Member Avatar for Octet

Ok,

I am having a 'WTF' moment, I cannot see what is going wrong and it is really beginning to bug me.
I am attempting to send a user to an error page if the username or password is incorrect but it keeps redirecting to a page which doesn't exist and that I didn't specify.

This is my HTML (it does go to the correct page as if I get my password e.t.c. correct then I can login):

<form action = "../Scripts/Login.php" method = "POST" >

    <p> Username: </p>
    <input type = "text" name = "Username" /> <br><br>

    <p> Password: </p>
    <input type = "password" name = "Password" /> <br><br>

    <input type = "submit" value = "Login" /> <br><br>

</form>

That should then go to this PHP script:

<?php

    session_start();

    $User        = mysql_real_escape_string(strtolower($_POST['Username']));
    $Password  = mysql_real_escape_string(md5($_POST['Password']));

    $Username = preg_replace('/\s+/', '', $User);

    mysql_connect ("localhost", "root", "password") or die ("Couldn't Connect to Database Server");
    mysql_select_db ("database") or die ("Couldn't Find Database on Server");

    $Login = mysql_query ("SELECT * FROM Member_Data WHERE Username = '$Username' AND Password = '$Password'");
    $Count = mysql_num_rows($Login);


    if ($Count == 0)
    {
        mysql_close();

        die (Header ('Location: Errors/Login/Existance.php'));
    }

    while ($Privilege = mysql_fetch_array($Login))
    {

        if ($Privilege['Privilege'] == 3)
        {
            die (Header ('Location: Errors/Login/Banned.php'));
        }

        else
        {
            $_SESSION['Logged'] = "YES";
            $_SESSION['Username'] = $Username;

            die (Header ('Location: ../Pages/Members.php'));
        }

    }

?>

So if either the username or password is incorrect, it shouldn't be found in the database and thus it should display the error message that it doesn't exist.
Instead it goes to the following page: http://192.168.0.10/Scripts/Errors/Login/Login.php
Am I going crazy or is something very strange happening?

Thank you

Edited by Octet
  • 3 Contributors
  • 3 Replies
  • 279 Views
  • 18 Minutes Discussion Span
  • Latest Post Latest Post by Octet
Member Avatar for Squidge

not sure if this is correct but remove the die statment from your redirect:

<?php
if ($Count == 0)
 {
 mysql_close();
 header("Location: Errors/Login/Existance.php");
 exit();
 }
?>

Also check the relativness of the path to your current script

Edited by Squidge
Member Avatar for diafol

Try this snip:

if ($Count == 0){
        mysql_close();
        echo '<a href="Errors/Login/Existance.php">none found</a>';
        exit;

        //die (header('Location: Errors/Login/Existance.php'));
}else{
    $Privilege = mysql_fetch_array($Login);

    if ($Privilege['Privilege'] == 3){
        echo '<a href="Errors/Login/Banned.php">banned</a>';
        exit;
        //die (header ('Location: Errors/Login/Banned.php'));
    }else{
        $_SESSION['Logged'] = "YES";
        $_SESSION['Username'] = $Username;
        echo '<a href="../Pages/Members.php">logged in</a>';
        exit;
        //die (header ('Location: ../Pages/Members.php'));
    }

}

It should let you see if your code works (user checking). You then click the link to see if you go to the correct page.

Edited by diafol
Member Avatar for Octet

Thanks for all the help but I have found the problem...
Instead of writing out all the code again for the basic layouts of the pages, I copied one of them accross. This happened to be the Members page which would redirect if you hadn't logged in hence why it said '

http://192.168.0.10/Scripts/Errors/Login/LOGIN.php

Thanks for the help though, my stupid mistake!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.