harshadmethrath Posted October 1, 2010 Share Posted October 1, 2010 I had a success page redirect after the login...but the login happens even if the username and password is not entered. you can check it in colonialcasa.org here's the code for the login.php page ( i have obviously changed the server name, database and password for privacy reasons ) <? /*simple checking of the data*/ if(isset($_POST['login']) & isset($_POST['pass'])) { /*Connection to database logindb using your login name and password*/ $db=mysql_connect('servername','login','password') or die(mysql_error()); mysql_select_db('mpahost_logindb'); /*additional data checking and striping*/ $_POST['login']=mysql_real_escape_string(strip_tags(trim($_POST['login']))); $_POST['pass']=mysql_real_escape_string(strip_tags(trim($_POST['pass']))); $q=mysql_query("SELECT * FROM login WHERE login='{$_POST['login']}' AND pass='{$_POST['pass']}'",$db) or die(mysql_error()); /*If there is a matching row*/ if(mysql_num_rows($q) > 0) { $_SESSION['login'] = $_POST['login']; $login='Welcome back '.$_SESSION['login']; } else { $login= 'Wrong login or password'; } mysql_close($db); } /*Use of Sessions*/ if(!session_id()) header("Location: advocates.html"); // success page. put the URL you want header("Cache-control: private"); //avoid an IE6 bug (keep this line on top of the page) $login='NO data sent'; //you may echo the data anywhere in the file echo $login; ?> Quote Link to comment Share on other sites More sharing options...
DavidAM Posted October 1, 2010 Share Posted October 1, 2010 You are redirecting based on the value returned by the session_id() function. That function has nothing to do with whether the login succeeded or not. Here is your code with some changes and comments - note: you should use the code ( # ) tags or php ( [ php ] ) tags when posting code on the forum, it makes it easier to read. <?php // ALWAYS USE FULL TAGS, THE SHORT TAGS WILL CREATE PROBLEMS FOR YOU LATER /*simple checking of the data*/ if(isset($_POST['login']) & isset($_POST['pass'])) { // INDENT YOUR CODE SO IT IS EASIER TO READ /*Connection to database logindb using your login name and password*/ $db=mysql_connect('servername','login','password') or die(mysql_error()); mysql_select_db('mpahost_logindb'); /*additional data checking and striping*/ // YOU SHOULD NOT NEED strip_tags() UNLESS magic_quotes IS TURNED ON $_POST['login']=mysql_real_escape_string(strip_tags(trim($_POST['login']))); $_POST['pass']=mysql_real_escape_string(strip_tags(trim($_POST['pass']))); $q=mysql_query("SELECT * FROM login WHERE login='{$_POST['login']}' AND pass='{$_POST['pass']}'",$db) or die(mysql_error()); /*If there is a matching row*/ if(mysql_num_rows($q) > 0) { $_SESSION['login'] = $_POST['login']; $login='Welcome back '.$_SESSION['login']; // DO YOUR REDIRECT HERE SINCE YOU KNOW THE LOGIN IS VALID header("Location: advocates.html"); // success page. put the URL you want // ALWAYS, ALWAYS exit() AFTER A REDIRECT exit(); } else { $login= 'Wrong login or password'; } mysql_close($db); } // ?? header("Cache-control: private"); //avoid an IE6 bug (keep this line on top of the page) // THIS WILL OVERWRITE WHATEVER YOU SET $login TO INSIDE THE IF ABOVE $login='NO data sent'; //you may echo the data anywhere in the file echo $login; ?> Generally, you should do something more for the user when the login fails, like sending them back to the login form. Quote Link to comment Share on other sites More sharing options...
harshadmethrath Posted October 4, 2010 Author Share Posted October 4, 2010 Thanks a lot After using this code...i am receiving " no data sent" error message. try it in colonialcasa.org/signup.html. create a login and try to log in throug any of the pages. ur help is much appreciated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.