Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Oct 2005
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    My login isn't functioning

    Hi people,

    I have a problem here with my login script, because it is sending me always to the index.php page, even if the inserted values in the form are equal to the values in the database.

    This is the form:

    Code:
    <form action="login.php" id="login" name="login">
      <input type="text" name="username" id="username">
      <div class="nav-body-login">Password:</div>
      <div id="form2">
      <input type="password" id="password" name="password">
      </div>
      <div id="submit_form">
      <input type="submit" id="submit" name="submit" value="Login">
    </form>
    This is the login.php script:

    Code:
    <?php
    
    //Evita o mysql injection
    function escape($value) 
    {
    // Stripslashes
    	if (get_magic_quotes_gpc()) 
    	{
    		$value = stripslashes($value);
    	}
    // Quote if not a number or a numeric string
    	if (!is_numeric($value)) 
    	{
    		$value = "'" . mysql_real_escape_string($value) . "'";
    	}
    
    		return $value;
    }
    
    session_start();
    
    $time = time();
    
    error_reporting(E_ALL);
    $script_base = dirname($_SERVER['SCRIPT_FILENAME']);  //define o root do ficheiro...
    define('SCRIPT_BASE', $script_base);
    
    include SCRIPT_BASE.'/includes/mysql.class.php';
    include 'config.php';		//inclui o ficheiro de instalacao
    
    $ligacao = new MySQL_DB_Connector; //faz a ligacao a classe que esta no ficheiro mysql.class.php
    $ligacao->connect($host, $username, $password); //os valores $host, $username e $password estão no ficheiro config.php
    mysql_select_db($database) or die("ERRO: Impossível escolher a base de dados: ".mysql_error());
    
    if(isset($username) and isset($password)) //se tiverem sido introduzidos password e username...
    {
    	$username = $_POST['username'];
    	$password = $_POST['password'];
    	//escape($password); //faz uso da função que escrevi acima, que evita o mysql injection
    	//$password = md5($password); //encripta a password
    	$query = "SELECT * FROM utilizador WHERE nome = '$username' AND password = '$password'";
    	$resultado = mysql_query ($query);
    	
    	$array = mysql_fetch_array($resultado, MYSQL_ASSOC);
    	
    	$id = $array["id"];
    	$email = $array["email"];
    	$permissao = $array["permissao"];
    	
    	$rows = mysql_num_rows($resultado);
    	
    	if($rows != 0) //se devolver resultado...
    	{
    		$_SESSION['username'] = $username;
    		$_SESSION['password'] = $password;
    		$_SESSION['id'] = $id;
    		$_SESSION['email'] = $email;
    		$_SESSION['permissao'] = $permissao;
    		echo '<script language="JavaScript">
    				window.location = "admin/admin.php";
    				</script>' ;
    	}
    	if($rows == 0)
    	{
    		
    		echo '<script language="JavaScript">
    				window.location = "index.php";
    				</script>';
    		
    		$erro = array();
    		$erro [] = 'Impossivel fazer login !';
    		return $erro;
    	}
    }
    
    ?>
    I have already tried some things like change the echo command to printf and to print, but is is always redirecting me to the index.php .

    Could you give me a hand here ?

  • #2
    Senior Coder koyama's Avatar
    Join Date
    Dec 2006
    Location
    Copenhagen, Denmark
    Posts
    1,246
    Thanks
    1
    Thanked 5 Times in 5 Posts
    You must include method: post in your form tag, else it will default to "get".
    Code:
    <form action="login.php" id="login" name="login" method="post">
    ...
    </form>
    Why not use HTTP redirection instead of redirection with javascript? If your user has javascript disabled it won't work.
    Instead of this:
    PHP Code:
    echo '<script language="JavaScript">
                    window.location = "admin/admin.php";
                    </script>' 

    try something like this
    PHP Code:
    header('Location: http://somedomain.com/admin/admin.php');
    exit(); 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •