...

View Full Version : session - redirect url cannot load!



chleng
07-12-2005, 05:59 AM
Hi, here's my sample_login.php. The redirected url cannot be loaded. The code means that unless mobile and password are the same from those db, then it will always redirect to iteself, else it will direct to the url indicated. thks a lot!

rgds

P.S I really hate to paste a whole lump of code, when I could not get the answers from the search results, I left with no choice.


<?
session_start(); // start session.
//modified from http://www.evolt.org/article/Creating_a_Login_Script_with_PHP_4/17/19661/?format=print
//google search login php
?>
<!-- header tags, edit to match your own, or include template header file. -->
<html>
<head>
<title>Login</title>
<head>
<body>
<?
if(!isset($Mobile) | !isset($password)) {
//echo"<br>mobile and password not set";
// escape from php mode.
?>
<form action="<?=$PHP_SELF;?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST" name="loginform" target="_self" >
<p align="center">Members only. Please login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="Mobile">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login" >
</form>
</th>
</tr>
</table>
</body>
</html>
<?
exit();
}

// If all is well so far.
include ("Conf_Main.php");
session_register("Mobile");
session_register("password"); // register mobile and password as session variables.

$table = "tblcdr_users_test";

// Here you would check the supplied mobile and password against your database to see if they exist.
// For example, a MySQL Query, your method may differ.

$Link1 = mysql_connect($g_dbHost1, $g_dbUser1, $g_dbPass1)or die("Fail to Conn DB! ".mysql_error());
mysql_select_db($g_dbmysmscallback, $Link1) or die("Fail to Select DB! ".mysql_error);


$current_date = date('Y-m-d');
$sql = "SELECT password FROM $table WHERE mobile = '$Mobile' and expired>'$current_date'";
//echo"<br>\$sql: $sql";
$result = mysql_query($sql);
//echo"<br>SELECT password FROM $table WHERE mobile = '$Mobile'";
$fetch_em = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);

if($numrows != "0" & $password == $fetch_em["password"]) {
$valid_user = 1;
$insertGoTo="osms_svc_mgmt5.php?Mobile=$Mobile&password=$password";
print "<script language=\"JavaScript\">";
print "window.location ='$insertGoTo'";
print "</script>";
exit();
}
else {
$valid_user = 0;
}

// If the mobile exists and pass is correct, don't pop up the login code again.
// If info can't be found or verified....

if (!($valid_user))
{
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
// escape from php mode.
?>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST" name="loginform" target="_self">
<p align="center">Incorrect login information, please try again. You must login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="Mobile">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login">
</form>
</th>
</tr>
</table>
</body>
</html>
<?
exit();
}
?>

part of the url the login script direct to

<?php
//session_start(); // start session.
include ("Conf_Main.php");
include ("login15.php");
//template is osms_svc_mgmt3.html
//starting from osms_svc_mgmt4.php will capture password
//from version osms_svc_mgmt5.php will prevent user from coming to this page straight away from typing address/query string in URL
//from osms_svc_mgmt6.php uses !isset($_SESSION['

/*if (isset($_GET['Mobile']))
{echo"<br>\$Mobile get";$Mobile=$_GET['Mobile'];}
else if (isset($_POST['Mobile']))
{echo"<br>\$Mobile post";$Mobile=$_POST['Mobile'];}
else $Mobile="";

if (isset($_GET['password']))
$password=$_GET['password'];
else if (isset($_POST['password']))
$password=$_POST['password'];
else $password="";*/

if (!isset($_SESSION['Mobile'])) {
$Mobile = $_SESSION['Mobile'];
}
else {
$Mobile="";
}

if (!isset($_SESSION['password'])) {
$password = $_SESSION['password'];
}
else {
$password="";
}

echo "<br>\$Mobile: $Mobile";
echo "<br>\$password: $password";

//echo"<br>\$password before session_register: $password";
/*session_register("Mobile");
session_register("password"); // register mobile and password as session variables.
echo"<br>\$Mobile after session_register: $Mobile";*/
//echo"<br>\$password after session_register: $password";

?>

Fou-Lu
07-12-2005, 02:49 PM
Eh?
I'm confused, what is the trouble its causing exactly?
If this is all one script, one thing I'll mention is that your placing exit functions without being in conditional statements. This is by no means wrong, however for your purposes it will never make it to the next set of evaluations.
If you want me to, I'll throw together a simple login script for you, based off of what you have. All I need to know is what your php configurations are for sessions.use_cookies, sessions.use_only_cookies, and sessions.use_trans_sid, and if you would like to force only cookies on (which is more secure in this situation, though don't mistaken it as the same for using cookies).



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum