Jump to content

PHP script - Login and redirecting

florida_guy99

By florida_guy99
in PHP Coding Help

 Share

Recommended Posts

mtheve Newbie

mtheve

Posted
Posted

 

 

This is line 8: 

$query = mysql_query("SELECT id,unique_code FORM tablename WHERE username='$username' && password='$password'") or die(mysql_error()); // check to see if username and password match database

 

 

I believe your code should read FROM tablename WHERE and not FORM. 

florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

mtheve was right, but there were some other errors elsewhere, so after getting literally tens of these error messages, I played with it enough that I got everything to ALMOST work perfectly.

 

But, now I am getting an error, that looks so easy to fix but I cant figure out where the error is.

 

So the login page is working, but instead of sending me to /users/username/index.php, it is sending me to /users//index.php (404 error), so somewhere it is missing the function that sends me to the right folder and then to the index.php in that folder.

 

You guys have been extremely helpful and I've learned a lot (well - not a lot, but I didnt know anything about PHP so I learned some)... so I ask again, HELP !!!  ;D

mattal999 Regular Member

mattal999

Posted
Posted

in login.php:

 

		$_SESSION['username'] = $username; // set the username to the session
	$_SESSION['password'] = $password; // set the password to the sesison
	$_SESSION['code'] = $code; // set the unique code to the session
	$location = "users/{$username}/index.php"; // create the location for the user

 

try changing to:

 

		$_SESSION['id'] = $id; // set the id to the session
	$_SESSION['username'] = $username; // set the username to the session
	$_SESSION['password'] = $password; // set the password to the sesison
	$_SESSION['code'] = $code; // set the unique code to the session
	$location = "users/" . $_SESSION['username'] . "/index.php"; // create the location for the user

florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

well i got it, now it sends me to the right place and says:

 

"You are not allowed to view this page!"

 

here is my code from index.php

 

<?php
error_reporting(E_ALL); // show any errors, if any
require_once("/homepages/35/d88707459/htdocs/pibland/page_header.php");
session_start(); // start the session
$page_username = "username"; // set the username for the file eg john for users/john/index.php
$id = $_SESSION['id']; // set the session id to a variable
$username = $_SESSION['username']; // set the session username to a variable
$password = $_SESSION['password']; // set the session password to a variable
$code = $_SESSION['code']; // set the session code to a variable
$query = mysql_query("SELECT username FROM login_pib WHERE id='$id' && username='$username' && password='$password' && unique_code='$code'") or die(mysql_error());
$row = mysql_fetch_assoc($query) or die(mysql_error());
$user = $row['username'];
if($user != $page_username)
{
die("You are not allowed to view this page!");
}
?>

 

my question is, am I supposed to change any of this code and add the username, password, ID and unique code ? cuz somewhre it is not recognizing me as right person allowed to see that page.

florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

Thanks chocopi.

 

I've been messing with this for days now, I almost know the codes all by heart...and I am so close to giving up, because I cant seem to be able to make it work.

Now, it sends me to the right page, but it just shows a blank index.php... is there any special coding for when you mix php codes and html on the same page ?

 

Here is the current code.

 

 

login.php

<?php
error_reporting(E_ALL);
require_once("page_header.php");
if($_POST) 
{
$username = mysql_real_escape_string($_POST['username']); // get the posted username and set to variable
$password = mysql_real_escape_string($_POST['password']); // get the posted password and set to variable
$query = mysql_query("SELECT id,unique_code FROM login_pib WHERE username='$username' && password='$password'") or die(mysql_error()); // check to see if username and password match database
$num_rows = mysql_num_rows($query) or die(mysql_error()); // count the number of rows to check if no rows have been returned
if($num_rows != 0) // if the database finds nothing don't login
{
	$row = mysql_fetch_assoc($query) or die(mysql_error()); // get data from database
	$id = $row['id']; // set the user id from the database to a variable
	$code = $row['unique_code']; // set the code from the database to a variable
	session_start(); // start the sesssion so we can check later to see if they are logged in as the right user
	$_SESSION['id'] = $id; // set the id to the session
	$_SESSION['username'] = $username; // set the username to the session
	$_SESSION['password'] = $password; // set the password to the sesison
	$_SESSION['code'] = $code; // set the unique code to the session
	$location = "users/{$username}/index.php"; // create the location for the user
	header("Location: $location"); // redirect the user to their folder
} else
	{
		echo "Your login was incorrect."; // if no match found echo error message
	}
}
?>
<form name="form" method="post" action="<?php echo $PHP_SELF; ?>">
<input type="text" name="username" /><br />
<input type="password" name="password" /><br />
<input type="submit" name="submit" />
</form>

 

 

index.php

 

<?php
error_reporting(E_ALL); // show any errors, if any
require_once("/homepages/35/d88707459/htdocs/pibland/page_header.php");
session_start(); // start the session
$page_username = "john"; // set the username for the file eg john for users/john/index.php
$id = $_SESSION['id']; // set the session id to a variable
$username = $_SESSION['username']; // set the session username to a variable
$password = $_SESSION['password']; // set the session password to a variable
$code = $_SESSION['code']; // set the session code to a variable
$query = mysql_query("SELECT username FROM login_pib WHERE id='$' && username='$username' && password='$password' && unique_code='$code'") or die(mysql_error());
$row = mysql_fetch_assoc($query) or die(mysql_error());
$user = $row['username'];
if($user != $page_username)
{
die("You are not allowed to view this page!");
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
</HEAD>
<BODY>
<strong>Hello !</strong>
</BODY></HTML>

 

page_header.php

 

<?php
$db_host = "xxxxxxxxxxxxx";
$db_username = "xxxxxxxxxxxxxxx";
$db_password = "xxxxxxxxxxxxx";
$db_database = "xxxxxxxxxxxxxx";

$db_con = mysql_connect($db_host, $db_username, $db_password) or die(mysql_error());
mysql_select_db($db_database) or die(mysql_error());
?>

chocopi Regular Member

chocopi

Posted
Posted

In index.php change this:

 

$query = mysql_query("SELECT username FROM login_pib WHERE id='$' && username='$username' && password='$password' && unique_code='$code'") or die(mysql_error());

 

to

 

$query = mysql_query("SELECT username FROM login_pib WHERE id='$id' && username='$username' && password='$password' && unique_code='$code'") or die(mysql_error());

 

I think/hope that will fix it for you :D

 

~ Chocopi

MasterACE14 Advanced Member

MasterACE14

Posted
Posted

also with this line in login.php:

<?php
session_start(); // start the sesssion so we can check later to see if they are logged in as the right user

 

session_start() is suppose to be the first thing to be outputted on any page you have it on, you should put it after the require_once() function, and keep the $_SESSION variables where they are, it wont make a difference to setting them if you have session_start() at the top of the page.

 

Regards ACE

chocopi Regular Member

chocopi

Posted
Posted
session_start() is suppose to be the first thing to be outputted

 

Not neccasserily, its useful to have it at the top, but it makes no difference whether it is above or below the require as the it is not using any sessions at all.

 

you should put it after the require_once() function

 

Im assuming you meant before and not after otherwise you are contradicting yourself ;)

 

~ Chocopi

chocopi Regular Member

chocopi

Posted
Posted

Try replacing this

 

if($num_rows != 0) // if the database finds nothing don't login
{
	$row = mysql_fetch_assoc($query) or die(mysql_error()); // get data from database
	$id = $row['id']; // set the user id from the database to a variable
	$code = $row['unique_code']; // set the code from the database to a variable
	session_start(); // start the sesssion so we can check later to see if they are logged in as the right user
	$_SESSION['id'] = $id; // set the id to the session
	$_SESSION['username'] = $username; // set the username to the session
	$_SESSION['password'] = $password; // set the password to the sesison
	$_SESSION['code'] = $code; // set the unique code to the session
	$location = "users/{$username}/index.php"; // create the location for the user
	header("Location: $location"); // redirect the user to their folder
} else
	{
		echo "Your login was incorrect."; // if no match found echo error message
	}

 

with

 

if($num_rows == 0)
{
echo "Your login was incorrect."; // if no match found echo error message
} else
if($num_rows != 0) // if the database finds nothing don't login
{
		$row = mysql_fetch_assoc($query) or die(mysql_error()); // get data from database
		$id = $row['id']; // set the user id from the database to a variable
		$code = $row['unique_code']; // set the code from the database to a variable
		session_start(); // start the sesssion so we can check later to see if they are logged in as the right user
		$_SESSION['id'] = $id; // set the id to the session
		$_SESSION['username'] = $username; // set the username to the session
		$_SESSION['password'] = $password; // set the password to the sesison
		$_SESSION['code'] = $code; // set the unique code to the session
		$location = "users/{$username}/index.php"; // create the location for the user
		header("Location: $location"); // redirect the user to their folder
}

 

Its because its not finding anything it can go a bit strange sometimes.

 

I think that might solve it, but i might not ;)

 

~ Chocopi

mattal999 Regular Member

mattal999

Posted
Posted 

if($num_rows == 0)
{
echo "Your login was incorrect."; // if no match found echo error message
} else {
if($num_rows != 0) // if the database finds nothing don't login
{
		$row = mysql_fetch_assoc($query) or die(mysql_error()); // get data from database
		$id = $row['id']; // set the user id from the database to a variable
		$code = $row['unique_code']; // set the code from the database to a variable
		session_start(); // start the sesssion so we can check later to see if they are logged in as the right user
		$_SESSION['id'] = $id; // set the id to the session
		$_SESSION['username'] = $username; // set the username to the session
		$_SESSION['password'] = $password; // set the password to the sesison
		$_SESSION['code'] = $code; // set the unique code to the session
		$location = "users/{$username}/index.php"; // create the location for the user
		header("Location: $location"); // redirect the user to their folder
}
}

 

Try that... i don't know if it will work

chocopi Regular Member

chocopi

Posted
Posted

If Mattal's idea doesn't work then I think it might be something to do with the mysql_num_rows()

 

so try using this instead:

 

<?php
error_reporting(E_ALL);
require_once("page_header.php");
if($_POST) 
{
$errors = 0; // set errors which will be used to check if the login was incorrect
$username = mysql_real_escape_string($_POST['username']); // get the posted username and set to variable
$password = mysql_real_escape_string($_POST['password']); // get the posted password and set to variable
$query = mysql_query("SELECT id,unique_code FROM login_pib WHERE username='$username' && password='$password'") or die(mysql_error()); // check to see if username and password match database
while($row = mysql_fetch_assoc($query)) // do a while statement to get the values
{
	$id = $row['id']; // set the user id from the database to a variable
	$code = $row['unique_code']; // set the code from the database to a variable
	session_start(); // start the sesssion so we can check later to see if they are logged in as the right user
	$_SESSION['id'] = $id; // set the id to the session
	$_SESSION['username'] = $username; // set the username to the session
	$_SESSION['password'] = $password; // set the password to the sesison
	$_SESSION['code'] = $code; // set the unique code to the session
	$location = "users/{$username}/index.php"; // create the location for the user
	header("Location: $location"); // redirect the user to their folder
}
$errors++; // if the user is not redirected then increment errors
}
?>
<form name="form" method="post" action="<?php echo $PHP_SELF; ?>">
<input type="text" name="username" /><br />
<input type="password" name="password" /><br />
<input type="submit" name="submit" />
</form>
<?php
if($errors > 0) // check if there were errors
{
die("Your login was incorrect !"); // if there are errors kill the script, but after the form has been outputted otherwise the user will see a blank screen
}
?>

 

Now if Mattal's idea doesn't work then I hope this should solve the current problem ;D

 

~ Chocopi

  • 2 weeks later...
florida_guy99 Newbie

florida_guy99

Posted
  • Author
Posted

I have been out of the country but I just tried all the above suggestions and now when wrong login info is entered, it just goes right back to login.php and username and password fields cleared. I guess that works as well...

 

Thanks guys !

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.