Login, Redirect Multiple Users in PHP - Page 2

Just an afterthought, do you have cookies enabled on your browser?

yes cookies is enabled

I think it has to do with this section. The reason why I think its this secion is because it log into the server fine. Inside mySQL for redirect column (id, username, password, redirect), I have it redirect to workspace_files.php. Now, at this point, it won't go in there and redirect but instead it goes back to workspace.php. However if I put

header("Location: '$redirect'");

instead of

header("Location: $redirect");

it will actually redirect to the file specified in redirect column of mySQL which is workspace_files.php. The only problem is that it will say in the url as 'workspace_files.php' and there are no such file. 'workspace_files.php' is not a file but workspace_files.php is the file. I am not sure how to fix this. It must be a code related problem.

Below is the section I am talking about at the bottom of workspace_login.php.

// get the redirect column's value
    $redirect = trim($result['redirect']);
    if ($redirect == '') {
        echo "No redirect value was set!";
    } else {
        header("Location: $redirect");
        exit;
    }
} else {
    header("Location: workspace.php");
}

gaaaaaaah!!!

I assumed the directory was saved in the database, and not just the page name... facepalm

try:
header("Location: /$redirect");

if you are on a Windows server it may be:

header("Location: \$redirect");

and if all else fails...

header("Location: ./$redirect"); <- notice the period. If one period doesnt work, you can always try 2 ../

Its not hosted on a Window server. I believe its Linux. As for trying the differnt headers you suggested, none of them work. Still going back to workspace.php

All 3 'workspace' files are in the same directory?
In the redirect field in your database you have workspace_files.php (without any single or double quotes)?

Zagga,

Yes all 3 files are in the same directory. As for the workspace_files, there are no single or double quote.

Here is the setup for the table workspace in mySQL.

Field      Type         Collation           Null   Extra
id         int10                            No     auto_increment
username   varchar20    latin1_swedish_ci   No
password   varchar20    latin1_swedish_ci   No
redirect   varchar250   latin1_swedish_ci   No

Here is how the row(s) for workspace table are setup.

id     username     password     redirect
1      johndoe      12345        workspace_files.php

id is Primary and username, password and redirect is by default.

Zagga, if you look up you will see that the redirects are working. I forgot that we tested it last night and he said we got a message from the target page. The problem is with $_SESSION persistence.

instead, in workspace_login.php, before the header redirect (line 36), add session_write_close();

Also, I think exit on line 37 should be exit();

What I got so far but still the same.

<?php
//Start session
session_start();

$host="localhost"; // Host name 
$username="****"; // Mysql username 
$password="****"; // Mysql password 
$db_name="****"; // Database name 
$tbl_name="workspace"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count == 1){

// Register $username, $password and redirect
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

// get the result set from the query
$result = mysql_fetch_array($result);

// get the redirect column's value
$redirect = trim($result['redirect']);
    if ($redirect == '') {
        echo "No redirect value was set!";
    } else {
        session_write_close();
        header("Location: /$redirect");
        exit();
    }
} else {
    header("Location: workspace.php");
}
?>

after line 50 you need exit(); as well. any header change requires a complete exit(); from the script.

exit(); placed after line 50. Still the same

k, remove session_write_close();

Im betting the missing exit() was the problem. Should work with that gone.

removed. Still the same

from line 38 change as follows:

while ($data = mysql_fetch_array($result) {
 $redirect = trim($data['redirect']);
 if($redirect == '') {
  echo "No redirect value found!";
 }else {
 header("Location: $redirect");
 exit();
}
}
else {
header ("Location: workspace.php");
exit();
}
?>

What I got so far.

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count == 1){

// Register $username, $password and redirect
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

// get the result set from the query
while ($data = mysql_fetch_array($result) {
 $redirect = trim($data['redirect']);
 if($redirect == '') {
  echo "No redirect value found!";
 }else {
 header("Location: $redirect");
 exit();
}
}
else {
header ("Location: workspace.php");
exit();
}
?>

There is an error:

0
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

woops.. line 28 add another closing )

while ($data = mysql_fetch_array($result)) {

My bad with the exit typo, sorry about that. I'm also getting notification of updates late so missed an entire page of the thread.

Anyway, if we think it's a session problem we could try a simple test, without any of the extra code . . .

page1.php

<?php
session_start();
$_SESSION['testVar'] = "Session Persisted";
header('Location: page2.php');
exit();
?>

page2.php

<?php
session_start();
echo "Result: " . $_SESSION['testVar'];
?>

Browse to page1.php and see if we get the session variable when it redirects us to page2.php

Ryan,

I added another closing but still the same error.

Sorry I don't understand. Did you create the 2 test pages above and run page1.php?

Zagga,

I browse to page1 and it said Resutl on page 2

Just "Result: " not "Result: Session Persisted"?

Just Result:

Nothing more.

same 'result' we had last night :-P

to fix the code I gave you, add another } to line 34. The rest is fine.

and.. after review... it seems that you forgot session_start() at the top of your page again ;) That should fix your problem.

Ryan,

Still the same thing. I never forgot the session_start at the top. I just did not include it the last time. Sorry. Here is what I got so far per your code.

<?php
//Start session
session_start();

$host="localhost"; // Host name 
$username="*****"; // Mysql username 
$password="*****"; // Mysql password 
$db_name="*****"; // Database name 
$tbl_name="workspace"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count == 1){

// Register $username, $password and redirect
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

// get the result set from the query
while ($data = mysql_fetch_array($result)) {
 $redirect = trim($data['redirect']);
 if($redirect == '') {
  echo "No redirect value found!";
 }else {
 header("Location: $redirect");
 exit();  }
}
}
else {
header ("Location: workspace.php");
exit();
}
?>

do me a favor and clear out all your cookies. Close your browser, open and retry it. Make sure you are getting a cookie set.

Also, apparently an oddity, check to see if it works in another browser.

Just did with cookies. Same thing. I tried it in IE as well. Same thing.

did the cookie set in your cookies folder?

I am not really sure how to check this.

with internet explorer, you click the cog looking thing, go to internet settings -> (under history) settings -> view files

if there are a lot of them, you need to clear them out (delete them) and then try to run your script.