sessions and redirects

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Denisem
Forum Newbie
Posts: 20
Joined: Sat May 04, 2002 8:48 am
Location: VA

sessions and redirects

Post by Denisem »

Help ! I am trying to protect a page with a username and password. The login page works ok, and this one will not show if the user isn't logged in, but doesn't redirect to the login page. Any ideas on what I am doing wrong?

Thanks for your help!!

#!/usr/local/bin/php
<?
session_start();
?>
<?
//check to see if the user is logged in.
$username = $GLOBALS["valid_user"];
if (empty($username))
{
$relative_url="./authmain.php";
header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em ... thmain.php");
exit;
}
?>

<html>

<body>

<body>
<h3>


<center>Update Users. <br> Select the user you want to edit. Update any relevant information in the pre-populated form and click “enter information.” <br></center>

<center><br><a href="http://nova.umuc.edu/~em680a10/diamondhome.html">Back to homepage</a></center></h3>

<?php

$db = mysql_pconnect("localhost", "em680a10", "3s8d5m2f");

mysql_select_db("em680a10",$db);


if ($submit) {


if ($userid) {

$query = "UPDATE auth SET username='$username',password='$password'', WHERE userid=$userid";

} else {

$query = "INSERT INTO auth (username, password) VALUES ('$username','$password')";
}

$result = mysql_query($query,$db);

echo "Record updated!<p>";


$result = mysql_query($query, $db);
echo "Hit the back button in your browser window to go back!<p>";

} elseif ($delete) {

// delete a record

$query = "DELETE FROM auth WHERE userid=$userid";

$result = mysql_query($query,$db);

echo " Record deleted!<p>";


$result = mysql_query($query, $db);
echo "Hit the back button in your browser window to go back!<p>";

} else {

// this part happens if we don't press submit

if (!$userid) {


$result = mysql_query("SELECT * FROM auth",$db);

while ($myrow = mysql_fetch_array($result)) {

printf("<a href="%s?userid=%s">%s %s</a>
", $PHP_SELF, $myrow["userid"], $myrow["username"], $myrow["password"]);

printf("<a href="%s?userid=%s&delete=yes">(DELETE)</a><br>", $PHP_SELF, $myrow["userid"]);

}

}


?>


<P>

<a href="http://nova.umuc.edu/cgi-bin/cgiwrap/~e ... r.php"></a>

<P>

<form method="post" action="<?php echo $PHP_SELF?>">

<?php



if ($userid) {

// editing so select a record

$query = "SELECT * FROM auth WHERE userid=$userid";

$result = mysql_query($query,$db);

$myrow = mysql_fetch_array($result);

$userid = $myrow["userid"];

$username = $myrow["username"];

$password = $myrow["password"];


// print the id for editing



?>

<input type=hidden name="userid" value="<?php echo $userid ?>">

<?php

}

?>

User name: <input type="Text" name="username" value="<?php echo $username ?>" maxlength=55 size=55><br>

Password: <input type="Text" name="password" value="<?php echo $password?>" maxlength=55 size=55><br>


<input type="Submit" name="submit" value="Enter information">
<input type="reset" value="Clear Form" name="reset">

</form>


<?php


}

?>
:lol:
User avatar
sam
Forum Contributor
Posts: 217
Joined: Thu Apr 18, 2002 11:11 pm
Location: Northern California
Contact:

Post by sam »

Code: Select all

header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em680a10/authmain.php");
Should be changed to something like:

Code: Select all

header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em680a10/authmain.php?SID=" . session_id());
That should work alright for you. I'm not sure if session id cookies are on or not so I just used this is a sample.

Cheers Sam
Denisem
Forum Newbie
Posts: 20
Joined: Sat May 04, 2002 8:48 am
Location: VA

Post by Denisem »

sam wrote:

Code: Select all

header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em680a10/authmain.php");
Should be changed to something like:

Code: Select all

header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em680a10/authmain.php?SID=" . session_id());
That should work alright for you. I'm not sure if session id cookies are on or not so I just used this is a sample.

Cheers Sam
Thanks for the response sam. Cookies are not on. Does this change anythig in your example? Do i just omit everything after the ?

Denise
Post Reply