_escape_string(trim($name)); $pass = mysql_real_escape_string(trim($pass)); $sql = "select * from users where name='$name' and pass='$pass'"; $rs = mysql_query($sql, $conn); if (mysql_num_rows($rs) >=1) { header('Location:congrats.php'); } else { echo "Invalid username and password combination"; } ?></body> </html> I am also getting a couple of messages appearing such as: Notice: Undefined variable: name in C:\xampp\htdocs\loginform2.php on line 16 Notice: Undefined variable: pass in C:\xampp\htdocs\loginform2.php on line 17 Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\loginform2.php on line 20 :/ Thanks for the help so far, though Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 14, 2012 Share Posted March 14, 2012 reply couple more changes needed: $self = $_SERVER['PHP_SELF']; $username = $_POST['username']; $password = $_POST['password']; ?> <form action = "<?php echo $self; ?>" method = "post"> to become $self = ''; $name = $_POST['username']; $pass = $_POST['password']; ?> <form action = "<?php echo $self; ?>" method = "post"> Quote Link to comment Share on other sites More sharing options...
scootstah Posted March 14, 2012 Share Posted March 14, 2012 <form action = "<?php echo $self; ?>" method = "post"> You might as well just take the PHP out and make it <form action = "" method = "post"> Quote Link to comment Share on other sites More sharing options...
APD1993 Posted March 14, 2012 Author Share Posted March 14, 2012 reply couple more changes needed: $self = $_SERVER['PHP_SELF']; $username = $_POST['username']; $password = $_POST['password']; ?> <form action = "<?php echo $self; ?>" method = "post"> to become $self = ''; $name = $_POST['username']; $pass = $_POST['password']; ?> <form action = "<?php echo $self; ?>" method = "post"> Thank you for the follow up reply, but alas, it is not redirecting me on correct username + password input:( I think my code is now as the way that you suggested: <html><head><title>Multi-User Log In Form</title></head> <body> <?php $self = ''; $name = $_POST['username']; $pass = $_POST['password']; ?> <form action = "<?php echo $self; ?>" method = "post"> Username <input type = "text" name = "username" size = "8"> Password <input type = "password" name = "password" size = "8"> <input type = "submit" value="Submit"> </form> <?php $conn = mysql_connect("localhost", "root", "") or die ("Err: Conn"); $rs = mysql_select_db("test3", $conn) or die ("Err: Db"); $name = mysql_real_escape_string(trim($name)); $pass = mysql_real_escape_string(trim($pass)); $sql = "select * from users where name='$name' and pass='$pass'"; $rs = mysql_query($sql, $conn); if (mysql_num_rows($rs) >=1) { header('Location:congrats.php'); } else { echo "Invalid username and password combination"; } ?></body> </html> Again, thanks for the help that you've provided me with Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 14, 2012 Share Posted March 14, 2012 You can't send any output to the browser before sending a header(). You should also be developing with error reporting set up to display any and all errors/warnings/notices. You would have gotten a "headers already sent" warning. Quote Link to comment Share on other sites More sharing options...
APD1993 Posted March 14, 2012 Author Share Posted March 14, 2012 You can't send any output to the browser before sending a header(). You should also be developing with error reporting set up to display any and all errors/warnings/notices. You would have gotten a "headers already sent" warning. Is there a way to fix this issue? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 14, 2012 Share Posted March 14, 2012 Yeah, rearrange the logic to determine if headers need to be sent before sending anything else, and if so, send them and exit(). If not continue with the script execution. Quote Link to comment Share on other sites More sharing options...
APD1993 Posted March 14, 2012 Author Share Posted March 14, 2012 Yeah, rearrange the logic to determine if headers need to be sent before sending anything else, and if so, send them and exit(). If not continue with the script execution. In the context of my script, where would the logic be placed? Quote Link to comment Share on other sites More sharing options...
APD1993 Posted March 14, 2012 Author Share Posted March 14, 2012 I think I'm getting closer now, the script is now in two different scripts and the redirecting seems to work. However, the problem now is that anything entered into the boxes will cause for the user to be redirected, rather than when the correct username + password combination is entered. My loginform3.html coding is: <html><head><title>Login form</title></head> <body> <form action = "loginscr.php" method = "post"> Username <input type = "text" name = "username" size = "8"> Password <input type = "password" name = "password" size = "8"> <input type = "submit" value="Login"> </form> </body> </html> And my loginscr.php coding is this: <?php $name = $_POST['username']; $pass = $_POST['password']; $squname = "root"; $sqpword = ""; $conn = @mysql_connect("localhost", $squname, $sqpword) or die ("Err: Conn"); $rs = mysql_select_db("test3", $conn) or die ("Err: Db"); $name = @mysql_real_escape_string(trim($name)); $pass = @mysql_real_escape_string(trim($pass)); $sql = "select * from users"; $rs = mysql_query($sql, $conn); // If you have more than one result, that's also a problem while ($row = mysql_fetch_array($rs)) { if (mysql_num_rows($rs)>=1) { // You might want to set some session variables here, too. header('Location:congrats.php'); } else { echo "Invalid username and password combination"; } } ?></body> </html> If anyone could help me with this issue, I would be very thankful Quote Link to comment Share on other sites More sharing options...
Thisnamewilldo Posted March 14, 2012 Share Posted March 14, 2012 <?php $name = $_POST['username']; $pass = $_POST['password']; $squname = "root"; $sqpword = ""; $conn = @mysql_connect("localhost", $squname, $sqpword) or die ("Err: Conn"); $rs = mysql_select_db("test3", $conn) or die ("Err: Db"); $name = @mysql_real_escape_string(trim($name)); $pass = @mysql_real_escape_string(trim($pass)); $sql = "select * from users where name = '$name' and pass = '$pass'"; // Surely you only want the user with that username and password they entered? $rs = mysql_query($sql, $conn); // If you have more than one result, that's also a problem while ($row = mysql_fetch_array($rs)) { if (mysql_num_rows($rs)>=1) { // You might want to set some session variables here, too. header('Location:congrats.php'); } else { echo "Invalid username and password combination"; } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.