Login and then redirect problem

sdm

Can anyone help me ?

What I am trying to achieve is depending on what url and password a user puts in, they get redirected to a
certain page.

I have a database which is setup with the following fields:

username (holds username)
password (holds password)
redirector (holds the URL to redirect to)

I have a HTML page for the login area as detailed below:

</head>

<body>

Please enter your user details to log-in here...

Username:<input name = "username" type="text" id="username">

Password:<input name = "password" type="password" id="password">

</form>

</body></html>

The PHP code I have written by using snippets from forums is detailed below:

<?php
$Host = "localhost";
$db_user = "sdm";
$db_password = "gremlin";
$db_name = "authsystem";

#connect to MySQL

$svrConn = mysql_connect($Host, $db_user, $db_password);
if($svrConn){

#select the specified database

$db_Conn = mysql_select_db($db_name, $svrConn);
} else {
echo "Could not select database";
}
$POST['username'] = "$username";
$POST['password'] = "$password";

echo "username value: $username\n<br>";
echo "password value: $password\n<br>";
echo "<p>";

#create the query

if ($dbConn){
$strQuery = "SELECT username, password, redirector FROM users";
$strQuery .= "WHERE username = '$username'";
$strQuery .= "AND password = '$password'";

$results = mysql_query($strQuery);
$result = mysql_fetch_row($results);
if ($result) {
$custurl = $result[2];
header("Location: $custurl");
} else {
echo "No Results Returned.";
}
}
echo "<p>";
echo "$strQuery";
?>

If anyone can see why this is not working, I would be really grateful as I need to get this script
working for tomorrow if possible.

Thanks,

SDM

DeltaRho2K

How is it "not working"? Are you getting any errors?

daveyboy

a "location" header MUST be a fully qualified URL.

"../here.html" may work on some browsers, but it doesn't on all. you must use "http://www.mydomain.com/here.html".

that's usually the cuplrit when i have had problems with redirects.

sdm

The fully qualified domain name does not work either.

This is what is happening, when I put in a valid or unvalid username and password, it uses the authenticate.php and just echo's the username and password entered back to the screen. It does not go any further,

Does this help ?

Regards,

Sdm

daveyboy

now that you mention that...

it looks like you are sending output to the browser before you call header(). this will not work: you must call header() before any echo/print etc. statements, even before any blank line outside <?php ?> tags.

normally, though, PHP would throw an error if you try to send headers after output has started.

and now i see:
$POST['username'] = "$username";
$POST['password'] = "$password";

that is the wrong way round isn't it?

finally, i hope that is not your real username and password 😃

sdm

Thanks for the reply.

I've changed the line around to read:

$POST "$username" = ['username'];
$POST "$password" = ['password'];

If I want to redirect the user to a URL then, where do I need to put the Header()?

Does this code look like it should work to you? can you possibly show it as it should work if you know please.

Oh, and that is the password on the server on my local server machine only, not attached to the internet.

Thanks,

Simon.

DeltaRho2K

Change:
$POST "$username" = ['username'];
$POST "$password" = ['password'];

To:
$username = $POST['username'];
$password = $POST['password'];

Also, the redirects have to be acted on before anything is output to the browser (like HTML tags) Remember the php is processed before output is sent to the browser.

sdm

Thanks, i've changed the $_POST around now.

The thing I don't seem to be grasping is where to put the header() so it will be acted upon.

You will have to excuse me being a Biff but I don't see where I have to put it, can you copy my code and paste the header() in where it will work?

I'm desperate to get this up for tomorrow.

Thanks,

Sdm

daveyboy

Originally posted by sdm
can you copy my code and paste the header() in where it will work?

no, i won't. firstly because i'm drunk, and secondly because it's a question of general principle, not just one script. any header() or setcookie() calls MUST be executed before anything is output to the browser in any way. this includes leaving blank lines in a file before/outside <?php ?> tags.

the other thing is, PHP would normally let you know straight away with a big, fat warning that data has been output before headers, which leads me to believe that either the problem lies elsewhere or your PHP install is not entirely kosher.

i would try out your code, but as it is based on a database, i can't be bothered to set it up here.

i can tell you, though, that the following lines are incorrect:
$strQuery .= "WHERE username = '$username'";
$strQuery .= "AND password = '$password'";

they should read:
$strQuery .= " WHERE username = '$username' ";
$strQuery .= " AND password = '$password' ";

your spaces were missing. it seems that either your PHP installation is either not reporting errors, or you aren't telling us them. in either case, it will be difficult to help you.