php form problem help needed

seanstuart

I try to login to admin, but when I submit form it just clears its self?
form code....

<?php
include_once("../lib/config.php");
include_once(LIB_PATH."Admin.php");

/**
 * Set the variable, which holds the error message, to an empty variable.
 */
$error = "";

if($_SERVER['REQUEST_METHOD'] == "POST"){

/**
 * Sanitize the posted data - remove any html code, if submited, remove "whote" spaces, cast to "string" data type.
 */
$admin_username = Sanitize::data($_POST['admin_username'], 'string');
$admin_password = Sanitize::data($_POST['admin_password'], 'string');

if(empty($admin_username)){
	$error = "Type your username, please!";
}elseif(empty($admin_password)){
	$error = "Type your password, please!";
}else{
	$admin_obj = new Admin();

	if($admin_obj->login($admin_username, $admin_password, &$error)){
		//the user is logged successfully, redirect him to the protected area
		header("location: index.php");
		exit;
	}
}
}

?>

<html>
<head>
	<title>Admin area</title>
	<link href="../public/style/admin_styles.css" type="text/css" rel="stylesheet" />  

</head>
<body>

<form method="post" action="login.php">
<table align="center" style="margin-top: 10%" class="base">

<tr>
	<td colspan="2" align="center" class="title">Admin Login Form</td>
</tr>

<tr>
	<td colspan="2" align="center" class="error"><?php echo $error; ?></td>
</tr>

<tr>
	<td>Username:</td>
	<td><input type="text" name="admin_username" size="25" value="<?php echo $admin_username; ?>" /></td>
</tr>

<tr>
	<td>Password:</td>
	<td><input type="password" name="admin_password" size="25" /></td>
</tr>

<tr>
	<td>&nbsp;</td>
	<td><input type="submit" name="sb1" value="Submit" /></td>
</tr>

<tr>
	<td colspan="2" style="padding-top: 30px">
		<a href="forgot_password.php" class="base_link">Forgot password?</a>
	</td>
</tr>

</table>

</form>
</body>
</html>

Kudose

By "clears itself" do you mean your submit button acts like a reset button, or the page just reloads with no noticeable change?

_uk_stuff

It might be worth printing out your POST array to confirm that your values are setting as you think.

print_r($_POST);

should do the job at the top of the script. Once you confirm that you are setting the variables I would suggest adding debug as you work your way down through the IF statement.

That way you can ensure that the variables arent getting changed by the sanitise process.

From what you are saying it would look as if the login process fails and therefore continue to load the form.

You might want to add an else section to the

if($admin_obj->login($admin_username, $admin_password, &$error)){

section to just echo out a nice simple, failed to login so continuing to load form.

So in short add some extra debug temporarily to help narrow down the problem.