Php login script redirect

joe2

Hi,
i have made simple login script. It is working fine on my local machine winXp. but it is not working properly at webserver i.e. also WinNT.

I hv created verify.php

<? session_start();
include('connection.php');
global $link;
$uid=trim($POST['username']);
$pass=trim($POST['password']);
$sql="select uid,pass from login_info where uid='". $uid. "' and pass='". $pass ."'";
$result=mysql_query($sql,$link);
$num_rows=mysql_num_rows($result);
if ($num_rows=="0"){
header("Location: http://www.mydomain.com/cp/index.php?err=2");
}
else
{
$SESSION['loggedin']=true;
$SESSION['login']="ok";
header("Location: http://www.mydomain.com/cp/protectedpage.php");
}

And check.php to check whether user has been logged in or not.

check.php
<? session_start();
if ($_SESSION['loggedin']==false){
header("Location: http://www.mydomain.com/cp/index.php");
}
?>

I have included with <? include('check.php') ?> to all my protected page.

But when i logged in with my correct username and password , it does not redirect to protected page. If i remove check.php , then it redirect to protected page.

Why it is not redirecting to protected page with correct username and password.

Please advice.

Thanks in advance.

LarsLai

hi!
Looks ok to me, so are you sure there is everything alright with your query to check username and password?
try:

$result=mysql_query($sql,$link)
 or die("error in query: " . $sql . ", error message: " . mysql_error());

and echo your results to make sure it works.
If that does not solve your problem, just write again.. bye

joe2

Thanks for reply.

Mysql query is not throwing any error.
Any further suggestion would be appreciated.

LarsLai

so have you echoed $_SESSION['loggedin'] in order to see if it is true or false
after you entered username and password?
and perhaps you have to change

if ($num_rows=="0")

if ($num_rows==0)

joe2

I have written
if ($num_rows=="0")

When i tried to echo $_SESSION['loggedin'] . it could not haapen, because it is redirecting to the first page i.e. index.php where user enters username and password (with the correct username and password, it should redirect to protected page).

When i remove check.php then it echoed the $_SESSION['loggedin'] value.

Thanks

LarsLai

Originally posted by joe2
I have written
if ($num_rows=="0")

change it to my suggested line in my previous post

When i tried to echo $_SESSION['loggedin'] . it could not haapen, because it is redirecting to the first page i.e. index.php where user enters username and password (with the correct username and password, it should redirect to protected page).

well, remove your header and have a look at the echo. If it does not return 'true'
then there is something wrong with your username/password-validation
and not with your check.php

joe2

Thanks for your kind support.

When i made comment header in verify.php ,it shown the $_SESSION['loggedin'] value 1. Then i remove comment tag on header of the verify.php . it worked. But when i cleared IE cache and history. the same problem arised again.

In netscape 7.02, some times i have got an alert saying "URL Redirection limit exceeded"

LarsLai

just had another look at your if expression:

if ($_SESSION['loggedin']==false)

perhaps you should use

if ($_SESSION['loggedin'] != 1)
 header("Location: no_access.php");
else
 header("Location: access.php");

And instead of

$_SESSION['loggedin']=true;

make

$_SESSION['loggedin']=1;