PHP login/Redirect problems

gerryjuice

I seem to be having big problems with my login page. I am able to authenticate a user, but when i try to redirect to another page i.e. mainsession.php nothing happens. I am trying to use

header('Location: http://cs.tcd.ie/~kgleeso/arteface/mainsession.php');

Is there away to reset data that is being held temporarily by the browser, as it keeps on going into the if statement if it has being previously ran in the last few minutes.

Heres my login page.

<?php 
  session_start();
  
  session_destroy();

  $errorMessage = ''; 
  if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) {
      include("db.inc.php"); 
      mysql_connect($databaseServer,$user,$passwd) or die("Could not connect to the database.<br>".mysql_error()); 
      
    mysql_select_db($database) or die("Could not select your database.<br>".mysql_error());  
     
    $username   = $_POST['txtUserName']; 
    $password = $_POST['txtPassword']; 
	//echo $username;
	//echo $password;
    
    $sql = "SELECT userid, firstname, secondname
            FROM user 
            WHERE username = '$username' AND password = '$password'"; 
			
	//$query   = "SELECT name, type, size, content FROM upload WHERE id = '$id'"; 		
     
    $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
	list($userid, $firstname, $secondname) = mysql_fetch_array($result); 
	
	//echo $userid;
	//echo $firstname;
	//echo $secondname;
	//echo $username;
	//echo $password;
	 
    if (($userid) >= 1) { 
 	//print(We are in);
	
        //$_SESSION['userid'] = true; 
		$_SESSION['userid'] = $userid;
		print "Welcom, $_SESSION[userid]";
		
		
       //  header("Refresh: 10; url=http://cs.tcd.ie/~kgleeso/arteface/mainsession.php");
		//header('Location: http://www.google.ie'); 
       header('Location: http://cs.tcd.ie/~kgleeso/arteface/mainsession.php'); 
    // exit; 
    } else { 
        $errorMessage = 'Sorry, wrong user id / password'; 
    } 
    mysql_close(); 
} 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<?php 
if ($errorMessage != '') { 
?> 
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> 
<?php 
} 
?> 
<form action="" method="post" name="frmLogin" id="frmLogin"> 
 <table width="400" border="1" align="center" cellpadding="2" cellspacing="2"> 
  <tr> 
   <td width="150">User Name</td> 
   <td><input name="txtUserName" type="text" id="txtUserName"></td> 
  </tr> 
  <tr> 
   <td width="150">PPPassword</td> 
   <td><input name="txtPassword" type="password" id="txtPassword"></td> 
  </tr> 
  <tr> 
   <td width="150">&nbsp;</td> 
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td> 
  </tr> 
 </table> 
</form> 
</body>
</html>

louie

why do you destroy the session right after starting it?

also this :

[php]
$_SESSION = $userid;
print "Welcom, $_SESSION[userid]";
[/php]

should be
[php]
$_SESSION = $userid;
print "Welcome, ". $_SESSION;
[/php]

but why print before redirect anyway?

gerryjuice

Im trying to destroy any data currently held within then the session.
Does session_start() create a new seesion and therefore i dont need to destroy any data in it.

The code below is just to make sure im getting values into the seesion

$_SESSION['userid'] = $userid; 
        print "Welcome, ". $_SESSION['userid'];  

I need to redirect to a new page which will hold data specific to the userid held within the session

The Corinthian

If you use a redirect you cannot print anything else to the buffer or it will fail. Take your welcome message out.

gerryjuice

I commented out that line, but i am still getting the same response.

louie

take it step by step with the die() statement and see where it stop working.

Adam

Here you are:

[php]
<?php

session_destroy();

$errorMessage = '';
if (isset($_POST) && isset($_POST)) {
include("db.inc.php");
mysql_connect($databaseServer,$user,$passwd) or die("Could not connect to the database.<br>".mysql_error());

mysql_select_db($database) or die("Could not select your database.<br>".mysql_error());

$username = $_POST;
$password = $_POST;

$sql = "SELECT userid, firstname, secondname
FROM user
WHERE username = '$username' AND password = '$password'";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$row=mysql_fetch_array($result) or die("There was an error with the database.");

$userid=$row;

if (($userid) >= 1) {

//REGISTER YOUR $_SESSION's HERE
//i.e.
//
//session_start();
//
//session_register("userid");
// session_register("username");

//$_SESSION = $row;
//$_SESSION = $row;

header('Location: http://cs.tcd.ie/~kgleeso/arteface/mainsession.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
mysql_close();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Name</td>
<td><input name="txtUserName" type="text" id="txtUserName"></td>
</tr>
<tr>
<td width="150">PPPassword</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150"> </td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
[/php]

hearmeroar

oops

gerryjuice

Hey Mirror thanks for the code above .
By registering the session inside the if statement

if (($userid) >= 1)

it solved my problems of previously enter data being stored in the browser.
Still seem to be having problems redirecting. I can redirect with the following code.

if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) { 
header('Location: readback.php'); 
}

But as make the following changes nothing happens

if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) { 
include("db.inc.php"); 
mysql_connect($databaseServer,$user,$passwd) or die("Could not connect to the database.<br>".mysql_error()); 
mysql_select_db($database) or die("Could not select your database.<br>".mysql_error());  
header('Location: readback.php'); 
mysql_close(); 
}

It doesnt matter if i put mysql_close(); before header('Location: readback.php');
Any Ideas really appreciated.

louie

try this way:
[php]
if (isset($_POST) && isset($_POST)) {
include("db.inc.php");
mysql_connect($databaseServer,$user,$passwd) or die("Could not connect to the database.<br>".mysql_error());
mysql_select_db($database) or die("Could not select your database.<br>".mysql_error());

//get the result here and set to true if exist

//redirect
ob_end_clean();
mysql_close();
header("Location: readback.php");
exit();
}

[/php]

Adam

This code works perfectly, I've tested it on my localhost, obviously with a different db so you'll have to amend that. The only problem is will there definitely be a registered session when someone gets to that page? Because if there isn't they'll get an ugly session register error message.

[php]
<?php

$errorMessage = '';
if (isset($_POST) && isset($_POST)) {

mysql_connect("localhost" ,"root" ,"root") or die("Could not connect to the database.<br>".mysql_error());

mysql_select_db("ed_news") or die("Could not select your database.<br>".mysql_error());

$username = $_POST;
$password = $_POST;

$sql = "SELECT user_id, user_firstname, user_lastname
FROM tbl_user
WHERE user_name = '$username' AND user_password = '$password'";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$row=mysql_fetch_array($result) or die("There was an error with the database.");

$userid=$row;

if (($userid) >= 1) {

//REGISTER YOUR $_SESSION's HERE
//i.e.
//
session_start();
//
session_register("userid");
session_register("username");

$_SESSION = $row;
$_SESSION = $row;

header('Location: http://cs.tcd.ie/~kgleeso/arteface/mainsession.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
mysql_close();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}

session_destroy();
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Name</td>
<td><input name="txtUserName" type="text" id="txtUserName"></td>
</tr>
<tr>
<td width="150">PPPassword</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150"> </td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
[/php]

gerryjuice

Hey Mirrow, you code works Thanks for your help
It turns out the line

include("db.inc.php");  

Was causing the problem. All i was using it for was to store global variables for my database connections.
Anyway thanks for all your help lads/lassies.

Adam

No problems!