Page 1 of 1
User Auth and Redirect
Posted: Thu Nov 14, 2002 7:40 pm
by sirrusdi
Hi!
I am trying to do a log-in script for clients to check out their under development web page. Here is the url:
http://clients.sirrusdigital.com but it doesn;t redirect. i don't even know if it is authing the user. here is the code.
<?php
include("conf.php");
if($submit) {
$mysql = mysql_connect ("$host","$user", "$pass");
mysql_select_db("$db",$mysql);
$url = mysql_query("SELECT url FROM clients WHERE (usr = $username)");
$result=mysql_query("select * from clients where usr='$username'",$mysql) or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["pass"]==$password) {
header (" Location: http://$url ");
}
}
}
?>
if you want to test the script go to
http://clients.sirrusdigital.com and enter test for the username and test for the password. It should redirect to google.com.
All help is greatly appreciated.
Posted: Thu Nov 14, 2002 7:49 pm
by MeOnTheW3
Echo out the variables you are expecting to be used:
echo $username
echo $password
echo $url
echo $submit
echo $row['pass']
and see if what is being returned is what you are expecting.
is ?username=username being passed into $username
or do you need to initialize it with $username=$HTTP_POST_VARS['username']
Posted: Thu Nov 14, 2002 7:56 pm
by sirrusdi
it gives me the database I am using and the values i enter into the text feilds. but thats it.
Posted: Thu Nov 14, 2002 8:46 pm
by volka
Posted: Thu Nov 14, 2002 9:13 pm
by sirrusdi
I read it and it helped but why won't this code work?
<?php
include("conf.php");
if($submit) {
$mysql = mysql_connect ("$host","$user", "$pass");
mysql_select_db("$db",$mysql);
$url = mysql_query(" SELECT url FROM clients WHERE usr = $_POST['username']; ");
$result=mysql_query("select * from clients where usr= $_POST['username']; ") or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["pass"]==$_POST['password']) {
header (" Location: $url ");
}
}
}
?>
Posted: Thu Nov 14, 2002 9:15 pm
by sirrusdi
PHP version is 4.2.2
Posted: Fri Nov 15, 2002 4:16 am
by volka
$url = mysql_query(" SELECT url FROM clients WHERE usr = $_POST['username']; ");
You're already in a string literal, so you must no open another for accessing the array. Try
Code: Select all
$url = mysql_query("SELECT url FROM clients WHERE usr=$_POSTїusername]");
// or
mysql_query("SELECT url FROM clients WHERE usr={$_POSTї'username']}");
// or
$url = mysql_query('SELECT url FROM clients WHERE usr='.$_POSTї'username']);
The curly brackets
pretend you're outside the literal for a moment.
While developing it might be useful to increase error_reporting to E_ALL in php.ini
unless you set
display_errors=on you have to look into the (web-)server's error.log to see error descriptions.
btw: why don't you catch only records from mysql where username
and password match. Then there is no need for the while-loop

Posted: Fri Nov 15, 2002 12:23 pm
by sirrusdi
It stilll doesn't work but I did something wrong. The error message is:
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/sirrusdi/public_html/clients/index.php on line 15
And here is my code....
<?php
include("conf.php");
if($submit) {
$mysql = mysql_connect ("$host","$user", "$pass");
mysql_select_db("$db",$mysql);
$url=mysql_query("SELECT url FROM clients WHERE usr=$_POST[username]");
$result = mysql_query("SELECT * FROM clients WHERE usr=$_POST['username']") or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["pass"]==$_POST['password']) {
header (" Location: $url");
}
}
}
echo $mysql;
?>
And can you show me the code you were talking about?
You guys can tell I am new to this. All help is great!
Posted: Mon Nov 18, 2002 2:46 am
by twigletmac
If you look at volka's post (the one above your last one) he shows you how to deal with array elements in double quoted strings, you need to apply that to the SQL statement on line 15.
Mac