soycharliente Posted May 12, 2007 Share Posted May 12, 2007 I've always used Javascript to do a redirect, but I wanted to try this way and it isn't working. Any help? <?php if(isset($_POST["submit_login"])) { $u = $_POST["username"]; $p = $_POST["password"]; connect(); $query = "SELECT * FROM users WHERE username='$u' AND password=MD5('$p')"; $result = mysql_query($query) OR DIE ("ERROR: login - " . mysql_error()); close(); if($result) { while($r = mysql_fetch_array($result)){ $user = $r["username"]; $pass = $r["password"]; if($u == $user && $p == $pass) { $_SESSION["User"] = $u; $_SESSION["Role"] = $r["role"]; $loggedIn = TRUE; $loginError = FALSE; } } } else { $loginError = TRUE; } } if($loggedIn) { $loc = $_SESSION["User"]; header("Location: http://www.doman.tld/$loc"); exit; } ?> Quote Link to comment Share on other sites More sharing options...
Tandem Posted May 12, 2007 Share Posted May 12, 2007 What happens? Do you get any errors? Or just nothing? Quote Link to comment Share on other sites More sharing options...
clown[NOR] Posted May 12, 2007 Share Posted May 12, 2007 is this written before any outputs? the header() function wont work if you have allready had some outputs Quote Link to comment Share on other sites More sharing options...
chigley Posted May 12, 2007 Share Posted May 12, 2007 If the problem is already outputting before your header than use output buffers ~ ob_start(). Quote Link to comment Share on other sites More sharing options...
soycharliente Posted May 12, 2007 Author Share Posted May 12, 2007 That code is the very first thing in the file. Nothing happens. When I use an invalid username or password, it displays error text. So I know it's a valid login. link=topic=140345.msg597032#msg597032 date=1178988733] is this written before any outputs? the header() function wont work if you have allready had some outputs What do you mean "outputs"? Quote Link to comment Share on other sites More sharing options...
chigley Posted May 12, 2007 Share Posted May 12, 2007 What is connect()? Quote Link to comment Share on other sites More sharing options...
soycharliente Posted May 12, 2007 Author Share Posted May 12, 2007 <?php function connect() { //Connect To Database $hostname = "asdf"; $username = "asdf"; $password = "asdf"; $dbname = "asdf"; mysql_connect($hostname, $username, $password) OR DIE ("Unable to connect! Please try again."); mysql_select_db($dbname); } ?> Quote Link to comment Share on other sites More sharing options...
chigley Posted May 12, 2007 Share Posted May 12, 2007 <?php if($loggedIn) { echo "Logged in!"; $loc = $_SESSION["User"]; header("Location: http://www.doman.tld/$loc"); exit; } else { echo "Not logged in!"; } ?> Run that a second to check the if is working. Quote Link to comment Share on other sites More sharing options...
soycharliente Posted May 12, 2007 Author Share Posted May 12, 2007 Hmmm. Weird. It says "Not logged in!" no matter what happens. If I type an invalid un/pw, it shows the error msg AND the text. If I use a valid un/pw, no error msg and still says "Not logged in!". Quote Link to comment Share on other sites More sharing options...
chigley Posted May 12, 2007 Share Posted May 12, 2007 <?php if(isset($_POST["submit_login"])) { $u = $_POST["username"]; $p = $_POST["password"]; connect(); $query = "SELECT * FROM users WHERE username='$u' AND password=MD5('$p')"; $result = mysql_query($query) OR DIE ("ERROR: login - " . mysql_error()); close(); if($result) { while($r = mysql_fetch_array($result)){ $user = $r["username"]; $pass = $r["password"]; if($u == $user && $p == $pass) { $_SESSION["User"] = $u; $_SESSION["Role"] = $r["role"]; $loggedIn = true; $loginError = false; echo "Logged in (should be set to true)"; } } } else { $loginError = TRUE; } } if($loggedIn) { $loc = $_SESSION["User"]; header("Location: http://www.doman.tld/$loc"); exit; } ?> Try that. Quote Link to comment Share on other sites More sharing options...
soycharliente Posted May 12, 2007 Author Share Posted May 12, 2007 I figured it out. The problem was my second check inside the while loop. I called MD5 using SQL and it was using the POST password, which was not encrypted. Therefore, it was making it inside the while loop and not getting any errors, but failing the if statement and not setting $loggedIn to TRUE. When I was first learning PHP, a friend helped me write some basic login code and I've used that exact "template" ever since. Is this a best-practice way or is this overkill/bad? Quote Link to comment Share on other sites More sharing options...
redbullmarky Posted May 12, 2007 Share Posted May 12, 2007 reusing code is far from bad, as long as it does the job initially. over time your collection of scripts/functions/classes will grow and change as you find other uses/fixes, etc for them Quote Link to comment Share on other sites More sharing options...
soycharliente Posted May 12, 2007 Author Share Posted May 12, 2007 I guess I should have been more specific. I was more talking about the second comparison inside the while loop. Is that really needed? I just have never questioned it because it did what I wanted it to do. <?php $u = $_POST["username"]; $p = $_POST["password"]; connect(); $query = "SELECT * FROM users WHERE username='$u' AND password=MD5('$p')"; $result = mysql_query($query) OR DIE ("ERROR: login - " . mysql_error()); close(); if($result) { while($r = mysql_fetch_array($result)){ $user = $r["username"]; $pass = $r["password"]; if($u == $user && $p == $pass) { $_SESSION["User"] = $u; $_SESSION["Role"] = $r["role"]; $loggedIn = true; $loginError = false; echo "Logged in (should be set to true)"; } } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.