hi, on my site:
http://m.slapp.me/
When I login, user:
test pass:
test
it checks the login against the database on a seperate page and then redirects if login successful but the URL stays the same, please help.
here is my checking page:
PHP Code:
<?php
ob_start();
$host="xxx"; // Host name
$username="xxx"; // Mysql username
$password="xxx"; // Mysql password
$db_name="xxx"; // Database name
$tbl_name="xxx"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['rsUser'];
$mypassword=$_POST['rsPass'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE rsUser='$myusername' and rsPass='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$num_rows = mysql_num_rows($result);
$row = mysql_fetch_array($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if ($num_rows > 0) {
session_start();
$_SESSION['login'] = "1";
$_SESSION['UserID'] = $row['UserID'];
$rsUser = $row['rsUser'];
header ("Location: http://m.slapp.me/login_success.php?rsUser=$rsUser");
}
else {
$errorMessage = "Invalid Login";
session_start();
$_SESSION['login'] = '';
}
ob_end_flush();
?>
here is the page I end up on when successful
PHP Code:
<?
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: index.php");
}
mysql_connect("xxx", "xxx", "xxx") or die(mysql_error());
mysql_select_db("xxx") or die(mysql_error());
$rsUser = $_REQUEST['rsUser'];
$query1 = mysql_query("SELECT * FROM rstarget INNER JOIN users ON users.UserID=rstarget.UserID WHERE currentTarget = '1'");
$row1 = mysql_fetch_array($query1);
$query3 = mysql_query("SELECT * FROM users WHERE rsUser = '$rsUser'");
$row3 = mysql_fetch_array($query3);
$TargetID = $row1['TargetID'];
$result1 = mysql_query("SELECT * FROM rstargetpictures WHERE TargetID = '$TargetID' AND PictureApproval = '1'");
$msg = $_REQUEST['msg'];
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Multi-page template</title>
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.css" />
<script src="http://code.jquery.com/jquery-1.8.2.min.js"></script>
<script src="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.js"></script>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-2434589-28']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-2434589-29']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body>
<!-- Start of first page: #one -->
<div data-role="page" id="success">
<header data-role="header"data-theme="b">
<h1>Slapp.ME</h1>
<?php
if($_SESSION['UserID'] == '1'){
echo '<a href="#success" data-icon="home" class="ui-btn-right">Admin</a>';
}
?>
</header><!-- /header -->
<div data-role="content" >
Todays target is: <h2><?php echo $row1['TargetName']; ?></h2>
<p><a href="#add" data-role="button" data-rel="dialog" data-transition="pop">Add Image</a></p>
<p><a href="#" data-role="button" data-icon="star">Suggest new Target</a></p>
<p><a href="#" data-role="button" data-icon="star">View Profile</a></p>
<p><a href="#" data-role="button" data-icon="star">Logout</a></p>
</div><!-- /content -->
<div data-role="footer" data-theme="d">
<h4>Page Footer</h4>
</div><!-- /footer -->
</div><!-- /page one -->
<!-- Start of third page: #add -->
<div data-role="page" id="add">
<div data-role="header" data-theme="e">
<h1>Add Image</h1>
</div><!-- /header -->
<div data-role="content" data-theme="d">
<h2>Login to Slapp.ME</h2>
<div data-role="fieldcontain">
<form id="login" name="form1" method="post" action="checklogin.php">
<label for="name">Username:</label>
<input type="text" name="rsUser" id="name" value="" />
<label for="name">Password:</label>
<input type="password" name="rsPass" id="name" value="" />
<br />
<button value="submit-value" name="submit" data-theme="b" type="submit" class="ui-btn-hidden" aria-disabled="false">Login</button>
</form>
</div>
</div><!-- /content -->
<div data-role="footer">
<h4>Page Footer</h4>
</div><!-- /footer -->
</div><!-- /page popup -->
</body>
</html>
when logged in, the URL shows:
http://m.slapp.me/checklogin.php it should be
http://m.slapp.me/login_success.php as there is a redirect
Before you post, read our: 
