sessions and redirects
Posted: Mon May 13, 2002 10:29 am
Help ! I am trying to protect a page with a username and password. The login page works ok, and this one will not show if the user isn't logged in, but doesn't redirect to the login page. Any ideas on what I am doing wrong?
Thanks for your help!!
#!/usr/local/bin/php
<?
session_start();
?>
<?
//check to see if the user is logged in.
$username = $GLOBALS["valid_user"];
if (empty($username))
{
$relative_url="./authmain.php";
header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em ... thmain.php");
exit;
}
?>
<html>
<body>
<body>
<h3>
<center>Update Users. <br> Select the user you want to edit. Update any relevant information in the pre-populated form and click “enter information.” <br></center>
<center><br><a href="http://nova.umuc.edu/~em680a10/diamondhome.html">Back to homepage</a></center></h3>
<?php
$db = mysql_pconnect("localhost", "em680a10", "3s8d5m2f");
mysql_select_db("em680a10",$db);
if ($submit) {
if ($userid) {
$query = "UPDATE auth SET username='$username',password='$password'', WHERE userid=$userid";
} else {
$query = "INSERT INTO auth (username, password) VALUES ('$username','$password')";
}
$result = mysql_query($query,$db);
echo "Record updated!<p>";
$result = mysql_query($query, $db);
echo "Hit the back button in your browser window to go back!<p>";
} elseif ($delete) {
// delete a record
$query = "DELETE FROM auth WHERE userid=$userid";
$result = mysql_query($query,$db);
echo " Record deleted!<p>";
$result = mysql_query($query, $db);
echo "Hit the back button in your browser window to go back!<p>";
} else {
// this part happens if we don't press submit
if (!$userid) {
$result = mysql_query("SELECT * FROM auth",$db);
while ($myrow = mysql_fetch_array($result)) {
printf("<a href="%s?userid=%s">%s %s</a>
", $PHP_SELF, $myrow["userid"], $myrow["username"], $myrow["password"]);
printf("<a href="%s?userid=%s&delete=yes">(DELETE)</a><br>", $PHP_SELF, $myrow["userid"]);
}
}
?>
<P>
<a href="http://nova.umuc.edu/cgi-bin/cgiwrap/~e ... r.php"></a>
<P>
<form method="post" action="<?php echo $PHP_SELF?>">
<?php
if ($userid) {
// editing so select a record
$query = "SELECT * FROM auth WHERE userid=$userid";
$result = mysql_query($query,$db);
$myrow = mysql_fetch_array($result);
$userid = $myrow["userid"];
$username = $myrow["username"];
$password = $myrow["password"];
// print the id for editing
?>
<input type=hidden name="userid" value="<?php echo $userid ?>">
<?php
}
?>
User name: <input type="Text" name="username" value="<?php echo $username ?>" maxlength=55 size=55><br>
Password: <input type="Text" name="password" value="<?php echo $password?>" maxlength=55 size=55><br>
<input type="Submit" name="submit" value="Enter information">
<input type="reset" value="Clear Form" name="reset">
</form>
<?php
}
?>

Thanks for your help!!
#!/usr/local/bin/php
<?
session_start();
?>
<?
//check to see if the user is logged in.
$username = $GLOBALS["valid_user"];
if (empty($username))
{
$relative_url="./authmain.php";
header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em ... thmain.php");
exit;
}
?>
<html>
<body>
<body>
<h3>
<center>Update Users. <br> Select the user you want to edit. Update any relevant information in the pre-populated form and click “enter information.” <br></center>
<center><br><a href="http://nova.umuc.edu/~em680a10/diamondhome.html">Back to homepage</a></center></h3>
<?php
$db = mysql_pconnect("localhost", "em680a10", "3s8d5m2f");
mysql_select_db("em680a10",$db);
if ($submit) {
if ($userid) {
$query = "UPDATE auth SET username='$username',password='$password'', WHERE userid=$userid";
} else {
$query = "INSERT INTO auth (username, password) VALUES ('$username','$password')";
}
$result = mysql_query($query,$db);
echo "Record updated!<p>";
$result = mysql_query($query, $db);
echo "Hit the back button in your browser window to go back!<p>";
} elseif ($delete) {
// delete a record
$query = "DELETE FROM auth WHERE userid=$userid";
$result = mysql_query($query,$db);
echo " Record deleted!<p>";
$result = mysql_query($query, $db);
echo "Hit the back button in your browser window to go back!<p>";
} else {
// this part happens if we don't press submit
if (!$userid) {
$result = mysql_query("SELECT * FROM auth",$db);
while ($myrow = mysql_fetch_array($result)) {
printf("<a href="%s?userid=%s">%s %s</a>
", $PHP_SELF, $myrow["userid"], $myrow["username"], $myrow["password"]);
printf("<a href="%s?userid=%s&delete=yes">(DELETE)</a><br>", $PHP_SELF, $myrow["userid"]);
}
}
?>
<P>
<a href="http://nova.umuc.edu/cgi-bin/cgiwrap/~e ... r.php"></a>
<P>
<form method="post" action="<?php echo $PHP_SELF?>">
<?php
if ($userid) {
// editing so select a record
$query = "SELECT * FROM auth WHERE userid=$userid";
$result = mysql_query($query,$db);
$myrow = mysql_fetch_array($result);
$userid = $myrow["userid"];
$username = $myrow["username"];
$password = $myrow["password"];
// print the id for editing
?>
<input type=hidden name="userid" value="<?php echo $userid ?>">
<?php
}
?>
User name: <input type="Text" name="username" value="<?php echo $username ?>" maxlength=55 size=55><br>
Password: <input type="Text" name="password" value="<?php echo $password?>" maxlength=55 size=55><br>
<input type="Submit" name="submit" value="Enter information">
<input type="reset" value="Clear Form" name="reset">
</form>
<?php
}
?>