Page 1 of 1

All about headers..cuz i m a noob

Posted: Wed Dec 03, 2003 12:40 pm
by Draco_03
Hi :)

Okay basically i need to use a header to redirect a user when he put a good or bad user name...

so basically i did that

Code: Select all

<?php
$connect = mysql_connect($host, $user, $pswd) 
	or die("Could not connect: " . mysql_error());
$database = mysql_select_db('tech_support') 
	or die(MySQL_Error());
$sql = "SELECT * FROM members";
$result = mysql_query($sql) or die(MySQL_Error());

for ($i = 0; $rows = mysql_fetch_row($result); $i++)
	{
		if ($rows[1] == $_POST["user"] && $rows[2] == $_POST["password"])
		{
		print "Good login...i won't kill you<br />";
		}else{
		print "BAD USER OR PASSWORD YOU LOOSER<br />";
		}
	}
mysql_close($connect);
?>
that s my code...

now in my if instead of puting Good login.. i want to redirect to a page...
but it : Warning: Cannot add header information - headers already sent
i know that header should be in head (or befor anything else) but still i need to put my redirect in the if... so any suggestion

thank you

Posted: Wed Dec 03, 2003 12:44 pm
by Chambrln
you could just echo a meta tag to redirect if you're not really trying to be too secure. what's to keep someone from just typing in the page in the address bar from the beginning?

Code: Select all

<meta http-equiv=refresh content=1;URL=loggedin.php>

Posted: Wed Dec 03, 2003 12:55 pm
by Draco_03
cuz the point is to make them log in into "something" and the something is in a page a redirect :)

but thx for the solution though.. i was reading about that and i didn t found anything else..

thank you very much :)

Posted: Wed Dec 03, 2003 2:38 pm
by basdog22
Why don't you do:

Code: Select all

<?php 
$connect = mysql_connect($host, $user, $pswd) 
   or die("Could not connect: " . mysql_error()); 
$database = mysql_select_db('tech_support') 
   or die(MySQL_Error()); 
$sql = "SELECT * FROM members"; 
$result = mysql_query($sql) or die(MySQL_Error()); 

for ($i = 0; $rows = mysql_fetch_row($result); $i++) 
   &#123; 
      if ($rows&#1111;1] == $_POST&#1111;"user"] && $rows&#1111;2] == $_POST&#1111;"password"]) 
      &#123; 
////////////////////////////////////////////////
           echo_your_page_code_here...////
////////////////////////////////////////////////

      &#125;else&#123; 
      print "BAD USER OR PASSWORD YOU LOOSER<br />"; 
      &#125; 
   &#125; 
mysql_close($connect); 
?>

Posted: Wed Dec 03, 2003 2:50 pm
by JAM
Personally, I'd prefer trying to search the username with the password directly in the query, matching the amount of hits.

Code: Select all

<?php
// pseudo code to give you ideas.
// more security could be nice...
$connect = mysql_connect($host, $user, $pswd) or die("Could not connect: " . mysql_error());
$database = mysql_select_db('tech_support') or die(MySQL_Error());
$sql = "SELECT * FROM members where username = '$_POST[user]' and pass = '$_POST[password]'";
$result = mysql_query($sql) or die(MySQL_Error());
mysql_close($connect);

if (mysql_num_rows($result) == 0) {
    header("Location: http://www.example.com/");
    exit;
} else {
    echo 'Yay!';
}
?>

Posted: Wed Dec 03, 2003 2:53 pm
by infolock
also good for headers already being sent issues, is ob_start/end_flush(); jason made a nice tutorial on this subject here :
viewtopic.php?t=1157

Posted: Wed Dec 03, 2003 3:22 pm
by Draco_03
Ahhh
my noobi brain has pretty much got it :):)..ty very much