php wont redirect

guzmo

ok Im pretty new to php but i've been trying to get my page to redirect when I login.

The login works fine if I push the login button and then moves back one page,
so it remembers that ive logged in.
The thing is that when I push the login button I get stuck at my php script file loginexec instead of getting redirected to the index.php which is the main side.

I think it has something to do with that I send output before I use the header and my webhotell has no value at output_buffering.


<?php
	session_start();
		//details abouut my database.
	require_once('config.php');

	// checks error.
$error = false;
	// connects to the server.
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link){
		die('failed to connect to server');
	}
$db = mysql_select_db('DB_NAME',$link);
	if(!$db){
		die('Unable to connect to database');
	}


//Function to sanitize values received from the form. Prevents SQL injection

//Sanitize the POST values
$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);


if($login==''){
	$error_array = 'login ID missing. ';
	$error = true;
}
if($password==''){
	$error_array += 'password ID missin. ';
	$error = true;
}

if($error){
	$_SESSION['ERRMSG_ARR'] = $error_array;
	session_write_close();
	header("location: http://xxx.xxxxx.xx/login.php");
	flush();
	exit();
}


$sql=mysql_query("
			SELECT * FROM new_table3 
			WHERE acc='$login' 
			AND pass='".md5($password)."'
			") OR die("failed to recieve info");

$check = mysql_num_rows($sql) OR die("Error"); 

		if($check>0){
			session_regenerate_id();
			$_SESSION['account_name'] = $login;
			//if(!isset($_SESSION['page'])){
			session_write_close();
			header("location: http://xxxxxxxx.xx/index.php");
			flush();
			ob_end_flush();
			exit;

		}
		else{
			$_SESSION['ERRMSG_ARR'] = "Wrong account name or Password.";
			session_write_close();
			header('location: http://xxxxx.xx/login.php');
			exit;
		}


?>

//many thanks guzmo

bradgrafelman

Welcome to PHPBuilder! When posting PHP code (there's no need to attach it, unless you must post more code than the board allows in your post), please use the board's [noparse]

..

[/noparse] bbcode tags as they make your code much easier to read and analyze (plus no one has to download a file just to see your code).

guzmo wrote:
I think it has something to do with that I send output before I use the header

Why do you only "think" that? You should know that is the case due to the PHP error messages that are either being sent as output or logged in an error log. (Hint: You are displaying or outputting all PHP errors, right?)

In your case, the output is likely the two line breaks at the top of your script (before the opening '<?php' tag).

guzmo

thanks for the quick answer brad!

yes I am displaying all the php errors.

First I tried to remove the 2 lines at the top and that wasn't it.

I removed session_regenerate_id when the login is succesfull and then it worked 😮
might been the 2 lines at the top aswell.

The thing is now that when a user enters an invalid account name or password I get stuck at
my loginexe.

It works fine if the user leaves one or both boxes empty or if the user enter the right information.

<?php
session_start();
if(isset($_POST['submit'])){



if(isset($_SESSION['account_name'])){
		header('location: index.php');
		exit();

}

ob_start();
	//includes database connection details.
require_once('config.php');

	// checks error.
$error = false;
	// connects to the server.
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link){
		die('failed to connect to server');
	}
$db = mysql_select_db(DB_NAME,$link);
	if(!$db){
		die('Unable to connect to database');
	}


//Sanitize the POST values
$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);


if($login==''){
	$error_array = 'login ID missing. ';
	$error = true;
}
if($password==''){
	$error_array += 'password ID missin. ';
	$error = true;
}

if($error){
	session_destroy();
	session_start();
	$_SESSION['ERRMSG_ARR'] = "U have to fill in both fields :O";
	session_write_close();
	header('location: login.php');
	ob_end_flush();
	exit();

}


$sql=mysql_query("
			SELECT * FROM new_table3 
			WHERE id_acc='$login' 
			AND id_pass='".md5($password)."'
			") OR die("failed to recieve info");

$check = mysql_num_rows($sql) OR die(mysql_error()); 

		if($check>0){
			$_SESSION['account_name'] = $login;
			session_write_close();
			header('location: index.php');
			ob_end_flush();
			exit();				
		}

			mysql_close();
			unset($_POST['submit']);
			session_destroy();
			session_start();
			$_SESSION['ERRMSG_ARR'] = "Wrong account name or Password.";
			session_write_close();
			header('location: login.php');
			ob_end_flush();
			exit();

}
?>