Headers
Posted: Wed Apr 01, 2009 7:12 pm
Hi, I'm pretty new to PHP. I am trying to create a site that takes in a person's username and password. Checks to see if the account exists in the database, and then obtains the user's level (fldUserLevel) to determine which website to send them to. Here is the code I have :
However the header function is not working the way I have it. Any ideas?
Code: Select all
<?php
// initialize my variables
$userName="";
$passWord="";
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// if form has been submitted, validate the information
if (isset($_POST["cmdLogIn"])){
include ("validation_functions.php");
$url="http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
if(!formOK($url)){
die("<p>I am sorry there has been a problem</p>");
}
// initialize my variables to the forms posting
$userName = $_POST["userName"];
$passWord = $_POST["passWord"];
// initialize my variables to the forms posting
$userName = htmlentities($_POST["userName"], ENT_QUOTES);
$passWord = htmlentities($_POST["passWord"], ENT_QUOTES);
$errorMsg=array();
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// begin testing each form element
if($userName==""){
$errorMsg[]="Please enter your username";
} elseif (!verifyAlphaNum ($userName)){
$errorMsg[]="Your Username must be letters and numbers only.";
}
if($passWord==""){
$errorMsg[]="Please enter your password";
} elseif (!verifyAlphaNum ($passWord)){
$errorMsg[]="Your password must be letters and numbers only.";
}
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
if($errorMsg){
echo "<ul>\n";
foreach($errorMsg as $err){
echo "<li style='color: #ff6666'>" . $err . "</li>\n";
}
echo "</ul>\n";
} else {
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// form is valid now we need to save information to the database
// encrypt the password and add slashes if needed
$passWord = md5($passWord);
if (!get_magic_quotes_gpc()) {
$userName = addslashes($userName);
$passWord = addslashes($passWord);
}
$timeStamp = time();
$sql = "SELECT fldUserLevel FROM ";
$sql .="tblUsers WHERE ";
$sql .= "fldUserName='" . htmlentities($_POST['userName']) . "' and ";
$sql .= "fldpassWord='" . $passWord . "';";
//print "<p>SQL: " . $sql;
//reset values in case we redisplay form
$passWord=htmlentities($_POST["passWord"], ENT_QUOTES);
include("connect.inc");
//check to see if you will have any records
$results = $myDatabase->select($sql);
if($results){
$userLevel = $results[0]['fldUserLevel'];
print "<p>userLevel: " . $userLevel;
if($userLevel=0){
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/god.php');
}elseif($userLevel=3){
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/manager.php');
}elseif($userLevel=6){
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/member.php');
}
} else {
print "<p>The username and password you entered is invalid.</p>";
}
}
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Log In</legend>
<label for="userName">Username:</label>
<input type="text" name="userName" maxlength="60" value="<? print $userName; ?>" />
<br />
<label for="passWord">Password:</label>
<input type="password" name="passWord" maxlength="10" value="<? print $passWord; ?>" />
<br />
<input type="submit" name="cmdLogIn" value="Log In" />
</fieldset>
</form>