Jump to content

[SOLVED] Grrrr... login page not redirecting after login


simcoweb

Recommended Posts

I've used this same snippet of code in other login forms without a problem (with some slight modifications from script to script) but this one seems to baffle me.

 

Basically it takes the login and validates the entries (validation works, error messages display if left blank), then checks the database for a match. If there's a match then it is supposed to forward the person onto the proper page using the 'header' function. Problem is it's not. Basically it's reverting back to the 'index.php' page (login page) and the display is completely blank. Here's the code for index.php:

 

<?php
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname, $con) or die(mysql_error());
// Get Record Set
$sql = ("SELECT * FROM eastside_admin  WHERE username = '$username' AND password = '$password'");
// mysql_query($sql) or die(mysql_error());
$results = mysql_query($sql, $con) or die(mysql_error());
$num_rows = mysql_num_rows($results) or die(mysql_error());

	if (mysql_num_rows($results) == "1")
{
$_SESSION['loggedin'] = $_POST['loggedin'];
header("Location: eastside_admin.php");
exit;
}
else
{
echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
}
?>

 

The code in the 'eastside_admin.php':

 

<?php
ob_start();
session_start();
if isset($_SESSION['loggedin'])
{
  include 'adminheader.php';
  include 'admin_menu.php';
  include 'adminfooter.php';
} else {
  echo "This is a restricted area requiring login. Please return to the login page";
  header("Location: index.php");
  exit;
}
?>

Link to comment
Share on other sites

Hi,

 

I think I see where the problem is: I don't see nowhere the $_POST['loggedin']. I see that you want to attach the session to him, but I don't see what will be in that $_POST['loggedin']. I see that you have $username and $password variables, but I don't see what $_POST['loggedin'] represents. By the way, that's why your script returns to index.php, because your session is undefied (not set), because you are trying to attach to session something what didn't exist.

 

 

All the best,

Adika

 

Link to comment
Share on other sites

As MadTechie was pointing out:

 

<?php
} else {
  //echo "This is a restricted area requiring login. Please return to the login page";  
  header("Location: index.php");
  exit;
}?>

 

Get rid of that echo line... you can't send output before headers.

Link to comment
Share on other sites

You mean the login page? Here's the full code:

 

<?php

session_start();

$loginError = ""; // declare this so it is always available

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);
// Validate users input
if(!empty($_POST))
{
// Check username has a value
if(empty($_POST['username'])) 
  $loginError['username'] = "Please enter a user name!";
// Check password has a value
if(empty($_POST['password'])) 
  $loginError['password'] = "Please enter a password!";
// Check if any errors were returned and run relevant code
if(empty($loginError))
{
$username = $_POST['username']; 
$password = $_POST['password'];
$_SESSION['loggedin'] = $_POST['loggedin'];

include 'dbconfig.php';

// Connect to database
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname, $con) or die(mysql_error());
// Get Record Set
$sql = ("SELECT * FROM eastside_admin  WHERE username = '$username' AND password = '$password'");
// mysql_query($sql) or die(mysql_error());
$results = mysql_query($sql, $con) or die(mysql_error());
$num_rows = mysql_num_rows($results) or die(mysql_error());

	if (mysql_num_rows($results) == "1")
{
$_SESSION['loggedin'] = $_POST['loggedin'];
header("Location: eastside_admin.php");
exit;
}
else
{
echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";
}

}
}
include 'adminheader.php';

?>
<div align="center">
<table style="BORDER-COLLAPSE: collapse" bordercolor="#666666" cellpadding="4" width="530" border="0">
<tbody>
	<tr>
	<td>  <h2 align="center">Login page</h2>
	<font color="red"><div align="center">
<? // Loop through all errors
if(!empty($loginError))
{
?>
<ul>
<?
foreach($loginError as $eg_message)
{
?>
<li id="validationError"><?= @$eg_message ?></li>
<?
}
?>
</ul>
<?
}
?>
</font></div> 
<form action="<? $_SERVER['PHP_SELF'] ?>" name="login" method="post" >
<input type="hidden" value="loggedin" name="loggedin">
	<table cellspacing="0" cols="2" cellpadding="0" align="center" border="0">
	<tbody>
	<tr><td>User name:  </td><td><input type='text' size='21' name="username" ></td>
	</tr>
	<tr>
	<td>Password:</td><td><input type="password" size="21" name="password"></td>
	</tr>
	<tr>
	<td></td>
	<td align="right"><br><input type="submit" value="Login"></td>
	</tr>
	</tbody>
	</table>
</form>
</td></tr>
</tbody>
</table>
</div>
<p>

<?
include 'adminfooter.php';
?>

Link to comment
Share on other sites

Hi!

 

The problem is in the eastside_admin.php, not in the login page. Thank you for posted here the whole code for the login page. It helped me to see the problem.

 

So, on the eastside_admin.php you cannot use "isset" for session. In the login page, you created the $_SESSION['loggedin'] which has a value: loggedin. So, use this code on the eastside_admin.php:

 

<?php
ob_start();
session_start();
[color=red]if ($_SESSION['loggedin']==="loggedin")[/color]
{
  include 'adminheader.php';
  include 'admin_menu.php';
  include 'adminfooter.php';
} else {
  echo "This is a restricted area requiring login. Please return to the login page";
  header("Location: index.php");
  exit;
}
?>

 

Is it working now?

 

 

All the best,

Adika

 

Link to comment
Share on other sites

Corrected.

<?php
ob_start();
session_start();
[color=red]if ($_SESSION['loggedin']==="loggedin")[/color]
{
  include 'adminheader.php';
  include 'admin_menu.php';
  include 'adminfooter.php';
} else {
  echo "This is a restricted area requiring login. Please return to the login page";
  header("Location: index.php");
  exit;
}
ob_end_flush();
?>

Link to comment
Share on other sites

 

<?php session_start();
[color=red]if ($_SESSION['loggedin']==="loggedin")[/color]
{
  include 'adminheader.php';
  include 'admin_menu.php';
  include 'adminfooter.php';
} elseif (!$_SESSION['loggedin']==="loggedin") {
  echo "This is a restricted area requiring login. Please return to the login page";
  header("Location: index.php");
  exit;
}
?>

watch it work where my tea lol

Link to comment
Share on other sites

isset does work for sessions I use it all the time.

try this

<?php
session_start();
if(isset($_SESSION['loggedin']))
{
  include 'adminheader.php';
  include 'admin_menu.php';
  include 'adminfooter.php';
} else {
  echo "This is a restricted area requiring login. Please return to the login page";
  //header("Location: index.php");
          echo "<META HTTP-EQUIV=\"Refresh\" content=\"2;url=index.php\">";
  //exit;
}
?>

Link to comment
Share on other sites

Ok, i've made both of those last changes. STILL it just goes to the index.php and is totally blank. There has to be something in the code in the login page perhaps that is causing it to loop? During the log in process I don't see any incidence of where it goes to the eastside_admin.php page then returns to the index.php page. It just 'stays' on the index.php page (login page) and goes blank.

Link to comment
Share on other sites

I believe i've found the problem. I went into the database and removed the md5 encrypted password and replaced it with the unencrypted password and when logging in I received a syntax error for a function I needed to edit. This is a milestone in itself since all I was getting before was a blank page! So, I fixed the function and tried again. Voila! logged right in with no problems and the page displayed perfectly.

 

So, the problem is with how i've created the username/password and inserted it into the mysql database. Basically I wrote a quickie little script to add the administrator's username/password. Here it is:

 

<?php
// create admin identity
include 'adminheader.php';
// this is a one time effort
$username = "bozotheclown";
$password = "bozosbigtop";
$enc_password = md5($password);
// run query to insert
include 'dbconfig.php';

// Connect to database
$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname, $con) or die(mysql_error());

$sql = "INSERT INTO eastside_admin (username, password) VALUES ('$username', '$enc_password')";
$results = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_affected_rows($con);
if ($num_rows == 1) {
  echo "Administrator successfully added";
} else {
  echo "Could not insert administrator for some reason.";
}
include 'adminfooter.php';
?>

 

I'm not sure at all if i've handled the encryption part properly ( I had another thread on that and this is what we settled on ) or if I have the field attributes set properly.

 

VARCHAR and size 32

Link to comment
Share on other sites

Find this area in your login script:

 

<?php
if(empty($loginError))
{
$username = $_POST['username']; 
$password = md5($_POST['password']);		//	<----  Changed this line.
$_SESSION['loggedin'] = $_POST['loggedin'];

include 'dbconfig.php';

?>

Link to comment
Share on other sites

Ta Daaa!! :)  Ok, that was the missing link. I had md5'd the password but wasn't referring to it in the login script. I just deleted and reinserted the admin profile using the md5 hash for the password, modified that line you pointed out in the login script, and was able to log in successfully without incident.

 

Thanks to everyone! :)

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.