Page 1 of 1

Wtf is wrong with this script...

Posted: Fri Dec 19, 2008 11:24 pm
by xQuasar
I'm having a bad day. I've made login scripts before, but this one is JUST FAILING.

It's supposed to redirect you to usercp.php when you get logged in, and usercp.php has a logged_in check, so that if you're not logged in but try to access it, you get redirected to the login page. However, what happens is when you login, the login script sends you to usercp.php but for some reason usercp.php's logged in check seems to think that you're NOT logged in and sends you back to login.php... looping over and over again until firefox gives me the looping error.

Login.php:

Code: Select all

<?php
session_start();
 
$errorMessage = '';
if ($_SESSION['logged_in'] == true) {
    header('Location: usercp.php');
    }
elseif (isset($_POST['name']) && isset($_POST['password'])) {
   include 'mysql/login.php';
   include 'mysql/open.php';
 
   $name = $_POST['name'];
   $password = $_POST['password'];
   $pass = sha1($password);
 
   // check if the user id and password combination exist in database
   $sql = "SELECT `name` FROM `accounts` WHERE `name` = '$name' AND `password` = ('$pass')";
 
   $result = mysql_query($sql) or die('Query failed. ' . mysql_error());
 
   if (mysql_num_rows($result) == 1) {
   $_SESSION['logged_in'] = true;
   $_SESSION['name'] = $name;
 
      // after login we move to the main page
      header('Location: usercp.php');
      exit;
   } else {
      $errorMessage = 'Sorry, wrong name & password combination. Remember your password is case-sensitive.';
      echo "$errorMessage";
   }
 
   include 'mysql/close.php';
} else {
include 'top.php';
?>
<div id="main">
    <div id="right">
        <div class="box">
             <div class="box2">
            <h4><a>DestinyMS Login</a></h4><br />
            <p>
            <br />
            <form method="post" name="login" id="login"><center>Username:</center>
            <br />
                <center><input name="name" type="text" id="name" size="14" maxlength="14"></center>
                <br />
                <center>Password:</center>
                <br />
                <center><input name="password" type="password" id="password" size="14" maxlength="14"></center>
                <br />
                <center><input type="submit" name="login" value="Login"></center>
                <br /><br />
                <center>
                <a href="contact.php"><font color="blue" size="1">Forgot Password?</font></a>
                <br />
                <a href="register.php"><font color="blue" size="1">Register</font></a>
                </center>
            </form><br />
                  <br /></p>
                  </div></div></div>
 
 
<?php
include 'sidebar.php';
?>
</div>
<?php 
include 'footer.php'; 
}
?>
 
</body>
</html>
 
usercp.php:

Code: Select all

<?php
if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) {
    header('Location: login.php');
} else {
include 'top.php';
?>
 <div id="main">
    <div id="right">
        <div class="box">
             <div class="box2">
            <h4><a>DestinyMS User Control Panel</a></h4><br />
            <p>Welcome to the user cp. It is still being completed.</p>
  <br />
                  - Quasar </p>
                </div></div>        
                
    </div>
    
<?php
include 'sidebar.php';
?>
</div>
<?php
include 'footer.php';
}
?>
</body>
</html>
FireFox error:
Redirect Loop

Redirection limit for this URL exceeded. Unable to load the requested page.

Re: Wtf is wrong with this script...

Posted: Fri Dec 19, 2008 11:28 pm
by watson516
You have to session_start() in that second script before you use a SESSION variable.

Re: Wtf is wrong with this script...

Posted: Sat Dec 20, 2008 1:32 am
by RobertGonzalez
You might also need to call session_write_close before redirecting to allow the session to actually write itself.