PHP Login won't redirect?

JamesU2005 · 21 Feb 2007 at 11:00

Been racking my brains to get this PHP login working and have nearly got there. Just one problem left, for some reason if the username/password is wrong it's won't redirect.

Any ideas?

Cheers

if (!$rs->EOF)
{
if ($_POST["user"] == $User &&
$_POST["password"] == $Password)
{
session_start();
$_SESSION["Authorised"] = "Y";
header("Location: index.php");
}
else
{
header("Location: baduserpass.php");
}
}

JamesU2005 · 21 Feb 2007 at 20:14

Bump?

Despite my lack of knowledge I think we can assume it's ignoring the "else".

So it works if the user/password is correct but if they are wrong it does nothing.

Please help, I'm so close yet so far.

Jotun · 21 Feb 2007 at 20:58

Have you tried displaying all the variables used, to check everything is as it should be?

Also when you post code, use the [code][/code] tags to preserve indentation and make it more legible

JamesU2005 · 21 Feb 2007 at 22:00

Sorry for being such a "noob" as they say but how might I do this and why would it make a difference?

As it works fine if the user/password is right then I can't see why anything else would be wrong.

I'm convinced there is something wrong in my code attached at the top of this thread. But just can't work out what.

meghatronic · 21 Feb 2007 at 23:01

Try something like:

Code:

if (!$rs->EOF) 
{
if ($_POST["user"] == $User &&
$_POST["password"] == $Password)
{
session_start();
$_SESSION["Authorised"] = "Y";
header("Location: index.php"); 
}
else {
echo "Wrong Username or Password";
}
}

Simpler really?

EDIT - it also might be better to store the username as a session variable instead of 'authorised', as then you could create 'levels' of page access, e.g. admin areas etc.

EDIT2 - also consider using a MYSQL db as a backend for username table (with MD5 pwords) - I'm assuming in both these edits that there will be more than one username....

JamesU2005 · 22 Feb 2007 at 08:32

Thanks for the help guys but still no joy.

All the happens with whatever method I try is when you enter a wrong username/password just a blank page comes up, the page that has the PHP Validate code in it.

Basically it goes:

Login Page - Form input
Validate Page - Checks form input (code included in this thread)
Takes you to the Logged in Index Page- If user/password correct.

Voo · 22 Feb 2007 at 08:55

Syntax looks ok otherwise you would get an error.

Its obviously redirecting somewhere if you get a blank page, is the baduserpass.php file supposed to display anything? If so, does it?

Why do you need the $_SESSION["Authorised"] = "Y"; ?

Try putting the posted fields into their own variables to compare them, assuming the file names are correct try:

Code:

if (!$rs->EOF) 
{
	$p_user = $_POST["user"];
	$p_pass = $_POST["password"];

	if ($p_user == $User  && $p_pass == $Password)
	{
		session_start();
		$_SESSION["Authorised"] = "Y";
		header("Location: index.php"); 
	}
	else
	{
		header("Location: baduserpass.php");
	}
}

JamesU2005 · 22 Feb 2007 at 09:11

Problem solved!

I can't believe I didn't think of this earlier :mad:

I just stuck my original code into wrongpassword.php instead. So if the user gets there username/password wrong it just goes straight to wrongpassword.php, if it's right it redirects to index.php.

Easy work around!

Thanks for all the help though guys.