Page 1 of 1

Login PHP Problems

Posted: Sat Jan 20, 2007 9:22 am
by gerryjuice
I seem to be having big problems with my login page. I am able to authenticate a user, but when i try to redirect to another page i.e. mainsession.php nothing happens. I am trying to use

Code: Select all

header('Location: http://cs.tcd.ie/~kgleeso/arteface/mainsession.php');
Is there away to reset data that is being held temporarily by the browser, as it keeps on going into the if statement if it has being previously ran in the last few minutes.

Heres my login page.

Code: Select all

<?php 
  session_start();
  
  session_destroy();

  $errorMessage = ''; 
  if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) {
      include("db.inc.php"); 
      mysql_connect($databaseServer,$user,$passwd) or die("Could not connect to the database.<br>".mysql_error()); 
      
    mysql_select_db($database) or die("Could not select your database.<br>".mysql_error());  
     
    $username   = $_POST['txtUserName']; 
    $password = $_POST['txtPassword']; 
	//echo $username;
	//echo $password;
    
    $sql = "SELECT userid, firstname, secondname
            FROM user 
            WHERE username = '$username' AND password = '$password'"; 
			
	//$query   = "SELECT name, type, size, content FROM upload WHERE id = '$id'"; 		
     
    $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
	list($userid, $firstname, $secondname) = mysql_fetch_array($result); 
	
	//echo $userid;
	//echo $firstname;
	//echo $secondname;
	//echo $username;
	//echo $password;
	 
    if (($userid) >= 1) { 
 	//print(We are in);
	
        //$_SESSION['userid'] = true; 
		$_SESSION['userid'] = $userid;
		print "Welcom, $_SESSION[userid]";
		
		
       //  header("Refresh: 10; url=http://cs.tcd.ie/~kgleeso/arteface/mainsession.php");
		//header('Location: http://www.google.ie'); 
       header('Location: http://cs.tcd.ie/~kgleeso/arteface/mainsession.php'); 
    // exit; 
    } else { 
        $errorMessage = 'Sorry, wrong user id / password'; 
    } 
    mysql_close(); 
} 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<?php 
if ($errorMessage != '') { 
?> 
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> 
<?php 
} 
?> 
<form action="" method="post" name="frmLogin" id="frmLogin"> 
 <table width="400" border="1" align="center" cellpadding="2" cellspacing="2"> 
  <tr> 
   <td width="150">User Name</td> 
   <td><input name="txtUserName" type="text" id="txtUserName"></td> 
  </tr> 
  <tr> 
   <td width="150">PPPassword</td> 
   <td><input name="txtPassword" type="password" id="txtPassword"></td> 
  </tr> 
  <tr> 
   <td width="150">&nbsp;</td> 
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td> 
  </tr> 
 </table> 
</form> 
</body>
</html>

Posted: Sat Jan 20, 2007 1:46 pm
by Ollie Saunders
You definitely don't want session_destroy() in there. So remove that.
Could you explain what is happening exactly as a sequence of events, thanks.

Posted: Sat Jan 20, 2007 1:56 pm
by Mightywayne
If it's anything like, "headers already sent", delete all the excess spaces and lines from the script. A line, like


That. And spaces like the spacebar.

Also,

Code: Select all

print "Welcom, $_SESSION[userid]";
You made a typo. :3 Welcome*

Posted: Sat Jan 20, 2007 3:54 pm
by daedalus__
always wrap array keynames in quotes!

echo "Welcome, $_SESSION['userid']";

Posted: Sat Jan 20, 2007 7:05 pm
by feyd
Mixing variables and strings isn't for the light-hearted. ;)

http://php.net/language.types.string

header already.....error

Posted: Sun Jan 21, 2007 6:42 am
by tamu
try using ob_start();and ob_end_flush();

Posted: Sun Jan 21, 2007 8:09 am
by feyd
Output buffering is a band-aid approach to solving header problems. Fix the errors, don't hide them.

The same goes for E_NOTICE being turned off.

Posted: Sun Jan 21, 2007 8:44 am
by gerryjuice
By registering the session inside the if statement

Code: Select all

if (($userid) >= 1)
it solved my problems of previously enter data being stored in the browser.
Still seem to be having problems redirecting. I can redirect with the following code.

Code: Select all

if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) { 
header('Location: readback.php'); 
}
But as make the following changes nothing happens

Code: Select all

if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) { 
include("db.inc.php"); 
mysql_connect($databaseServer,$user,$passwd) or die("Could not connect to the database.<br>".mysql_error()); 
mysql_select_db($database) or die("Could not select your database.<br>".mysql_error());  
header('Location: readback.php'); 
mysql_close(); 
}
It doesnt matter if i put mysql_close(); before header('Location: readback.php');
Any Ideas really appreciated.

Posted: Sun Jan 21, 2007 9:04 am
by Mohamed
gerryjuice wrote:By registering the session inside the if statement

Code: Select all

if (($userid) >= 1)
it solved my problems of previously enter data being stored in the browser.
Still seem to be having problems redirecting. I can redirect with the following code.

Code: Select all

if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) { 
header('Location: readback.php'); 
}
But as make the following changes nothing happens

Code: Select all

if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) { 
include("db.inc.php"); 
mysql_connect($databaseServer,$user,$passwd) or die("Could not connect to the database.<br>".mysql_error()); 
mysql_select_db($database) or die("Could not select your database.<br>".mysql_error());  
header('Location: readback.php'); 
mysql_close(); 
}
It doesnt matter if i put mysql_close(); before header('Location: readback.php');
Any Ideas really appreciated.
I think the problem is, you can't connect to the database so mysql_connect or mysql_select_db generates error and outputs the error. so you can't redirect because headers have been sent.

Posted: Mon Jan 22, 2007 6:56 am
by gerryjuice
It turns out by taking out the line

Code: Select all

include("db.inc.php");
And hardcoding the values in it works :D :D . I was only using the file to declare global variables for connecting to the database. :?:
Anyway thanks for your help lads/lassies.