I have been trying to figure out why my user isn't being directed to the proper directory upon login. Each client will have their own directory (which I create beforehand). I send them their login ID & password. From a login form, they should be sent to their proper directory, but somehow the script is missing naming that part of their login.
Maybe someone can tell me what's wrong with my script. Thanks!
~J
<?PHP
ob_start();
session_start();
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header("Location: http://www.mywebsite.com/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
header("Location: http://www.mywebsite.com/login.htm" );
}
else{
//set the database connection variables
$dbHost = "localhost";
$dbUser = "(omitted)";
$dbPass = "(omitted)";
$dbDatabase = "(omitted)";
//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);
mysql_connect("$dbHost", "$dbUser", "$dbPass")or die ("Error connecting to database.");
mysql_select_db("$dbDatabase") or die(mysql_error());
$result=mysql_query("SELECT * FROM clients WHERE password='$pass' AND username='$user'") or die("Couldn't query the user-database.");
$rowCheck = mysql_num_rows($result);
if($rowCheck > 0)
{
while($row = mysql_fetch_array($result)){
// Start the login session
session_start();
$_SESSION['user'] = $_POST['user'];
$_SESSION['password'] = $_POST['password'];
header('refresh: 2;url=/client/'.$_SERVER["PHP_AUTH_USER"].'/clindx.php');
echo "Success! You will now be redirected.";
exit();
}
}
else {
//if nothing is returned by the query, unsuccessful login code goes here...
echo 'Incorrect login name or password. Please try again.';
}
}
?>
- <?PHP
- ob_start();
- session_start();
- //check that the user is calling the page from the login form and not accessing it directly
- //and redirect back to the login form if necessary
- if (!isset($username) || !isset($password)) {
- header("Location: http://www.mywebsite.com/login.htm" );
- }
- //check that the form fields are not empty, and redirect back to the login page if they are
- elseif (empty($username) || empty($password)) {
- header("Location: http://www.mywebsite.com/login.htm" );
- }
- else{
- //set the database connection variables
- $dbHost = "localhost";
- $dbUser = "(omitted)";
- $dbPass = "(omitted)";
- $dbDatabase = "(omitted)";
- //add slashes to the username and md5() the password
- $user = addslashes($_POST['username']);
- $pass = md5($_POST['password']);
- mysql_connect("$dbHost", "$dbUser", "$dbPass")or die ("Error connecting to database.");
- mysql_select_db("$dbDatabase") or die(mysql_error());
- $result=mysql_query("SELECT * FROM clients WHERE password='$pass' AND username='$user'") or die("Couldn't query the user-database.");
- $rowCheck = mysql_num_rows($result);
- if($rowCheck > 0)
- {
- while($row = mysql_fetch_array($result)){
- // Start the login session
- session_start();
- $_SESSION['user'] = $_POST['user'];
- $_SESSION['password'] = $_POST['password'];
- header('refresh: 2;url=/client/'.$_SERVER["PHP_AUTH_USER"].'/clindx.php');
- echo "Success! You will now be redirected.";
- exit();
- }
- }
- else {
- //if nothing is returned by the query, unsuccessful login code goes here...
- echo 'Incorrect login name or password. Please try again.';
- }
- }
- ?>
April 22nd, 2004, 10:38 am
