refresh after change

sirTemplar

i have a page (main.php) where there is a link where users can change their password (passchange.php). the code works well but for one thing. after they successfully change their password, it echoes the success and redirects them to main.php but the problem is that they have to login again! what i want is that after the change they are logged in automatically to main.php. this is the end of the code. any help? thanks.

<?
if ($result = mysql_query($query)){ 
    echo ("Password successfully changed!<meta http-equiv=\"refresh\" content=\"2;main.php>\">"); 

} else {echo "An error occured while changing your password. Pls. go back and try again.";} 

?>

LordShryku

We'd need an understanding of how your login works. Do you have a page that handles logging in that you could just post the variables to? Do you use sessions so that you could start the session and set the session variables before redirecting them?

sirTemplar

yes i do have a login page using sessions. below is part of the page where they change password. this is also on all protected pages!

<?
session_start();  

$status = $_SESSION['username'];

if(isset($status)) {    

} 
else{  

header("Location: auth.php");  

}  

// start with setting the language 
if ($lang == 'eng') 
{ 
include"lang/eng.php"; 
} 
elseif ($lang == 'ita') 
{ 
include"lang/ita.php"; 
} 
?>

and this is part of auth.php

<?
// start session 
session_start(); 

// convert username and password from _POST or _SESSION 
if($_POST["username"]) 
{ 
  $username=$_POST["username"]; 
  $password=$_POST["password"]; 
  $lang=$_POST["lang"]; 
} 
elseif($_SESSION["username"]) 
{ 
  $username=$_SESSION["username"]; 
  $password=$_SESSION["password"]; 
  $lang=$_SESSION["lang"]; 
} 

// start and register session variables 
session_register("username"); 
session_register("password"); 
session_register("lang");

// connect to database 
include("connect.php"); 
?>

nasty_psycho

first, you shoul make the script changepasswd.php to set a cookie after a successful change of password like :

<?php
if($reslut = mysql_query($query))
{
   setcookie("blabla","bla:bla:en");
}
?>

Then in the auth php do this way :

<?php 
if(!empty($_COOKIE['blabla'])) 
{
   $vals = explode(":",$_COOKIE['blabla']);
   $username=$vals[0];
   $password=$vals[1];
   $lang=$vals[2];
}
// etc. ....
?>

Weedpacket

I'd recommend also

else{  

header("Location: auth.php");  

exit();
}

So that the script doesn't continue processing and output the contents of the page you're trying to prevent them seeing. Okay, so a well-behaved client won't bother rendering it, but the stuff is still being sent to their computer, and you don't want that, do you? The client might not be well-behaved.