Sending value with header

predator

I have created a login-system and when I check if the correct password was entered I use the following header to redirect the visitor to the next site.

header("location:admin.php?".sid);

This works well. But I wan't the header to be

header("location:admin.php?log=$kid&user=$username".sid);

but that doesn't work. Can anyone tell me why?

kevinsequeira

what is sid ???
maybe u shold post some of your code , so that we can take a look.

reg
kevin

predator

.sit sets the session-cookie as a get-string. I have experienced that it kills the cookie at times if .sid is not there.
Anyhow... I have tried to remove it but it doesn't make a difference in this case.

Here's a description of my problem:
I have created this very simple way to log in to a site.
If I log in as an admin (status=100) everything works fine and I'm redirected to admin.php.
But if I log in as a regular user (status!=100) I'm not being redirect to admin.php. So I guess that there's something wrong with the session I set for a typical user.

(You might be wondering why I'm redirecting both admin and regular users to the same page; well, if it is a regular user I send a $kid - variable... and then I load a different menu.)

<form name="form1" method="post" action="login2.php">
Username:
input type="text" name="username">
Password:
<input type="password" name="pass">
<input type="submit" value="Logga In">
<input type="reset" value="Radera">
</form>

login2.php (where I check the password, username)

<?php
session_start();
$username = $_POST['username'];
$pass = $_POST['pass'];

require("dbmanager.php");

$loginquery = "SELECT * FROM login WHERE anv='$username' AND pass = '$pass'";
$result = mysql_query($loginquery, $db_link);
$rows = mysql_num_rows($result);

for($index = 0; $index< $rows; $index++) { 
$status = mysql_result($result,$index,"status");
$kid = mysql_result($result,$index,"kid");
}

if($rows > 0 && $status == 100)
{
$_SESSION['admin'] = "admin";
$_SESSION['username'] = $username;
header("location:admin.php?".sid);
exit();
}
elseif($rows > 0 && $status != 100)
{
$_SESSION['username'] = $username;
header("location:admin.php?log=$kid&user=$username".sid);
exit();
}
else
{
echo "Fel användarnamn eller lösenord!<br>&nbsp;<br><a href=\"login.php\">[Tillbaka]</a>";
}
mysql_close($db_link);
?>

admin.php (the site that I'll be redirected to if login successful)

<?php
session_start();

if (!isset($_SESSION['admin'])) {
   header("Location: login.php");
   exit();
}

else {
   $username = $_SESSION['username'];
}
require("dbmanager.php");

?>

m_tt

Try SID (caps) or use session_id(), $_SESSION['id'] might even work, not sure though 🙂

m_tt

I use header("Location: index.php?s=" . session_id()); on one of my own scripts.

predator

[PROBLEM SOLVED]

nah, that wasn't the problem obviously.

I adjust the script slightly and... login2.php looks like this now

<?php 
   if($rows > 0) 
   { 
   $_SESSION['admin'] = "admin"; 
   $_SESSION['username'] = $username; 
   header("location:admin.php?log=$kid&user=$username".sid); 
   exit(); 
   } 
?>

I don't check the status any more, but since admins always have kid=0, I can still separate an admin from a regular poster on the admin.php page.

thanks for your support anyway.!