Problem with PHP 4.06 and mySQL

UrbanDeveloper

Hi there,

I wonder if u guys can help me out. I have an authentication script which checks for auth. If auth is okay it redirects to the supposed page. If auth is not okay then it will redirect to an error page.

Heres what happens in 4.3.1 and 4.2.6 versions the script seen below works fine. However my webhost has 4.0.6. What happens there is that the script does not redirect when auth is okay yet it redirect when auth is not okay. Whats even funnier is that when auth is okay and it doesnt redirect it still enters the data into the userlog as if you have logged in.

My question is ...looking at the code is there anything i can change to solve this problem with my hosts environment. I tried echoing javascript and meta refresh still wont work. I dont get it how can it semi-work !!. Once i log in and it doesnt redirect. I can manually type the "authenticated page" and i can view everything. Which means that UID is registered yet it wont redirect !. Can any one lend a hand here ? and can someone explain why 4.0.6 doesnt support this code ?

Thank u !

Heres the code:

<?
session_start();
ob_start();

$sid = session_id();

if (session_is_registered("uid")) {

header("Location: intro.php?$sid");
exit();

}else{

$login = "

echo $login;

if ($op == "ds"){

$db_name = "db";
$table_name = "members";

// Connection .....
//$db ....

$sql = "SELECT * FROM $table_name
WHERE username = \"$username\" AND password = \"$password\"
";

$result = mysql_query($sql)
or die ("Can't execute query.");

$num = mysql_numrows($result);

if ($num != 0) {

$sql = "SELECT * FROM $table_name
WHERE username = \"$username\" AND password = \"$password\"
";

$result = mysql_query($sql)
or die ("Can't execute query.");

while ($row = mysql_fetch_array($result)) {

$uid = $row['uid'];
$fname = $row['firstname'];
$lname = $row['lastname'];

session_register('uid');

$result = mysql_query($sql)
or die ("Can't enter users log.");

header("Location: intro.php?$sid");
exit();
}

}else{

header("Location: error.php?$sid");
exit();

}
}
}

nnichols

The problem lies with your script logic. It shouldn't have worked on later versions either unless you had output buffering turned on.

You need to remove the "echo $login;"

Just to test that what I am saying is correct you should run the script with "error_reporting (E_ALL);" added at the top and you should get a message about being unable to send headers because output has already started.

Hope this helps 😉

UrbanDeveloper

Hi there thanks for the help....If i aint going to echo the login block which is a block of HTML then how am i going to display the page to other people ?

Anyways i changed the login block to actually have it manually echo line by line. Still that didnt happen. Infact the old procedure worked even without having Ob_start() activated. So i dont think thats the solution.

Any help people !!! Appreciate it !.

Regards

Urban Developer

nnichols

Did you try running your script, as I suggested, with "error_reporting (E_ALL);"?

EDIT:
Sorry! Didn't notice your ob_start()

nnichols

Try this. I have simplified your login script to get rid of the errors in the logic.

When you post code in future please put it between [ PHP ] and [ /PHP ] tags as it makes it loads easier to read.

<? 
session_start();
ob_start();

$sid = session_id();

if (session_is_registered("uid")) {
	header("Location: intro.php?$sid");
	exit();
	}

// give the submit button a name so you can check to see if it has been pressed
// if it has been pressed - attempt login
elseif (isset($submit)) {

$db_name = "db";
$table_name = "members";

// Connection .....
//$db ....

$sql = "SELECT *
	FROM $table_name
	WHERE username = '$username'
	AND password = '$password'";

$result = @mysql_query($sql)
	or die ('Failed to execute query.<br>MySQL error: '.mysql_error().'<br>Query: '.$sql);

if (@mysql_num_rows($result) == 1) {

$row = mysql_fetch_array($result)

$uid = $row['uid']; 
$fname = $row['firstname']; 
$lname = $row['lastname']; 

session_register('uid');

header("Location: intro.php?$sid");
exit();

} else { 

header("Location: error.php?$sid"); 
exit(); 

}
} else {
// do login form
$login = " 

login page 
"; 

echo $login; 

}
?>

UrbanDeveloper

I tried the code u gave me it didnt work at all infact my code was at least better since it recognized when a pwd didnt match the record on the db and redirected to the user to an error page.

Still can get the Authorized users to get redirected to the intro page !.

Regards,

UrbanDev

nnichols

It works fine on my server. Maybe you forgot to add a "name" attribute to your submit button for the login form.

else {
// do login form
$login = <<<ENDOF
<form name="login" action="$PHP_SELF" method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="submit" value="Login">
</form>
ENDOF;

echo $login;

}
?>