Page 1 of 1

sessions and redirects

Posted: Mon May 13, 2002 10:29 am
by Denisem
Help ! I am trying to protect a page with a username and password. The login page works ok, and this one will not show if the user isn't logged in, but doesn't redirect to the login page. Any ideas on what I am doing wrong?

Thanks for your help!!

#!/usr/local/bin/php
<?
session_start();
?>
<?
//check to see if the user is logged in.
$username = $GLOBALS["valid_user"];
if (empty($username))
{
$relative_url="./authmain.php";
header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em ... thmain.php");
exit;
}
?>

<html>

<body>

<body>
<h3>


<center>Update Users. <br> Select the user you want to edit. Update any relevant information in the pre-populated form and click “enter information.” <br></center>

<center><br><a href="http://nova.umuc.edu/~em680a10/diamondhome.html">Back to homepage</a></center></h3>

<?php

$db = mysql_pconnect("localhost", "em680a10", "3s8d5m2f");

mysql_select_db("em680a10",$db);


if ($submit) {


if ($userid) {

$query = "UPDATE auth SET username='$username',password='$password'', WHERE userid=$userid";

} else {

$query = "INSERT INTO auth (username, password) VALUES ('$username','$password')";
}

$result = mysql_query($query,$db);

echo "Record updated!<p>";


$result = mysql_query($query, $db);
echo "Hit the back button in your browser window to go back!<p>";

} elseif ($delete) {

// delete a record

$query = "DELETE FROM auth WHERE userid=$userid";

$result = mysql_query($query,$db);

echo " Record deleted!<p>";


$result = mysql_query($query, $db);
echo "Hit the back button in your browser window to go back!<p>";

} else {

// this part happens if we don't press submit

if (!$userid) {


$result = mysql_query("SELECT * FROM auth",$db);

while ($myrow = mysql_fetch_array($result)) {

printf("<a href="%s?userid=%s">%s %s</a>
", $PHP_SELF, $myrow["userid"], $myrow["username"], $myrow["password"]);

printf("<a href="%s?userid=%s&delete=yes">(DELETE)</a><br>", $PHP_SELF, $myrow["userid"]);

}

}


?>


<P>

<a href="http://nova.umuc.edu/cgi-bin/cgiwrap/~e ... r.php"></a>

<P>

<form method="post" action="<?php echo $PHP_SELF?>">

<?php



if ($userid) {

// editing so select a record

$query = "SELECT * FROM auth WHERE userid=$userid";

$result = mysql_query($query,$db);

$myrow = mysql_fetch_array($result);

$userid = $myrow["userid"];

$username = $myrow["username"];

$password = $myrow["password"];


// print the id for editing



?>

<input type=hidden name="userid" value="<?php echo $userid ?>">

<?php

}

?>

User name: <input type="Text" name="username" value="<?php echo $username ?>" maxlength=55 size=55><br>

Password: <input type="Text" name="password" value="<?php echo $password?>" maxlength=55 size=55><br>


<input type="Submit" name="submit" value="Enter information">
<input type="reset" value="Clear Form" name="reset">

</form>


<?php


}

?>
:lol:

Posted: Mon May 13, 2002 12:59 pm
by sam

Code: Select all

header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em680a10/authmain.php");
Should be changed to something like:

Code: Select all

header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em680a10/authmain.php?SID=" . session_id());
That should work alright for you. I'm not sure if session id cookies are on or not so I just used this is a sample.

Cheers Sam

Posted: Mon May 13, 2002 2:06 pm
by Denisem
sam wrote:

Code: Select all

header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em680a10/authmain.php");
Should be changed to something like:

Code: Select all

header("Location: http://nova.umuc.edu/cgi-bin/cgiwrap/em680a10/authmain.php?SID=" . session_id());
That should work alright for you. I'm not sure if session id cookies are on or not so I just used this is a sample.

Cheers Sam
Thanks for the response sam. Cookies are not on. Does this change anythig in your example? Do i just omit everything after the ?

Denise