Going to a page that I have not told it too?

[mike12255]

I got the following code:

<?php
   function procLogin(){
      global $session, $form;
      /* Login attempt */
      
      $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
      
      /* Login successful */
      if($retval){
         header("Location: index.php ");
      }
      /* Login failed */
      else{
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: login.php");
      }
   }
   ?>

 

Right now I am testing/working on the login failed portion of it. I have manually debugged the entire login process and the login failure works right up to where the header should be directed to login.php but instead of going to login.php its going to index.php. I have double and triple checked that the file is in the right place and has been saved. so I dont know what could be going wrong inbetween the two lines:

 

    $_SESSION['error_array'] = $form->getErrorArray();

        header("Location: login.php");

     

any ideas?

 

[PFMaBiSmAd]

All of your header redirect statements need an exit; statement after them to prevent the remainder of the code on the page from running while the browser requests the new page.

 

Also, you could be redirecting to login.php, but the code on the login.php page could be redirecting to the index page. What is the code on login.php?

[mike12255]

the only possible code on login.php that could send them to the index page is a check to see if a session has been created but the login information has to pass all the checkes before that happens. Also, thanks for letting me know about that I have never used that but will in the future to improve my code. Im going to double check the login process right now to make sure that no sessions are being created

 

yeah I threw a die statment in right before the sessions are made and it did not run so there are no sessions being created.

[PFMaBiSmAd]

Are you sure of the value in $retval so that you know the if(){}else{} logic is doing what you expect? What exact value does $session->login() return, because if($retval) is a loose comparison and may not be doing what you think.

 

[mike12255]

I have double checked the retreval variable and it is working fine. Aswell the $session->login() returns either a 1 or nothing. That leads to the function to see if there are any errors and if the username and password are correct. If there are no errors it then sets the sessions. I have tested that part of the code and it is working proper aswell, so then I tried running the code I run on login.php:

 

if(!$session->logged_in){ // this is the line i use in login.php

      die ("no active session");

      }else{

      die ("active session");

      }

 

and just like I need it to the message no active session came up. There is no reason I can see that it should not be going to login.php im going to try something else when I get home but thanks alot for helping me if I manage to get it working after im done work ill update the thread.