Page 1 of 1

Page Redirection doesnt work

Posted: Fri Aug 30, 2013 1:54 am
by khan.koder
0 down vote favorite


I grabbed a piece of code a login and registration script when i run the index.php from apache it gives this error in the address tab

http://localhost/johnlogin/?msg=login?m ... ?msg=login

and this below error on the browser page

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies.

I dig out the code but cant solve the problem here's the code of index.php

Code: Select all

require_once('load.php');
$logged = $j->checkLogin();

if ( $logged == false ) {
    //Build our redirect
    $url = "http" . ((!empty($_SERVER['HTTPS'])) ? "s" : "") . "://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    $redirect = str_replace('index.php', 'login.php', $url);

    //Redirect to the home page
    header("Location: $redirect?msg=login");
    exit;
} else {
    //Grab our authorization cookie array
    $cookie = $_COOKIE['joombologauth'];

    //Set our user and authID variables
    $user = $cookie['user'];
    $authID = $cookie['authID'];

    //Query the database for the selected user
    $table = 'j_users';
    $sql = "SELECT * FROM $table WHERE user_login = '" . $user . "'";
    $results = $jdb->select($sql);

    //Kill the script if the submitted username doesn't exit
    if (!$results) {
        die('Sorry, that username does not exist!');
    }

    //Fetch our results into an associative array
    $results = mysql_fetch_assoc( $results );

?>
the load.php basically consists a require_once statement which loads db and a class file here's the class code which id been called by

Code: Select all

$logged = $j->checkLogin();

---------the class.php code-------

        function checkLogin() {
        global $jdb;

        //Grab our authorization cookie array
        $cookie = $_COOKIE['joombologauth'];

        //Set our user and authID variables
        $user = $cookie['user'];
        $authID = $cookie['authID'];

        /*
         * If the cookie values are empty, we redirect to login right away;
         * otherwise, we run the login check.
         */
        if ( !empty ( $cookie ) ) {

            //Query the database for the selected user
            $table = 'login';
            $sql = "SELECT * FROM $table WHERE uName = '" . $user . "'";
            $results = $jdb->select($sql);

            //Kill the script if the submitted username doesn't exit
            if (!$results) {
                die('Sorry, that username does not exist!');
            }

            //Fetch our results into an associative array
            $results = mysql_fetch_assoc( $results );

            //The registration date of the stored matching user
            $storeg = $results['user_registered'];

            //The hashed password of the stored matching user
            $stopass = $results['user_pass'];

            //Rehash password to see if it matches the value stored in the cookie
            $authnonce = md5('cookie-' . $user . $storeg . AUTH_SALT);
            $stopass = $jdb->hash_password($stopass, $authnonce);

            if ( $stopass == $authID ) {
                $results = true;
            } else {
                $results = false;
            }
        } else {
            //Build our redirect
            $url = "http" . ((!empty($_SERVER['HTTPS'])) ? "s" : "") . "://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
            $redirect = str_replace('index.php', 'login.php', $url);

            //Redirect to the home page
            header("Location: $redirect?msg=login");
            exit;
        }

        return $results;
    }
}
all the bug is being happening here

regards

Re: Page Redirection doesnt work

Posted: Tue Oct 01, 2013 9:45 pm
by akuji36
Hello

Let's try rewriting your code to make sure everything works.
1.check localhost link (this works for your machine only--need a server name for other people to have access to this script.)
2.check your redirect script AND names of your variables.
3.check connection to database and table name.
4.check your database username and passwords
5.check your cookie and session names.
6. Also there should be something in place to make sure the user can only enter needed data(want to avoid mysql injection)
like regex . For example if a field requires only letters or numbers specify. limit it so field will not accept any code.

Follow this link which leads to a tutorial with code:
http://phpsnips.com/4/Simple-User-Login#.UkuwS4asg40

thanks
Rod
rod@webpagesofease.com
www.webpagesofease.com