Page 3 of 3

Posted: Mon Mar 12, 2007 4:41 pm
by jamiller
Everah wrote:

Code: Select all

<?php
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

// check our needed post array vars
if (isset($_POST['username']) && isset($_POST['pass']))
{
    // Assign them as needed
    $myusername = $_POST['username'];
    $mypassword = $_POST['pass'];
    
    // Query with the data
    $sql = "SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
    
    // Error check to make sure we are clean
    if (!$result = mysql_query($sql))
    {
        die('Could not execute the query:' . $sql . ' because ' . mysql_error());
    }
    
    // Find out how many results were returned
    $count = mysql_num_rows($result);
    
    // If there are results...
    if ($count)
    {
        // If there is one result only, set some vars
        if($count==1)
        {
            $_SESSION['myusername'] = $myusername;
            $_SESSION['mypassword'] = $mypassword;
            
            // And send them home
            header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page);
            exit;
        }
        else
        {
            // This means there were more than one returns
            die('Data return was not in the appropriate context.');
        }
    }
    else
    {
        // This means there were none returns 
        die('Your information was not found');
    }
}
else
{
    // The form was not posted
    echo 'the form was not posted.';
}
?>
this one sends me to a crazy ass address. the address you put in the header/location was tacked onto the end of my website address. and no sign of .$page in the address bar

Posted: Mon Mar 12, 2007 4:48 pm
by RobertGonzalez
Change this:

Code: Select all

<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page); 
?>
to

Code: Select all

<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); 
?>
And see if the results are different.

Posted: Mon Mar 12, 2007 4:56 pm
by jamiller
Everah wrote:Change this:

Code: Select all

<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page); 
?>
to

Code: Select all

<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); 
?>
And see if the results are different.
well that works better. takes me to the same page but still no sign of .$page...

Posted: Mon Mar 12, 2007 5:04 pm
by RobertGonzalez
Humor me for a second, will you? Replace this

Code: Select all

<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); 
?>
with this

Code: Select all

<?php
//header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); 
echo $page . ' is the page name<br />';
echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page; 
exit;
?>
Run the page and post back what is spit out to the screen.

Posted: Mon Mar 12, 2007 5:16 pm
by jamiller
Everah wrote:Humor me for a second, will you? Replace this

Code: Select all

<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); 
?>
with this

Code: Select all

<?php
//header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page); 
echo $page . ' is the page name<br />';
echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page; 
exit;
?>
Run the page and post back what is spit out to the screen.

Notice: Undefined variable: page in ....checklogin.php on line 41
is the page name

Notice: Undefined variable: page in ....checklogin.php on line 42
Link to go to is http://www.mysite.com/

in somebody's earlier code i copied and pasted $page isn't set anymore

Posted: Mon Mar 12, 2007 5:19 pm
by jamiller
This is my new code...

Code: Select all

<?php
$host="///.com"; // Host name
$username="///"; // Mysql username
$password="///"; // Mysql password
$db_name="///"; // Database name
$tbl_name="///"; // Table name

error_reporting(E_ALL);
ini_set('display_errors', true);

if ( !isset($_POST['username'], $_POST['pass']) ) {
  die('missing login parameter');
}

$mysql = mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name, $mysql)or die("cannot select DB");

$myusername=mysql_real_escape_string($_POST['username'], $mysql);
$mypassword=mysql_real_escape_string($_POST['pass'], $mysql);

$sql="SELECT
    Username
  FROM
    $tbl_name
  WHERE
    Username='$myusername'
    AND Password='$mypassword'
  LIMIT
        1";

$result=mysql_query($sql) or die(mysql_error());
$dbarray = mysql_fetch_array($result);

if ( false===$dbarray ) {   
	header("location:http://www.mysite/index.php?badlogin=true");
  die();
}
else {
  session_start();
  $_SESSION['myusername'] = $_POST['username'];
    echo $page . ' is the page name<br />';
	echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page; 
	die();
}
?>

Posted: Mon Mar 12, 2007 5:29 pm
by RobertGonzalez
I'm still not seeing page. The reason my code wasn't working for you was because $page was not set.

Posted: Mon Mar 12, 2007 6:29 pm
by Mordred
You need to check that $_SESSION['myusername'] is set and non-empty in http://whataver/$page, otherwise the whole login process would be void. You also need to specify when a person is logged out and is denied access to the page.