PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
quadoc
Forum Contributor
Posts: 137 Joined: Fri Jul 01, 2005 5:33 pm
Location: Atlanta, GA
Post
by quadoc » Fri Aug 05, 2005 3:51 pm
I've the following code, when I logged in as either an "admin" or an user, it didn't do anything. It supposed to load either an "admin" page or "member" page like in the script but it doesn't. Could someone take a look and see what I'm missing. Thanks...
Code: Select all
<?php
ob_start();
include("config.php");
/* $connection = mysql_connect($hostname, $sqlname, $sqlpass) or die("Couldn't select database.");
$db = mysql_select_db($mysqldb, $connection) or die("Couldn't select database.");
*/
MSSQL_CONNECT($hostname,$username,$password) or DIE("DATABASE FAILED TO RESPOND.");
mssql_select_db($dbName) or DIE("Table unavailable");
if(isset($_POST["submit"])){
$email = htmlspecialchars($_POST["user"]);
$email = strtolower($email);
$tkey = htmlspecialchars($_POST["tkey"]);
$tkey = strtoupper($tkey);
if ($email == ""){
header('Location: index.php?x=login&error=Error, You have entered an invalid email or tix key1');
}else{
/* $userinfo = mysql_query("SELECT * FROM `users` WHERE email='$email' LIMIT 1");
$row = mysql_fetch_array($userinfo);
*/
$query = "SELECT * FROM users WHERE email ='".$email."'";
$result = MSSQL_QUERY($query);
$nRow = MSSQL_NUM_ROWS($result);
echo "Number of rows returned: ", mssql_num_rows($result);
//$tbl_key = mssql_result($result,"1","tkey");
while ($row = mssql_fetch_array($result)) {
$tbl_tkey = $row["tkey"];
$tbl_admin = $row["admin"];
}
if($nRow == 0){
header('Location: index.php?x=login&error=Error, You have entered an invalid email or tix key2');
} else {
// if($row["tkey"] == $tkey) {
if($tbl_tkey == $tkey) {
$_SESSION["email"] = $email;
$_SESSION["admin"] = $row["admin"];
$_SESSION["name"] = $row["name"];
$_SESSION["tkey"] = $tkey;
$_SESSION["logged_in"] = true;
if($_SESSION["admin"] == 1)
{
//header('Location: index.php?x=admin&a=show&dep=1&tixstatus=1');
header('Location: index.php?x=admin&a=show&dep=-1&tixstatus=1');
}
else
{
header('Location: index.php?x=member');
}
} else {
header('Location: index.php?x=login&error=deepdoo, You have entered an invalid email or tix key3');
}
}
}
}
ob_end_flush();
?>
feyd | you can start using
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Fri Aug 05, 2005 4:03 pm
Your header redirects need some adjustment. The error ones specifically.. you need to have URL safe escaped text: RawUrlEncode()
If you are testing this in IE, which I imagine you are, and you hit enter, instead of clicking/thumping the submit button, you won't see $_POST['submit']. Instead of looking for that, look for a field that will always be submitted with the form..
quadoc
Forum Contributor
Posts: 137 Joined: Fri Jul 01, 2005 5:33 pm
Location: Atlanta, GA
Post
by quadoc » Fri Aug 05, 2005 4:14 pm
"you won't see $_POST['submit']. Instead of looking for that, look for a field that will always be submitted with the form.."
How do I look for fields? I'm lost...
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Fri Aug 05, 2005 4:16 pm
$_POST['submit'] is a field name (in this case a button) on the form you are using. The username input, or a hidden input may be good to look for... post your form HTML code..
quadoc
Forum Contributor
Posts: 137 Joined: Fri Jul 01, 2005 5:33 pm
Location: Atlanta, GA
Post
by quadoc » Fri Aug 05, 2005 4:21 pm
Ok, here is my form code.
Code: Select all
table width="600" border="0" align="center" cellpadding="1" cellspacing="1">
<tr>
<td><table width="600" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><strong>Please log in<br>
</strong><img src="images/login.png" width="54" height="54"></td>
<td width="45" align="center" valign="top"><a href="index.php?x=home"><img src="images/back.png" width="54" height="54" border="0"><br>
Back</a></td>
</tr>
</table></td>
</tr>
<tr>
<td><font color="#FF0000"><?php if(isset($_GET["error"])) { echo htmlspecialchars($_GET["error"]); } ?></font><form name="login" method="post" action="logon.php">
<table width="300" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>E-mail</td>
<td><input name="user" type="text" id="user2" value="<?php if(isset($_SESSION["email"])){ echo $_SESSION["email"]; } ?>"></td>
</tr>
<tr>
<td>Password</td>
<td><input name="tkey" type="password" id="pass2" value="<?php if(isset($_SESSION["tkey"])){ echo $_SESSION["tkey"]; } ?>"></td>
</tr>
<tr>
<td> </td>
<td><input name="submit" type="submit" id="submit" value="Submit"></td>
</tr>
</table>
<p>Forgot your password? (<a href="index.php?x=pwdforgot">Click Here</a>)</p>
</form></td>
</tr>
</table>
feyd | seriously, start posting php code in
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Fri Aug 05, 2005 4:31 pm
use $_POST['user'] instead of $_POST['submit']