User Auth and Redirect

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sirrusdi
Forum Newbie
Posts: 12
Joined: Thu Nov 14, 2002 7:40 pm
Location: Seattle, WA

User Auth and Redirect

Post by sirrusdi »

Hi!
I am trying to do a log-in script for clients to check out their under development web page. Here is the url: http://clients.sirrusdigital.com but it doesn;t redirect. i don't even know if it is authing the user. here is the code.

<?php

include("conf.php");


if($submit) {

$mysql = mysql_connect ("$host","$user", "$pass");
mysql_select_db("$db",$mysql);

$url = mysql_query("SELECT url FROM clients WHERE (usr = $username)");


$result=mysql_query("select * from clients where usr='$username'",$mysql) or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["pass"]==$password) {
header (" Location: http://$url ");
}
}
}

?>

if you want to test the script go to http://clients.sirrusdigital.com and enter test for the username and test for the password. It should redirect to google.com.

All help is greatly appreciated.
MeOnTheW3
Forum Commoner
Posts: 48
Joined: Wed Nov 13, 2002 3:28 pm
Location: Calgary, AB

Post by MeOnTheW3 »

Echo out the variables you are expecting to be used:

echo $username
echo $password
echo $url
echo $submit
echo $row['pass']


and see if what is being returned is what you are expecting.

is ?username=username being passed into $username
or do you need to initialize it with $username=$HTTP_POST_VARS['username']
sirrusdi
Forum Newbie
Posts: 12
Joined: Thu Nov 14, 2002 7:40 pm
Location: Seattle, WA

Post by sirrusdi »

it gives me the database I am using and the values i enter into the text feilds. but thats it.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

sirrusdi
Forum Newbie
Posts: 12
Joined: Thu Nov 14, 2002 7:40 pm
Location: Seattle, WA

Post by sirrusdi »

I read it and it helped but why won't this code work?

<?php

include("conf.php");



if($submit) {

$mysql = mysql_connect ("$host","$user", "$pass");
mysql_select_db("$db",$mysql);

$url = mysql_query(" SELECT url FROM clients WHERE usr = $_POST['username']; ");


$result=mysql_query("select * from clients where usr= $_POST['username']; ") or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["pass"]==$_POST['password']) {
header (" Location: $url ");
}
}
}

?>
sirrusdi
Forum Newbie
Posts: 12
Joined: Thu Nov 14, 2002 7:40 pm
Location: Seattle, WA

Post by sirrusdi »

PHP version is 4.2.2
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

$url = mysql_query(" SELECT url FROM clients WHERE usr = $_POST['username']; ");
You're already in a string literal, so you must no open another for accessing the array. Try

Code: Select all

$url = mysql_query("SELECT url FROM clients WHERE usr=$_POST&#1111;username]");
// or
mysql_query("SELECT url FROM clients WHERE usr={$_POST&#1111;'username']}");
// or
$url = mysql_query('SELECT url FROM clients WHERE usr='.$_POST&#1111;'username']);
The curly brackets pretend you're outside the literal for a moment.


While developing it might be useful to increase error_reporting to E_ALL in php.ini
unless you set display_errors=on you have to look into the (web-)server's error.log to see error descriptions.


btw: why don't you catch only records from mysql where username and password match. Then there is no need for the while-loop ;)
sirrusdi
Forum Newbie
Posts: 12
Joined: Thu Nov 14, 2002 7:40 pm
Location: Seattle, WA

Post by sirrusdi »

It stilll doesn't work but I did something wrong. The error message is:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/sirrusdi/public_html/clients/index.php on line 15

And here is my code....

<?php

include("conf.php");



if($submit) {

$mysql = mysql_connect ("$host","$user", "$pass");
mysql_select_db("$db",$mysql);

$url=mysql_query("SELECT url FROM clients WHERE usr=$_POST[username]");


$result = mysql_query("SELECT * FROM clients WHERE usr=$_POST['username']") or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["pass"]==$_POST['password']) {
header (" Location: $url");
}
}
}
echo $mysql;
?>

And can you show me the code you were talking about?

You guys can tell I am new to this. All help is great!
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

If you look at volka's post (the one above your last one) he shows you how to deal with array elements in double quoted strings, you need to apply that to the SQL statement on line 15.

Mac
Post Reply