...

View Full Version : Redirect



194673
01-02-2008, 09:16 AM
OK, well my redirect is working fine using the header("Location:"); function; however, I am having trouble with getting it to redirect based on conditions. What I'm trying to do is have a login script: It will test using the login() function to test for valid login entries, returning 0 to denote a bad attempt or 1 to denote a good attempt. My code is below:


if (isset($_POST['login']))
{
if (login() == 1)
{
header("Location: index.php");
}
else
{
header("Location: login.php");
}
}
function login()
{
if ($_POST['username'] == "" || $_POST['password'] == "")
{
return 0;
}
$sql = "SELECT * FROM users WHERE user_name='" . $_POST['username'] . "' AND user_pass='" . md5($_POST['password']) . "'";
$result = mysql_query($sql) or die(mysql_error());
$record = mysql_fetch_array($result);
if ($_POST['username'] == $record['user_name'])
{
$_SESSION['user_id'] = $record['user_id'];
return 1; //return 1 to redirect if successful, else return 0 to fail
}
else
{
return 0;
}
}
Now, my problem is, if I don't enter the correct data, it will redirect me to index.php instead of login.php. I know the condition is working find though; for example, if I change the header() call to an echo, it will work fine.

Edit: one more thing. If anybody finds something wrong with my actual login validation, please tell me :).

Inigoesdr
01-02-2008, 10:56 AM
if ($_POST['username'] == $record['user_name'])
That will always return true(it's been compared already).
You should use something more like this:


$sql = "SELECT `user_id` FROM `users` WHERE `user_name`= '" . mysql_real_escape_string($_POST['username']) . "' AND `user_pass` = '" . md5($_POST['password']) . "' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) == 1)
{
$user_id = mysql_result($result, 0);
$_SESSION['user_id'] = $user_id; // you could combine this line and the one above it, I just wanted to be clear
return 1; //return 1 to redirect if successful, else return 0 to fail
}
else
{
return 0;
}



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum