<?php # Script 9.1 - login.php
// Send NOTHING to the Web browser prior to the setcookie() lines!
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
require_once ('mysql_connect.php'); // Connect to the db.
$errors = array(); // Initialize error array.
// Check for an email address.
if (empty($_POST['username'])) {
$errors[] = 'You forgot to enter your username.';
} else {
$u = escape_data($_POST['username']);
}
// Check for a password.
if (empty($_POST['password'])) {
$errors[] = 'You forgot to enter your password.';
} else {
$p = escape_data($_POST['password']);
}
if (empty($errors)) { // If everything's OK.
/* Retrieve the user_id and first_name for
that email/password combination. */
$query = "SELECT username, password FROM adminprofile WHERE username='$u' AND password='$p'";
$result = @mysql_query ($query); // Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
if ($row) { // A record was pulled from the database.
// Set the cookies & redirect.
setcookie ('username', $row[0]);
// Redirect the user to the loggedin.php page.
// Start defining the URL.
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= 'loggedin.php';
header("Location: $url");
exit(); // Quit the script.
} else { // No record matched the query.
$errors[] = 'The username and password entered do not match those on file.'; // Public message.
$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.
}
} // End of if (empty($errors)) IF.
mysql_close(); // Close the database connection.
} else { // Form has not been submitted.
$errors = NULL;
} // End of the main Submit conditional.
// Begin the page now.
$page_title = 'Login';
include ('./includes/header.html');
if (!empty($errors)) { // Print any error messages.
echo '<h1 id="mainhead">Error!</h1>
<p class="error">The following error(s) occurred:<br />';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p>';
}
// Create the form.
?>
<h2>Login</h2>
<form action="login.php" method="post">
<p>Username: <input type="text" name="username" size="20" maxlength="15" /> </p>
<p>Password: <input type="password" name="password" size="20" maxlength="15" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
<input type="hidden" name="submitted" value="TRUE" />
</form>
<?php
include ('./includes/footer.html');
?>
AND
<?php # Script 9.16 - loggedin.php (4th version after Scripts 9.2, 9.7 & 9.11)
# User is redirected here from login.php.
session_name ('YourVisitID');
session_start(); // Start the session.
// If no session value is present, redirect the user.
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {
// Start defining the URL.
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
$url .= '/index.php'; // Add the page.
header("Location: $url");
exit(); // Quit the script.
}
// Set the page title and include the HTML header.
$page_title = 'Logged In!';
include ('./includes/header.html');
// Print a customized message.
echo "<h1>Logged In!</h1>
<p>You are now logged in, {$_SESSION['first_name']}!</p>
<p><br /><br /></p>";
include ('./includes/footer.html');
?>
Why the first page can't redirect to the second page even the username and password is correct? The error was screenshot was attached! Please help.