Redirection

[Ken2k7]

What's wrong with the redirection code here:

 

<link rel="stylesheet" type="text/css" href="css.css" />
<?php
session_start();

define("OPEN", 1);
require "config.php";
require "classes.php";

if ($_POST['submit'])
{
$name = $_POST['name'];
$pass = $_POST['pass'];
$error = "The username and password are incorrect.<br />If you are not registered, please <a href='register.php'>register</a>; otherwise, try again.";
$query = mysql_query("SELECT * FROM member WHERE name='$name'") or die(mysql_error());
if (mysql_num_rows($query) == 0) echo $error . "1";
else
{
	while ($row = mysql_fetch_assoc($query))
	{
		if (strtolower($row['name']) == strtolower($name))
			if ($row['password'] == sha1($pass))
			{
				$_SESSION['name'] = $row['name'];
				$loc = $_SESSION['name'];
				header("Location: $loc");
			}
			else echo $error . "2";
		else echo $error;
	}
}
}

if (isset($_SESSION['name'])) header("Location: {$_SESSION['name']}");
else
echo "<title>Coder's Alliance</title>
	<h1>Coder's Alliance Login</h1>
	<form action='$PHP_SELF' method='post'>
	Username: <input type='text' name='name' size='40' length='40'><br />
	Password: <input type='password' name='pass' size='40' length='40'><br />
	<input type='submit' name='submit' value='Submit'>
	<input type='reset' name='reset' value='Clear It'>
	</form>";
?>

[php_tom]

You always need to exit(); right after you send a Location header... try adding in a call to exit(); after each header("Location: ...."); statement, post back if that doesn't work.

[Ken2k7]

Nope; it doesn't work. I noticed another thing about that code. It doesn't hold the session variable I stored either. So maybe that's also a problem?

[php_tom]

Not really sure what the problem is... try this:

if ($_SESSION['name']!="" && $_SESSION['name']!=NULL) header("Location: {$_SESSION['name']}");

instead of

if (isset($_SESSION['name'])) header("Location: {$_SESSION['name']}");

Maybe that helps?

[Ken2k7]

That's where the code stops and doesn't work. It doesn't record the session so the statement you wrote won't activate and it doesn't redirect either.

<?php
if (strtolower($row['name']) == strtolower($name))
if ($row['password'] == sha1($pass))
{
	$_SESSION['name'] = $row['name'];
	$loc = $_SESSION['name'];
	header("Location: $loc");
}

[Ken2k7]

*bump*

[Ken2k7]

Anyone?

[448191]

Try this and report any errors:

 

<?php
error_reporting(E_ALL);
session_start();

function doLogin(){	
$resultset = mysql_query(
	'SELECT name, password FROM member WHERE name = "'.mysql_real_escape_string($_POST['name']).'"') 
or die(mysql_error());

if(($row = mysql_fetch_assoc($resultset)) !== false){
	if(strtolower($row['name']) == strtolower($_POST['name']) && $row['password'] == sha1($_POST['pass'])) 
	{
		$_SESSION['name'] = $row['name'];
		return true;
	}
}
return false;
}
function printForm(){
echo "<h1>Coder's Alliance Login</h1>
<form action='{$_SERVER['PHP_SELF']}' method='post'>
Username: <input type='text' name='name' size='40' length='40'><br />
Password: <input type='password' name='pass' size='40' length='40'><br />
<input type='submit' name='submit' value='Submit'>
<input type='reset' name='reset' value='Clear It'>
</form>";	
}
if(isset($_POST['submit'])) {
if(!doLogin()){
	printForm();
	echo "Login incorrect.<br />If you are not registered, 
	please <a href='register.php'>register</a>; 
	otherwise, try again.";
}
	else {
	header("Location: {$_SESSION['name']}");		
}
}
elseif(isset($_SESSION['name'])) {
	header("Location: {$_SESSION['name']}");
}
else {
printForm();
}
?>

[nathanmaxsonadil]

change

header("Location: $loc");

to

header("Location: "$loc);

[448191]

Yes, that's very good advice if your goal is to create parse errors...

[nathanmaxsonadil]

Yes, that's very good advice if your goal is to create parse errors...

???

[php_tom]

He means that you need

change
header("Location: $loc");
to
header("Location: ".$loc);

 

notice the . (period) in the second header line... for concatenation. You left that out, probably by mistake.

 

But really the two lines get interpreted the same by the PHP engine.