PHP Login redirect help

Soldato
Joined
28 Sep 2008
Posts
14,207
Location
Britain
Hi guys,

I'm messing about with PHP scripts and have a log in which queries the users in a database. If the user has a 1 in the table, they are admin and are directed to admin.php. If the user is the default (0) then they are directed to the normal page. But, what I can't seem to achieve is a redirect to an "opps" page if any of the above enter their details incorrectly.

Code:
<?php
session_start();

include("connect.php"); 
function clean($value) {
                if(get_magic_quotes_gpc()) $value = stripslashes($value);
                return trim(mysql_real_escape_string($value));
}

if($_POST['login'] && $_POST['username'] && $_POST['password']) {

        $username = clean($_POST['username']);

        $password = md5($_POST['password']);

        $result = mysql_query("SELECT username FROM users WHERE username = '$username' AND password = '$password' 

And admin = '1'");

                if(mysql_num_rows($result) > 0) {
                                $_SESSION['username'] = $username;

                header("Location: correct.php");


         }

else{
                header("Location: wrong.php");

                }
}

?>

What do I need to add?
 
PHP:
<?
session_start();

include("connect.php"); 
function clean($value) {
    if(get_magic_quotes_gpc()) $value = stripslashes($value);
    return trim(mysql_real_escape_string($value));
}

if($_POST['login'] && $_POST['username'] && $_POST['password']) {
$username = clean($_POST['username']);
$password = md5($_POST['password']);
$result = mysql_query("SELECT username FROM users WHERE username = '$username' AND password = '$password'");
if(mysql_num_rows($result) > 0) {
$row_login = mysql_fetch_array($result);
if($row_login['admin'] == 1){
$_SESSION['username'] = $username;
header("Location: admin.php"); // An admin
exit;
}
if($row_login['admin'] == 0){
$_SESSION['username'] = $username;
header("Location: notadmin.php"); // Not an admin
exit;
}
} else {
header("Location: detailswrong.php"); // No users found with that username and password combo
exit;
}
} else {
header("Location: nodata.php"); // Field missed
exit;
}
?>
 
Thanks mate,

Is there a bracket missing in the code though as my page just renders at the top like this:

0) {
$row_login = mysql_fetch_array($result);
if($row_login['admin'] == 1){
$_SESSION['username'] = $username;
header("Location: admin.php"); // An admin
exit;
}
if($row_login['admin'] == 0){
$_SESSION['username'] = $username;
header("Location: notadmin.php"); // Not an admin
exit;
}
} else {
header("Location: detailswrong.php"); // No users found with that username and password combo
exit;
}
} else {
header("Location: nodata.php"); // Field missed
exit;
}
?>
 
Might be handy to use a bit of javascript to validate form entry, rather than putting extra strain on the server.

W3Schools ***:

http://www.w3schools.com/js/js_form_validation.asp

Also, Russinating has done the easiest php method. Explained:

if($_POST['login'] && $_POST['username'] && $_POST['password']) {

This bit makes sure each of those POST's exist, and each contain data.

} else {
header("Location: nodata.php"); // Field missed
exit;

This bit is the redirect and using exit; is good coding eitquette.

S
 
Hmm, yeah, for some reason, it doesn't work.

My SQL table only has username, password and admin fields and the user is only asked for their username and password.

Something is casuing it to fail now
 
Ok, thanks.

If I leave the code untouched, I get this at the top of the screen (which isn't even really an error)

imgu.png
and the page formatting is all wrong.

If I take out this line of code:
Code:
} else {
header("Location: nodata.php"); // Field missed
exit;

The page then renders correctly with no "errors" but both admins and normal users go to the same page.
 
Try adding error_reporting(E_ALL);

This should give you a bit more insight to whats going on.

Also whats in your html that calls this file?
 
Also in your SQL query your not requesting the field admin.

So $row_login['admin'] will always be blank.

"SELECT username, admin FROM users WHERE username = '$username' AND password = '$password'");
 
There must be an error in the code like a missing semi-colon line ending etc.

The code is breaking at a > symbol so the browser is using it as a closing html bracket. ;)

I'd avoid javascript validation as being client-side it can bypassed by browser setup, some businesses setup their systems this way.

PHP sessions use cookies by default. :rolleyes:
 
I mean store the username and md5 pass in cookies, then check it against the db everytime a page loads, instead of just setting the session (which can be stolen).
 
I mean store the username and md5 pass in cookies, then check it against the db everytime a page loads, instead of just setting the session (which can be stolen).

The session is way more effective at passing data between pages than using cookies. I agree sessions can have security issues but that is down to lax programming.
 
There must be an error in the code like a missing semi-colon line ending etc.

The code is breaking at a > symbol so the browser is using it as a closing html bracket. ;)

I'd avoid javascript validation as being client-side it can bypassed by browser setup, some businesses setup their systems this way.

PHP sessions use cookies by default. :rolleyes:

:p Of corse it can be surpassed. But it should always be implemented to prevent unnecessary time wasting and server strain.

I can't find a syntax error with what you have. If I had a wamp server here, I could test it. If you have a link on the web, check the source of the page as to what has been outputted and what's caused it.

Also, Turn error reporting on as stated above:

error_reporting(E_ALL);

Put it at the top of your page in php tags.

It should let you know if there're any sql/variable issues. Likely the problem.
 
Yeah, I've turned on Error Reporting but i still get the same error as in the screenshot.

I have no idea why it's doing that at all
 
Back
Top Bottom