Member Avatar for CEVGames

I have a log in system and upon logging in, I cannot get the page to redirect to the members section. I've tried a bunch of different methods, and none seem to work. Here is my current code, can anyone offer some suggestions please?

{
$username = mysql_real_escape_string($username); 
$password = md5( mysql_real_escape_string($password) );
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
$rows = mysql_num_rows($sql); 

if ($rows<1)
{ 
echo "&serverResponse=Incorrect username/password"; 
}
else {
ob_start();
header( "Location: play.php" ) ;
setcookie("username", "$username", time()+3600);
$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
$row=mysql_fetch_assoc($result);
$total = $row['total'];
setcookie("total", "$total", time()+3600);
$_SESSION['username'] = $username;


} 
}

It does set the cookies because if I go to play.php manually I can see where they are pulled. If I do not log in it will redirect to the page reserved for not being logged in. I'm completely new at this so I'm sure it is a simple mistake, I just don't know what. Thanks.

Edited by CEVGames because: n/a
  • 3 Contributors
  • 11 Replies
  • 127 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by CEVGames
Member Avatar for vibhaJ

You mean user is not redirected to play.php even he is valid user?

<?
{
$username = mysql_real_escape_string($username); 
$password = md5( mysql_real_escape_string($password) );
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
$rows = mysql_num_rows($sql); 

	if ($rows<1)
	{ 
		echo "&serverResponse=Incorrect username/password"; 
	}
	else 
	{
		setcookie("username", "$username", time()+3600);
		$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
		$row=mysql_fetch_assoc($result);
		$total = $row['total'];
		setcookie("total", "$total", time()+3600);
		$_SESSION['username'] = $username;
		
		header( "Location: play.php" ) ;
		exit;
	} 
}
?>

Add echo 'hi';exit; in first line of play.php. Post your output.

Member Avatar for CEVGames

vibhadevit:

Yes if the user is valid he or she is not redirected to the play page or the nogo page. The page just sits on the log in page. However if it is an invalid user, it does echo Incorrect User/Password.

If I am not logged in and I manually type in play.php it takes me to nogo.php (which it should). If I am logged in it takes me to play.php and displays User Name and Score (which it should). When I add the line of code you asked, it does what I assume it would. Which is as follows:

1. It still does not redirect me from log in.
2. It allows the play page to be accessed weather logged in or not (as this line of code is below the exit command).
3. It does echo back hi.

Member Avatar for vibhaJ

so issue is with play.php page.Post its code here.

And also try print_r($_SESSION); exit; after session _start(); function on play.php.Which will show sessions available on that page.

Member Avatar for Dragonbaki

There should be no spaces in between header function.. for (e.g) header(Location:sample.php); and no echo function to be used before header function. This will also deny the redirection task.... Suppose still any problem, please let me know....

Member Avatar for CEVGames

Vib,

I am not sure why the issue would be on the play.php page if it does not redirect regardless of what is on play.php.

This code is what is on db.php:

<?php
session_start(); 
mysql_connect("localhost", "dbuser", "dbpassword"); 
mysql_select_db("myDB");
function user_login($username, $password) 
{
$username = mysql_real_escape_string($username); 
$password = md5( mysql_real_escape_string($password) );
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
$rows = mysql_num_rows($sql); 

if ($rows<1)
{ 
echo "&serverResponse=Incorrect username/password"; 
}
else {
$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
$row=mysql_fetch_assoc($result);
$total = $row['total'];
header( "Location: play.php" ) ;
setcookie("username", "$username", time()+3600);
setcookie("total", "$total", time()+3600);
$_SESSION['username'] = $username;


} 
}
?>

This is what is on login.php:

<?php
include("db.php"); 
if (isset($_POST['username']) && isset($_POST['pword']))
{     
user_login($_POST['username'], $_POST['pword']); 
} 
?>

This is what is on play.php for now:

<?php
include("db.php"); 
if ((isset($_COOKIE["username"])) && (isset ($_COOKIE["total"]))) {
        echo ("Welcome" . $_COOKIE["username"]);
		echo ("Score: " . $_COOKIE["total"]); }
else {
 ob_start();
 header( 'Location: nogo.php' ) ;
}

?>
Member Avatar for vibhaJ

Also try below debugging.
echo "SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"; exit;
Run that output in phpmyadmin sql tab. Just crosscheck query returns result.

Member Avatar for vibhaJ

Why are you usign function for login?
You can direct do below:

<?php session_start(); 
mysql_connect("localhost", "dbuser", "dbpassword"); 
mysql_select_db("myDB");

if (isset($_POST['username']) && isset($_POST['pword']))
{
	
	$username = mysql_real_escape_string($_POST['username']); 
	$password = md5( mysql_real_escape_string($_POST['pword']) );
	$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
	$rows = mysql_num_rows($sql); 
	
	if ($rows<1)
	{ 
	echo "&serverResponse=Incorrect username/password"; 
	}
	else 
	{
	$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
	$row=mysql_fetch_assoc($result);
	$total = $row['total'];
	header( "Location: play.php" ) ;
	setcookie("username", "$username", time()+3600);
	setcookie("total", "$total", time()+3600);
	$_SESSION['username'] = $username;
	
	
	} 
}
?>

Reason for checking play.php is below:
Sometimes it happens that you have successfully login but in your protected page say play.page session is not set because of any reason, then even user is rediretd to play.php he is again thrown to login page.
I have this scenario in past so i asked you to check.

Edited by vibhaJ because: n/a
Member Avatar for CEVGames

@Dragon,

The only echo I have is if it is the wrong username and/or password (on the IF statement) will this affect the ELSE content, including the redirect? I tried placing ob_start (); above the redirect command. I made the changes with the spaces, but it made no difference. (I also have spaces on the play.php that do not affect the redirection. I did remove them and retest everything but it made no difference. Still stuck!


@Vib,

It is outputting the right information. It is running the querey. The code is doing EVERYTHING except redirecting.
When I used your code that removed the function aspect, I get the system error of: Fatal Error: Call to undefined function User_Login()

Member Avatar for vibhaJ

Don't call user_login function in login.php.
Just remove function user_login from all.
I think you can not redirect within a php function like this so avoid it.

Member Avatar for CEVGames

No error, but still no redirect. Am I correct in assuming that all I should have on the login.php is this:

<?php
include("db.php"); 
?>

Sorry, like I said in my initial post, this is all new to me.

Member Avatar for CEVGames

I ended up redoing everything and I got it to work. Thanks for your help.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.