rofl90 Posted March 8, 2008 Share Posted March 8, 2008 It works fine if the referrer is www.codeetech.com, if not it doesn't work, it just gives me the page with the text at the top on it.. heres my code: Validating your credentials... Please wait a moment... <?php /* get the incoming ID and password hash */ /* establish a connection with the database */ $server = mysql_connect("x", "x", "hx"); if (!$server) die(mysql_error()); mysql_select_db("x"); $user = mysql_real_escape_string(strip_tags(htmlentities(ucwords(strtolower($_POST["userid"]))))); $pass = md5(mysql_real_escape_string(strip_tags(htmlentities($_POST["password"])))); $websitereferrer = $_POST['referrer']; $url = $_POST['referrerfull']; $queray = "SELECT * FROM users WHERE User = '$user' AND Password = '$pass' AND banned= '0'"; $resulto = mysql_query($queray); if (mysql_num_rows($resulto) == '1') { /* access granted */ $sql = "update users set online='1' WHERE User = '$user'"; mysql_query($sql) or die(mysql_error()); $sqlid = "SELECT id from users WHERE User= '$user'"; $resultar = mysql_query($sqlid) or die(mysql_error()); $finalised = mysql_fetch_array($resultar); session_start(); header("Cache-control: private"); $_SESSION["access"] = "granted"; $_SESSION["user"] = $user; $_SESSION["id"] = $finalised['id']; if($websitereferrer != 'www.codeetech.com') { header("Location: index2.php"); } if($url == 'http://www.codeetech.com/backend/logout.php'){ header("Location: index2.php"); } header("Location: $url"); } else { /* access denied – redirect back to login */ header("Location: index.php?a=Login has failed, you have either been banned or you entered the wrong password, if you wish to try again please do, if the problem persists, please contact a member of staff."); } ?> and my form: $url = $_SERVER['HTTP_REFERER']; $websitereferrer = parse_url($url, PHP_URL_HOST); ?> <form action="validate.php" method="post"> <fieldset> <label>Your IP is <?php echo $_SERVER['REMOTE_ADDR']; ?>, and has been logged, unauthorised attempts to access will be logged, and steps will be taken. <br /></label> <br /> <fieldset> <legend>Name - <?php echo $message; ?></legend><input type="hidden" name="referrer" id="No CSS Style" value="<?php echo $websitereferrer; ?>" /><input type="hidden" name="referrerfull" id="No CSS Style" value="<?php echo $url; ?>" /> <input type="text" name="userid" id="user" /> </fieldset> (not case sensitive eg cHaRLiE becomes 'Charlie') <br /> <br /> <fieldset><legend> Password</legend> <input type="password" name="password" id="password" /> </fieldset> (cAsE sEnSiTiVe) <br /> <br /> <input type="submit" id="submit" value="Login" /> <input name="ip" type="hidden" id="hidden" value="<?php $ip = $_SERVER['REMOTE_ADDR']; echo $ip; ?>" /> <br /> <br /> Backend time out currently set at: <?php $result = mysql_query("SELECT * FROM settings") or die(mysql_error()); $row = mysql_fetch_array($result); $timing = $row['timeout']; echo $timing / 60; ?> minutes.<br /> </fieldset></form> Quote Link to comment Share on other sites More sharing options...
rofl90 Posted March 8, 2008 Author Share Posted March 8, 2008 fixed using meta instead of header Quote Link to comment Share on other sites More sharing options...
jacksonmj Posted March 8, 2008 Share Posted March 8, 2008 Read the sticky topic about header errors <edit> Sorry, didn't see previous reply Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.