...

View Full Version : My login isn't functioning



deathseeker25
01-31-2007, 09:53 AM
Hi people,

I have a problem here with my login script, because it is sending me always to the index.php page, even if the inserted values in the form are equal to the values in the database.

This is the form:



<form action="login.php" id="login" name="login">
<input type="text" name="username" id="username">
<div class="nav-body-login">Password:</div>
<div id="form2">
<input type="password" id="password" name="password">
</div>
<div id="submit_form">
<input type="submit" id="submit" name="submit" value="Login">
</form>

This is the login.php script:



<?php

//Evita o mysql injection
function escape($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}

return $value;
}

session_start();

$time = time();

error_reporting(E_ALL);
$script_base = dirname($_SERVER['SCRIPT_FILENAME']); //define o root do ficheiro...
define('SCRIPT_BASE', $script_base);

include SCRIPT_BASE.'/includes/mysql.class.php';
include 'config.php'; //inclui o ficheiro de instalacao

$ligacao = new MySQL_DB_Connector; //faz a ligacao a classe que esta no ficheiro mysql.class.php
$ligacao->connect($host, $username, $password); //os valores $host, $username e $password estão no ficheiro config.php
mysql_select_db($database) or die("ERRO: Impossível escolher a base de dados: ".mysql_error());

if(isset($username) and isset($password)) //se tiverem sido introduzidos password e username...
{
$username = $_POST['username'];
$password = $_POST['password'];
//escape($password); //faz uso da função que escrevi acima, que evita o mysql injection
//$password = md5($password); //encripta a password
$query = "SELECT * FROM utilizador WHERE nome = '$username' AND password = '$password'";
$resultado = mysql_query ($query);

$array = mysql_fetch_array($resultado, MYSQL_ASSOC);

$id = $array["id"];
$email = $array["email"];
$permissao = $array["permissao"];

$rows = mysql_num_rows($resultado);

if($rows != 0) //se devolver resultado...
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['id'] = $id;
$_SESSION['email'] = $email;
$_SESSION['permissao'] = $permissao;
echo '<script language="JavaScript">
window.location = "admin/admin.php";
</script>' ;
}
if($rows == 0)
{

echo '<script language="JavaScript">
window.location = "index.php";
</script>';

$erro = array();
$erro [] = 'Impossivel fazer login !';
return $erro;
}
}

?>

I have already tried some things like change the echo command to printf and to print, but is is always redirecting me to the index.php .

Could you give me a hand here ?:thumbsup:

koyama
01-31-2007, 12:56 PM
You must include method: post in your form tag, else it will default to "get".


<form action="login.php" id="login" name="login" method="post">
...
</form>

Why not use HTTP redirection instead of redirection with javascript? If your user has javascript disabled it won't work.
Instead of this:


echo '<script language="JavaScript">
window.location = "admin/admin.php";
</script>' ;

try something like this


header('Location: http://somedomain.com/admin/admin.php');
exit();



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum