Login

bschwarz

I'm having trouble with a script that I see as simple 😐
I'm only trying to make it so that if you are correct, you are moved to the index.php page, if you are admin authorised, you go to /admin... although if your username is non existant the script does nothing....

any better methods are welcomed with open arms anyway, but if anyone is able to sort this out I'll be double happy.
I'd like to know what I'm screwing up.

cheers.

<?
	if(isset($HTTP_GET_VARS['action'])){
		$action = $HTTP_GET_VARS['action'];
		switch($action){
			case "logout":
				session_start();
				session_unregister('user');
				if(!headers_sent()){
					header("Location: index.php");
				}
				exit;
		}
	}

include("include.php");
$query = "SELECT username, password, auth FROM users";
$result = MYSQL_QUERY($query, $conn);
if(!$result){
	die(MYSQL_ERROR());
}

while(list($username, $password, $auth) = MYSQL_FETCH_ARRAY($result)){
	if($username == $_POST['user']) {
		if($password == $_POST['pass']){
				session_start();
	        		session_register("user");
	        		$user = $username;
	        		if($auth == "admin"){
	        			header("Location: admin/");
	        		}else{
	        			if($_SESSION['location']){
	        				header("Location: " . $_SESSION['location']);
	        			}else{
	         				header("Location: index.php");
	         			}
	        		}
		}else{
			header("Location: login.php");
		}
  	}else{
  		header("Location: login.php");
  	}
}
?>

bad76

              }else{ 
                header("Location: login.php"); 
            } 
          }else{ 
              header("Location: login.php"); 
          }

May be this the problem. Ir you aren't the first user in db you are
always respawn at login.php.

You can do two thing:
one, to change query:
$query = "SELECT username, password, auth FROM users WHERE username=$user";
this give you always just one row.

two, to remove "else" and check after while if header is already set.

i hope this help you...

bschwarz

I have edited the script to what is shown below, it still causes wierd problems, now if the username/password is correct it just hangs on the processing script page.. no header redirection, no sessions appear to write.

If you get the wrong username you are then redirected to the login.php page.

<?
	if(isset($HTTP_GET_VARS['action'])){
		$action = $HTTP_GET_VARS['action'];
		switch($action){
			case "logout":
				session_start();
				session_unregister('user');
				if(!headers_sent()){
					header("Location: index.php");
				}
				exit;
		}
	}

include("include.php");
$query = "SELECT password, auth FROM users WHERE username = '$_POST[user]'";
$result = MYSQL_QUERY($query, $conn);
if(!$result){
	die(MYSQL_ERROR());
}

$count = MYSQL_NUM_ROWS($result);
list($password, $auth) = MYSQL_FETCH_ARRAY($result);

if($count == 0){
	// no username of $_POST['user']
	header("Location: login.php");
}else{
	if($password == $_POST['pass']){
		session_start();
	        session_register("user");
	        $user = $username;
	        if($auth == "admin"){
	        	header("Location: admin/");
	        }else{
	        	header("Location: index.php");
		}
	}
}

?>

bschwarz

bump^
This is still unresolved, could someone even show me how they might do thier login scripts?

Thanks for reading.