|
|
| |||||||
| Notices |
| mySQL & PHP Discussions, information and help with mySQL and PHP. |
 |
| | LinkBack | Thread Tools |
|
#1
07-09-2008, 07:45 AM
| |||
| |||
I have created a test login page so that once a user logs in with correct credentials he/she should be directed to the main page. The log in page is at: www.studykitchen.com/login.php The main page page is at: www.studykitchen.com/main.php I am collecting the data from the log in page and processing it in authenticate page with the following code: www.studykitchen.com/authenticate.php The code is executing without any errors and I am getting the message, "Log in successful" but it is not redirecting to the main page. I have highlighted the line that I think is responsible for this malfunction. Please help. The code that I am using is: <?php foreach ($_POSTas$key=>$value){ if ($key!="submit"){ $value =htmlentities(stripslashes(strip_tags($value ))); echo "\t<input type=\"hidden\" name=\"$key\" value=\"$value\">\n"; } } $errorMessage = ''; if (isset($_POST['Email']) && isset($_POST['Password'])) { $db_host = "localhost"; $db_user = "XXXXX_YYYYY"; $db_password = "AAAAAA"; $db_name ="BBBBB_CCCCC"; $db = mysql_connect($db_host, $db_user, $db_password); if ($db == FALSE){ $error = "Could not connect to the Database Server. Please check user details. Error = ". mysql_error(); exit ($error); } echo "Completed DB connection"; mysql_select_db($db_name, $db); if (!mysql_select_db($db_name, $db)) { $error = "Could not select Database. Please check user details. Error = ". mysql_error(); exit ($error); } echo "Completed DB selection"; $userId = $_POST['Email']; $password = $_POST['Password']; // check if the user id and password combination exist in database $sql = "SELECT Email FROM UserDetails WHERE Email = '$userId' AND Password = '$password'"; $result = mysql_query($sql, $db); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['db_is_logged_in'] = true; echo "Log in successful"; // after login we move to the main page header( "Location: http://www.studykitchen.com/main.php"); exit; } else { $errorMessage = 'Sorry, wrong user id / password'; } mysql_close($db); } ?>          |
|
#2
07-09-2008, 09:26 AM
| ||||
| ||||
Hey, First of all your session isn't going to work, you need to add PHP Code: As for the redirect issue, you can't use header() if they has been any previous output (all of the echo's). You need to do something like reordering your logic, or saving any output into a variable and displaying it at a certain point toward the end of your file. Lastly, I don't know how secure your site needs to be, but using a simple flag to determine is the user is logged in is not a good idea and you should encrypt the password. You should re-validate if the user is logged in on each and every page they load, which means storing the username and password (encrypted of course) in the session. Hope that helps
__________________ Register/Login Script Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script |
|
#3
07-10-2008, 05:02 PM
| |||
| |||
Watdaflip, Thanks for your help. I could resolve the redirect issue with your guidance. I do like your suggestion about storing the encrypted username and password in every session and revalidating it in every page. However, I am new to programing in PHP and don't yet know how to encrypt those two variables and implement your suggestion. Any advice will be highly appreciated. Again thanks a lot for helping me resolve the page redirect issue. Regards |
|
#4
07-10-2008, 08:00 PM
| ||||
| ||||
All you have to do to encrypt is use a function (two best are md5() and sha1()). So for instance say you have PHP Code: PHP Code:
__________________ Register/Login Script Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script |
|
#6
07-11-2008, 12:05 AM
| |||
| |||
Watdaflip, I followed your suggestion and wrote the following code but not getting the desired results. Obviously I am doing something wrong. The code for the login page is: <?php session_start(); if (isset($_POST['Email']) && isset($_POST['Password'])) { $db_host= "localhost"; $db_user = "XXXX_YYYY"; $db_password = "ZZZZ"; $db_name ="XXXX_StudyKitchenData"; $db = mysql_connect($db_host, $db_user, $db_password); mysql_select_db($db_name, $db); $userId = $_POST['Email']; $password = $_POST['Password']; $sql = "SELECT Email FROM UserDetails WHERE Email = '$userId' AND Password = '$password'"; $result = mysql_query($sql, $db); if (mysql_num_rows($result) == 1) { $_SESSION['userId'] = $userId; $_SESSION['password']= $password; header("Location: http://www.studykitchen.com/main.php"); exit; } else { echo'Sorry, wrong user id / password'; } mysql_close($db); } ?> This code works fine and takes me to the main page if I provide the correct credentials. But if I change the highlighted lines to the following then it doesn't take me to the main page but remains on the login page itself: $_SESSION['userId'] = md5($userId); $_SESSION['password']= md5($password); For the main page I am using the following code: <?php session_start(); $userId = $_SESSION['userId']; $password = $_SESSION['password']; $db_host= "localhost"; $db_user = "XXXX_YYYY"; $db_password = "ZZZZ"; $db_name ="tuwipwa_StudyKitchenData"; $db = mysql_connect($db_host, $db_user, $db_password); mysql_select_db($db_name, $db); $sql = "SELECT Email FROM UserDetails WHERE Email = '$userId' AND Password = '$password'"; $result = mysql_query($sql, $db); if(mysql_num_rows($result) != 1){ unset($_SESSION['userId'], $_SESSION['password']); // clear bad username/password from session; header("location:http://www.studykitchen.com/login.php"); // redirect for them to login again } ?> But this is doing no good as I can enter the main page without going through the login page so the session is not being maintained. Please help. |
Log In Authentication 
