Tom10 Posted May 14, 2015 Share Posted May 14, 2015 I am trying to get my account to redirect to admin.php but it's not working it just goes to user.php. here is my code <?php @ini_set('display_errors', 1); @error_reporting(1); @ini_set('allow_url_include', Off); @set_time_limit(0); session_start(); require 'connect.php'; if($_SERVER['REQUEST_METHOD'] == "POST") { if(!isset($_POST['token'])) { die("Possible Attack!"); } $username = $_POST['username']; $password = $_POST['password']; $username = htmlspecialchars($username); $username = htmlentities($username); $username = strip_tags($username); if(preg_match("#[^\w]#", $username)) { die("Your username must be numbers or letters only!"); } $hash = hash('ripemd320', $password); if(empty($username) || empty($password)) { die("Please enter both your username and password!"); } $sql = "SELECT username, password, rank FROM users WHERE BINARY username = :username AND BINARY password = :password"; $stmt = $handler->prepare($sql); $stmt->bindParam(':username', $username, PDO::PARAM_STR, 12); $stmt->bindParam(':password', $hash, PDO::PARAM_STR, 12); $stmt->execute(); $row = $stmt->fetchAll(); if($stmt->rowCount()) { if($row['rank'] == 1) { $_SESSION['loggedIn'] = 1; $_SESSION['username'] = $username; $_SESSION['rank'] = $row['rank']; echo '<meta http-equiv="refresh" content="0;admin.php">'; } $_SESSION['loggedIn'] = 1; $_SESSION['username'] = $username; $_SESSION['rank'] = $row['rank']; echo '<meta http-equiv="refresh" content="0;user.php">'; } else { die("Username or Password is incorrect!"); } } ?> I appreciate any help at all Quote Link to comment https://forums.phpfreaks.com/topic/296322-problem-choosing-rank/ Share on other sites More sharing options...
ginerjm Posted May 14, 2015 Share Posted May 14, 2015 Not sure but there is one thing that should change. The following should change: .. .. $stmt->execute(); $row = $stmt->fetchAll(); if($stmt->rowCount()) { if($row['rank'] == 1) .. .. to this: $stmt->execute(); if($stmt->rowCount()) { $row = $stmt->fetch(); if($row['rank'] == 1) .. .. Note the use of rowcount to determine what to do next and also the use of 'fetch' instead of fetchall. Fetchall will produce an array of rows whereas you only want one row of data to work with here (and should have only one row). If all you want to do is to exit this script and go somewhere else, why the meta echo? Just call header("Location: $url") to go where you want. Quote Link to comment https://forums.phpfreaks.com/topic/296322-problem-choosing-rank/#findComment-1511900 Share on other sites More sharing options...
Solution Psycho Posted May 14, 2015 Solution Share Posted May 14, 2015 There are other problems as well, such as this $username = htmlspecialchars($username); $username = htmlentities($username); $username = strip_tags($username); What is it you are trying too accomplish with this? htmlentities and htmlspecialchars do almost identical things. You would only need to use one or the other - but there's no reason to use either in this situation anyways. Plus, once either of those functions are run, strip_tags() would be useless. What prompted you to put all three of those like that? Then there's this if(preg_match("#[^\w]#", $username)) { die("Your username must be numbers or letters only!"); } This is a login script. You should state nothing about whether the username/password meets any specific criteria. That is only done where the user creates those values. This provides information to a potential malicious user regarding values they can exclude in their attempts to infiltrate your application. The code is a mess. As to the problem you asked about, the problem is how you structure it: if($row['rank'] == 1) { $_SESSION['loggedIn'] = 1; $_SESSION['username'] = $username; $_SESSION['rank'] = $row['rank']; echo '<meta http-equiv="refresh" content="0;admin.php">'; } $_SESSION['loggedIn'] = 1; $_SESSION['username'] = $username; $_SESSION['rank'] = $row['rank']; echo '<meta http-equiv="refresh" content="0;user.php">'; If the user is an admin, it echos <meta http-equiv="refresh" content="0;admin.php"> But, then it will also echo <meta http-equiv="refresh" content="0;user.php"> because you didn't put that second block within an else condition. So, there are TWO meta refresh tags created on the page for an admin. Quote Link to comment https://forums.phpfreaks.com/topic/296322-problem-choosing-rank/#findComment-1511902 Share on other sites More sharing options...
Tom10 Posted May 14, 2015 Author Share Posted May 14, 2015 Not sure but there is one thing that should change. The following should change: .. .. $stmt->execute(); $row = $stmt->fetchAll(); if($stmt->rowCount()) { if($row['rank'] == 1) .. .. to this: $stmt->execute(); if($stmt->rowCount()) { $row = $stmt->fetch(); if($row['rank'] == 1) .. .. Note the use of rowcount to determine what to do next and also the use of 'fetch' instead of fetchall. Fetchall will produce an array of rows whereas you only want one row of data to work with here (and should have only one row). If all you want to do is to exit this script and go somewhere else, why the meta echo? Just call header("Location: $url") to go where you want. Hi i just changed the code and it still does the same thing, but the reason i used meta echo is incase a browser has headers disabled. Quote Link to comment https://forums.phpfreaks.com/topic/296322-problem-choosing-rank/#findComment-1511903 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.