this one sends me to a crazy ass address. the address you put in the header/location was tacked onto the end of my website address. and no sign of .$page in the address barEverah wrote:Code: Select all
<?php mysql_connect($host, $username, $password)or die("cannot connect"); mysql_select_db($db_name)or die("cannot select DB"); // check our needed post array vars if (isset($_POST['username']) && isset($_POST['pass'])) { // Assign them as needed $myusername = $_POST['username']; $mypassword = $_POST['pass']; // Query with the data $sql = "SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'"; // Error check to make sure we are clean if (!$result = mysql_query($sql)) { die('Could not execute the query:' . $sql . ' because ' . mysql_error()); } // Find out how many results were returned $count = mysql_num_rows($result); // If there are results... if ($count) { // If there is one result only, set some vars if($count==1) { $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; // And send them home header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page); exit; } else { // This means there were more than one returns die('Data return was not in the appropriate context.'); } } else { // This means there were none returns die('Your information was not found'); } } else { // The form was not posted echo 'the form was not posted.'; } ?>
PHP login help!
Moderator: General Moderators
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Change this:
to
And see if the results are different.
Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page);
?>Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
?>well that works better. takes me to the same page but still no sign of .$page...Everah wrote:Change this:toCode: Select all
<?php header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page); ?>And see if the results are different.Code: Select all
<?php header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); ?>
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Humor me for a second, will you? Replace this
with this
Run the page and post back what is spit out to the screen.
Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
?>Code: Select all
<?php
//header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
echo $page . ' is the page name<br />';
echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page;
exit;
?>Everah wrote:Humor me for a second, will you? Replace thiswith thisCode: Select all
<?php header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); ?>Run the page and post back what is spit out to the screen.Code: Select all
<?php //header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); echo $page . ' is the page name<br />'; echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page; exit; ?>
Notice: Undefined variable: page in ....checklogin.php on line 41
is the page name
Notice: Undefined variable: page in ....checklogin.php on line 42
Link to go to is http://www.mysite.com/
in somebody's earlier code i copied and pasted $page isn't set anymore
This is my new code...
Code: Select all
<?php
$host="///.com"; // Host name
$username="///"; // Mysql username
$password="///"; // Mysql password
$db_name="///"; // Database name
$tbl_name="///"; // Table name
error_reporting(E_ALL);
ini_set('display_errors', true);
if ( !isset($_POST['username'], $_POST['pass']) ) {
die('missing login parameter');
}
$mysql = mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name, $mysql)or die("cannot select DB");
$myusername=mysql_real_escape_string($_POST['username'], $mysql);
$mypassword=mysql_real_escape_string($_POST['pass'], $mysql);
$sql="SELECT
Username
FROM
$tbl_name
WHERE
Username='$myusername'
AND Password='$mypassword'
LIMIT
1";
$result=mysql_query($sql) or die(mysql_error());
$dbarray = mysql_fetch_array($result);
if ( false===$dbarray ) {
header("location:http://www.mysite/index.php?badlogin=true");
die();
}
else {
session_start();
$_SESSION['myusername'] = $_POST['username'];
echo $page . ' is the page name<br />';
echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page;
die();
}
?>- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
You need to check that $_SESSION['myusername'] is set and non-empty in http://whataver/$page, otherwise the whole login process would be void. You also need to specify when a person is logged out and is denied access to the page.