Problems with user auth script & refresh

  • jammer
  • Born
  • Born
  • jammer
  • Posts: 2
  • Loc: Arizona

Post 3+ Months Ago

I have been trying to figure out why my user isn't being directed to the proper directory upon login. Each client will have their own directory (which I create beforehand). I send them their login ID & password. From a login form, they should be sent to their proper directory, but somehow the script is missing naming that part of their login.

Maybe someone can tell me what's wrong with my script. Thanks!
~J

Code: [ Select ]
<?PHP
ob_start();
session_start();

//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header("Location: http://www.mywebsite.com/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
header("Location: http://www.mywebsite.com/login.htm" );
}
else{

//set the database connection variables

$dbHost = "localhost";
$dbUser = "(omitted)";
$dbPass = "(omitted)";
$dbDatabase = "(omitted)";

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);

mysql_connect("$dbHost", "$dbUser", "$dbPass")or die ("Error connecting to database.");
mysql_select_db("$dbDatabase") or die(mysql_error());

$result=mysql_query("SELECT * FROM clients WHERE password='$pass' AND username='$user'") or die("Couldn't query the user-database.");
$rowCheck = mysql_num_rows($result);
if($rowCheck > 0)
{
while($row = mysql_fetch_array($result)){

// Start the login session

session_start();
$_SESSION['user'] = $_POST['user'];
$_SESSION['password'] = $_POST['password'];

header('refresh: 2;url=/client/'.$_SERVER["PHP_AUTH_USER"].'/clindx.php');
echo "Success! You will now be redirected.";
exit();
}
}
else {

//if nothing is returned by the query, unsuccessful login code goes here...
echo 'Incorrect login name or password. Please try again.';
}
}
?>
  1. <?PHP
  2. ob_start();
  3. session_start();
  4. //check that the user is calling the page from the login form and not accessing it directly
  5. //and redirect back to the login form if necessary
  6. if (!isset($username) || !isset($password)) {
  7. header("Location: http://www.mywebsite.com/login.htm" );
  8. }
  9. //check that the form fields are not empty, and redirect back to the login page if they are
  10. elseif (empty($username) || empty($password)) {
  11. header("Location: http://www.mywebsite.com/login.htm" );
  12. }
  13. else{
  14. //set the database connection variables
  15. $dbHost = "localhost";
  16. $dbUser = "(omitted)";
  17. $dbPass = "(omitted)";
  18. $dbDatabase = "(omitted)";
  19. //add slashes to the username and md5() the password
  20. $user = addslashes($_POST['username']);
  21. $pass = md5($_POST['password']);
  22. mysql_connect("$dbHost", "$dbUser", "$dbPass")or die ("Error connecting to database.");
  23. mysql_select_db("$dbDatabase") or die(mysql_error());
  24. $result=mysql_query("SELECT * FROM clients WHERE password='$pass' AND username='$user'") or die("Couldn't query the user-database.");
  25. $rowCheck = mysql_num_rows($result);
  26. if($rowCheck > 0)
  27. {
  28. while($row = mysql_fetch_array($result)){
  29. // Start the login session
  30. session_start();
  31. $_SESSION['user'] = $_POST['user'];
  32. $_SESSION['password'] = $_POST['password'];
  33. header('refresh: 2;url=/client/'.$_SERVER["PHP_AUTH_USER"].'/clindx.php');
  34. echo "Success! You will now be redirected.";
  35. exit();
  36. }
  37. }
  38. else {
  39. //if nothing is returned by the query, unsuccessful login code goes here...
  40. echo 'Incorrect login name or password. Please try again.';
  41. }
  42. }
  43. ?>
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Scorpius
  • Proficient
  • Proficient
  • User avatar
  • Posts: 401
  • Loc: Scorpion Hole

Post 3+ Months Ago

Well, couldn't you just change
Code: [ Select ]
$_SERVER["PHP_AUTH_USER"]

to
Code: [ Select ]
$_POST["username"]

That is only if their username is the same as their directory.
  • jammer
  • Born
  • Born
  • jammer
  • Posts: 2
  • Loc: Arizona

Post 3+ Months Ago

thank you very much scorpius! you made my day man!
  • Scorpius
  • Proficient
  • Proficient
  • User avatar
  • Posts: 401
  • Loc: Scorpion Hole

Post 3+ Months Ago

Heh no problem at all man.

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 68 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.