Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2

Thread: Redirect

  1. #1
    Regular Coder
    Join Date
    Dec 2006
    Posts
    166
    Thanks
    9
    Thanked 4 Times in 4 Posts

    Redirect

    OK, well my redirect is working fine using the header("Location:"); function; however, I am having trouble with getting it to redirect based on conditions. What I'm trying to do is have a login script: It will test using the login() function to test for valid login entries, returning 0 to denote a bad attempt or 1 to denote a good attempt. My code is below:
    PHP Code:
    if (isset($_POST['login']))
    {
        if (
    login() == 1)
        {
            
    header("Location: index.php");
        }
        else
        {
            
    header("Location: login.php");
        }
    }
    function 
    login()
    {
        if (
    $_POST['username'] == "" || $_POST['password'] == "")
        {
            return 
    0;
        }
        
    $sql "SELECT * FROM users WHERE user_name='" $_POST['username'] . "' AND user_pass='" md5($_POST['password']) . "'";
        
    $result mysql_query($sql) or die(mysql_error());
        
    $record mysql_fetch_array($result);
        if (
    $_POST['username'] == $record['user_name'])
        {
            
    $_SESSION['user_id'] = $record['user_id'];
            return 
    1;    //return 1 to redirect if successful, else return 0 to fail
        
    }
        else
        {
            return 
    0;
        }

    Now, my problem is, if I don't enter the correct data, it will redirect me to index.php instead of login.php. I know the condition is working find though; for example, if I change the header() call to an echo, it will work fine.

    Edit: one more thing. If anybody finds something wrong with my actual login validation, please tell me .

  • #2
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    PHP Code:
    if ($_POST['username'] == $record['user_name']) 
    That will always return true(it's been compared already).
    You should use something more like this:
    PHP Code:
        $sql "SELECT `user_id` FROM `users` WHERE `user_name`= '" mysql_real_escape_string($_POST['username']) . "' AND `user_pass` = '" md5($_POST['password']) . "' LIMIT 1";
        
    $result mysql_query($sql) or die(mysql_error());
        if (
    mysql_num_rows($result) == 1)
        {
            
    $user_id mysql_result($result0);
            
    $_SESSION['user_id'] = $user_id// you could combine this line and the one above it, I just wanted to be clear
            
    return 1;    //return 1 to redirect if successful, else return 0 to fail
        
    }
        else
        {
            return 
    0;
        } 
    Last edited by Inigoesdr; 01-02-2008 at 04:55 PM. Reason: added clarification comment


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •