Page 3 of 3
Posted: Mon Mar 12, 2007 4:41 pm
by jamiller
Everah wrote:Code: Select all
<?php
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");
// check our needed post array vars
if (isset($_POST['username']) && isset($_POST['pass']))
{
// Assign them as needed
$myusername = $_POST['username'];
$mypassword = $_POST['pass'];
// Query with the data
$sql = "SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
// Error check to make sure we are clean
if (!$result = mysql_query($sql))
{
die('Could not execute the query:' . $sql . ' because ' . mysql_error());
}
// Find out how many results were returned
$count = mysql_num_rows($result);
// If there are results...
if ($count)
{
// If there is one result only, set some vars
if($count==1)
{
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
// And send them home
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page);
exit;
}
else
{
// This means there were more than one returns
die('Data return was not in the appropriate context.');
}
}
else
{
// This means there were none returns
die('Your information was not found');
}
}
else
{
// The form was not posted
echo 'the form was not posted.';
}
?>
this one sends me to a crazy ass address. the address you put in the header/location was tacked onto the end of my website address. and no sign of .$page in the address bar
Posted: Mon Mar 12, 2007 4:48 pm
by RobertGonzalez
Change this:
Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page);
?>
to
Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
?>
And see if the results are different.
Posted: Mon Mar 12, 2007 4:56 pm
by jamiller
Everah wrote:Change this:
Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_FILENAME']) . $page);
?>
to
Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
?>
And see if the results are different.
well that works better. takes me to the same page but still no sign of .$page...
Posted: Mon Mar 12, 2007 5:04 pm
by RobertGonzalez
Humor me for a second, will you? Replace this
Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
?>
with this
Code: Select all
<?php
//header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
echo $page . ' is the page name<br />';
echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page;
exit;
?>
Run the page and post back what is spit out to the screen.
Posted: Mon Mar 12, 2007 5:16 pm
by jamiller
Everah wrote:Humor me for a second, will you? Replace this
Code: Select all
<?php
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
?>
with this
Code: Select all
<?php
//header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page);
echo $page . ' is the page name<br />';
echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page;
exit;
?>
Run the page and post back what is spit out to the screen.
Notice: Undefined variable: page in ....checklogin.php on line 41
is the page name
Notice: Undefined variable: page in ....checklogin.php on line 42
Link to go to is
http://www.mysite.com/
in somebody's earlier code i copied and pasted $page isn't set anymore
Posted: Mon Mar 12, 2007 5:19 pm
by jamiller
This is my new code...
Code: Select all
<?php
$host="///.com"; // Host name
$username="///"; // Mysql username
$password="///"; // Mysql password
$db_name="///"; // Database name
$tbl_name="///"; // Table name
error_reporting(E_ALL);
ini_set('display_errors', true);
if ( !isset($_POST['username'], $_POST['pass']) ) {
die('missing login parameter');
}
$mysql = mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name, $mysql)or die("cannot select DB");
$myusername=mysql_real_escape_string($_POST['username'], $mysql);
$mypassword=mysql_real_escape_string($_POST['pass'], $mysql);
$sql="SELECT
Username
FROM
$tbl_name
WHERE
Username='$myusername'
AND Password='$mypassword'
LIMIT
1";
$result=mysql_query($sql) or die(mysql_error());
$dbarray = mysql_fetch_array($result);
if ( false===$dbarray ) {
header("location:http://www.mysite/index.php?badlogin=true");
die();
}
else {
session_start();
$_SESSION['myusername'] = $_POST['username'];
echo $page . ' is the page name<br />';
echo 'Link to go to is http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . $page;
die();
}
?>
Posted: Mon Mar 12, 2007 5:29 pm
by RobertGonzalez
I'm still not seeing page. The reason my code wasn't working for you was because $page was not set.
Posted: Mon Mar 12, 2007 6:29 pm
by Mordred
You need to check that $_SESSION['myusername'] is set and non-empty in
http://whataver/$page, otherwise the whole login process would be void. You also need to specify when a person is logged out and is denied access to the page.