Page 1 of 1

page redirect based on column value not working

Posted: Sat Jan 05, 2013 11:03 am
by jonnyfortis
Hello
I have a page that is initially a customer signup page / application. The full application will consist of 4 pages in the end.

Going back to the first page to start this contains the fields where the user can add the username, email and password. This is then all stored in a php DB. Once each page has been complete (and only when complete) it sends a hidden field value to the database saying complete (or whatever) when submitted then when the user logs back in the are logged back in the page one but if this is complete they are then directed to the next page.

i am hitting a wall with the redirect though.

Code: Select all

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "failed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}

$colname_rsTenant = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsTenant = $_SESSION['MM_Username'];
}
mysql_select_db($database_Letting, $Letting);
$query_rsTenant = sprintf("SELECT * FROM LettingsTenApp WHERE tenID = %s", GetSQLValueString($colname_rsTenant, "int"));
$rsTenant = mysql_query($query_rsTenant, $Letting) or die(mysql_error());
$row_rsTenant = mysql_fetch_assoc($rsTenant);
$totalRows_rsTenant = mysql_num_rows($rsTenant);

$status = $row_rsTenant['progress'];

// Redirect user if their application is completed
if($status == "P1complete")
{
          header("location: application-formP2.php");
}
?>
i have a column in the DB called progress

and a hidden value of

Code: Select all

<input type="hidden" name="progress" value="P1complete" />
there are also the other values in the form for username, password, email etc...

thanks in advance

Re: page redirect based on column value not working

Posted: Sat Jan 05, 2013 3:22 pm
by Eric!
What's the wall? Is the hidden field working? Does $status get set to P1complete? Does it enter that section of code and not redirect? You might want to put an exit after your redirect just to make sure the scripts stops executing too (assuming you have more code that isn't shown in your example).

Re: page redirect based on column value not working

Posted: Sat Jan 05, 2013 5:01 pm
by jonnyfortis
What's the wall?
an expression. i have got stuck
Is the hidden field working?
yes. the value is getting updated
Does $status get set to P1complete?

yes when the form is submitted the progress column is populated with P1complete
Does it enter that section of code and not redirect?
i added the exit and the page when the user logs in is blank
without the exit the user logs in and lands on page 1
(both the above is when the value is P1complete)
You might want to put an exit after your redirect just to make sure the scripts stops executing too (assuming you have more code that isn't shown in your example).

Code: Select all

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "failed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_rsTenant = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsTenant = $_SESSION['MM_Username'];
}
mysql_select_db($database_Letting, $Letting);
$query_rsTenant = sprintf("SELECT * FROM LettingsTenApp WHERE tenID = %s", GetSQLValueString($colname_rsTenant, "int"));
$rsTenant = mysql_query($query_rsTenant, $Letting) or die(mysql_error());
$row_rsTenant = mysql_fetch_assoc($rsTenant);
$totalRows_rsTenant = mysql_num_rows($rsTenant);

$status = $row_rsTenant['progress'];

// Redirect user if thier application is completed
if($status == "P1complete")
{
          header("location: application-formP2.php");
}
exit;

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO LettingsTenApp (tenID, progress, tenTitle, tenUsername, tenPassword, tenSex, tenEmail, tenDobDD, tenDobMM, tenDobYY, tenDepend, tenMarital, tenPrevSurn, tenEmployTyp, tenNINumber) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['tenID'], "int"),
					   GetSQLValueString($_POST['progress'], "text"),
                       GetSQLValueString($_POST['tenTitle'], "text"),
                       GetSQLValueString($_POST['tenUsername'], "text"),
                       GetSQLValueString($_POST['tenPassword'], "text"),
                       GetSQLValueString($_POST['tenSex'], "text"),
                       GetSQLValueString($_POST['tenEmail'], "text"),
                       GetSQLValueString($_POST['tenDobDD'], "text"),
                       GetSQLValueString($_POST['tenDobMM'], "text"),
                       GetSQLValueString($_POST['tenDobYY'], "text"),
                       GetSQLValueString($_POST['tenDepend'], "text"),
                       GetSQLValueString($_POST['tenMarital'], "text"),
                       GetSQLValueString($_POST['tenPrevSurn'], "text"),
                       GetSQLValueString($_POST['tenEmployTyp'], "text"),
                       GetSQLValueString($_POST['tenNINumber'], "text"));

  mysql_select_db($database_Letting, $Letting);
  $Result1 = mysql_query($insertSQL, $Letting) or die(mysql_error());

  $insertGoTo = "application-formP2.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

?>

Code: Select all

<form action="<?php echo $editFormAction; ?>" method="post" name="form1" >
<input type="text" name="tenUsername" value="" size="28" />
<input type="password" name="tenPassword" value="" size="28" id="password"/>
<input type="text" name="tenEmail" value="" size="28" />
<input type="submit" value="Save & continue" />
<input type="hidden" name="progress" value="P1complete" />
<input type="hidden" name="MM_insert" value="form1" />
      </form>
there are other feilds aswell

Re: page redirect based on column value not working

Posted: Sat Jan 05, 2013 5:15 pm
by Eric!
You want the exit to follow the redirect.

Code: Select all

if($status == "P1complete")
{
          header("location: application-formP2.php");
          exit;
}
And put an echo before the header redirect to make sure you're really getting to that part of the code---just for testing because it will generate an error when you call header after an echo, but at least you'll know the code is getting there. For debugging:

Code: Select all

if($status == "P1complete")
{
          echo "Redirect to application-formP2.php";
          header("location: application-formP2.php");
          exit;
}
While I don't think this is critical, the proper format should be:

Code: Select all

header("Location: http://yourdomainhere.com/uri_here.php");

Re: page redirect based on column value not working

Posted: Sun Jan 06, 2013 1:07 pm
by jonnyfortis
ok i done all the below but still when the user login in stays on application-formP1.php.
As a test i did echo out <?php echo $row_rsTenant['tenUsername']; ?> and <?php echo $row_rsTenant['progress']; ?> in the body to see if the user details where showing and they were not, so i presume it is not logging the user in correctly?

Re: page redirect based on column value not working

Posted: Sun Jan 06, 2013 6:06 pm
by Eric!
There could be a number of places where the login info is getting lost. Check your data at various points in your code:

Code: Select all

echo print_r($_POST,true);
echo print_r($_SESSION,true);

Code: Select all

echo $colname_rsTenant; // before you do your msql query
Then look in your database to see if the fields are getting updated properly during each step. You'll find the problem somewhere along the line.

Re: page redirect based on column value not working

Posted: Mon Jan 07, 2013 2:08 am
by jonnyfortis
ok i added

<?php //temp start
echo $row_rsTenant['tenUsername'];
echo print_r($_POST,true);
echo print_r($_SESSION,true);
//temp end?>

throughout the code and got the following results on each instance

Array ( ) Array ( [MM_Username] => testusername [MM_UserGroup] => )

Re: page redirect based on column value not working

Posted: Mon Jan 07, 2013 8:20 am
by Eric!
Those lines you are adding are to help you determine what your variables contain and you should be checking their contents after you set them and before you use them. Don't just scatter them willy nilly. The line with _SESSION has to follow your sesssion_start call, for example.

Then if you find values that are empty that you think should contain something, then you have to search for the reason why it is empty.

As for your specific results, I can't tell anything from that because I don't know where in your code you dumped out the values.

Re: page redirect based on column value not working

Posted: Mon Jan 07, 2013 10:33 am
by jonnyfortis
yes i have am hoping that i didnt insert them willy nilly. I added the code

at the beginning before the session variable and after the session variable

Code: Select all

<?php require_once('Connections/Letting.php'); ?>
<?php //temp start
echo $row_rsTenant['tenUsername']; 
echo print_r($_POST,true);
echo print_r($_SESSION,true);
//temp end?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "failed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php //temp start
echo $row_rsTenant['tenUsername']; 
echo print_r($_POST,true);
echo print_r($_SESSION,true);
//temp end?>
I also added at the end of the code before the html tags. and into the body of the page, all the results came back the same

Code: Select all

Array ( ) Array ( [MM_Username] => testusername [MM_UserGroup] => )
with that in mind does the results make any more sense?

Re: page redirect based on column value not working

Posted: Mon Jan 07, 2013 2:26 pm
by Eric!
It means the first variable is blank (printing nothing), you have nothing in the _POST data and only one variable in your _SESSION data has a value, the other is blank.

FYI it doesn't help to put this at the top of your script because it isn't defined:
echo $row_rsTenant['tenUsername'];

Also $_SESSION won't have anything in it until AFTER session_start() is called:
echo print_r($_SESSION,true);

And $_POST will only exist if the script calling this page actually sets something in $_POST. This was meant to go on your page that receives the post data from your form.

For starters it looks like whatever script is setting up the session data isn't working. Perhaps your $_POST data isn't right, or your $_SESSION data isn't getting properly setup from the $_POST data.

Re: page redirect based on column value not working

Posted: Wed Jan 09, 2013 4:14 am
by jonnyfortis
Sorted it, restarted the script and found the errors. The problem was due to MM_SESSION and a few other issues.
this script is working now

landing page

Code: Select all

$colname_rsTenant = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsTenant = $_SESSION['MM_Username'];
}
mysql_select_db($database_Letting, $Letting);
$query_rsTenant = sprintf("SELECT * FROM LettingsTenApp WHERE tenEmail = %s", GetSQLValueString($colname_rsTenant, "text"));
$rsTenant = mysql_query($query_rsTenant, $Letting) or die(mysql_error());
$row_rsTenant = mysql_fetch_assoc($rsTenant);
$totalRows_rsTenant = mysql_num_rows($rsTenant);

$status = $row_rsTenant['progress'];

// Redirect user if thier application is completed
if($status == "P1complete")
{
          echo "Redirect to application-formP2.php";
		  header("location: http://www.property-website.com/application-formP2.php");
          exit;
}
login script

Code: Select all

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "application-formP1.php";
  $MM_redirectLoginFailed = "failed.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_Letting, $Letting);
  
  $LoginRS__query=sprintf("SELECT tenEmail, tenPassword FROM LettingsTenApp WHERE tenEmail=%s AND tenPassword=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $Letting) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
	if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

Code: Select all

<form id="form1" name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
            <input type="text" name="username" id="username" />
            <input type="password" name="password" id="password" />
            <input type="submit" name="login" value="login" />
      </form>

thanks for the help