Header Location Redirect

[barrycorrigan]

Hi Everyone,

 

I'm having a bit of a problem if someone could help me with?

 

I have a simple registration form with fields userid, username, password, clientaddress

 

So when the user logs in with their username and password it will redirect to their client address but I cant get the redirect working. Here is my code:

 

$clientaddress = trim($_POST['clientaddress']);

$_SESSION['start'] = time();
header("Location:$clientaddress");  
exit;
}

 

also note if I add:

 

$clientaddress = 'http://www.google.com';

 

it redirects ok to google. It's getting the field from the database I think thats the problem

 

Can somone help it just wont redirect to the client address

[AyKay47]

if this is user a user reliant address, it will greatly depend on how they input the data..

no errors are received here?

[barrycorrigan]

Currently the clientaddress field in MySQL is a varchar(255) should this be different?

[AyKay47]

no

 

It's getting the field from the database I think thats the problem

what do you mean by this?

[barrycorrigan]

I have a database called users with fields (userid, username, password, clientaddress)

 

My client has a separate system for their clients. Each client has their own address.

 

So Im trying to create a register form so when their client types in their username and password it will automatically redirect to their address(hence the field client address)

 

But at the minute the when I login it wont redirect, the username and password are working ok it just wont re-direct to the "clientaddress"

[AyKay47]

the way your code is now, or at least the code you have shown.. it will redirect to whatever the user types in... you are not checking the database for the proper url at all.. perhaps show more relevant code.

[barrycorrigan]

OK so here is my register user script:

 

**NOTE = clientaddress is now named ip

 

<?php
// execute script only if form has been submitted
if (array_key_exists('register', $_POST)) {
  // remove backslashes from the $_POST array
  include('../_inc/corefuncs.php');
  include('../_inc/conn_mysql.inc.php');
  nukeMagicQuotes();  
  // check length of username and password
  $username = trim($_POST['username']);
  $pwd = trim($_POST['pwd']);
  $ip = trim($_POST['ip']);
  // initialize error array
  $message = array();
  
  // check length of username
  if (strlen($username) < 10 || strlen($username) > 20) {
    $message[] = 'Username must be between 10 and 20 characters';
}
  
  // validate username
  if (!ctype_alnum($username)) {
    $message[] = 'Username must consist of alphanumeric characters with no spaces';
}
  // check password
  
  if (strlen($pwd) < 6 || preg_match('/\s/', $pwd)) {
    $message[] = 'Password must be at least 6 characters with no spaces';
}
  
  // check that the passwords match
  if ($pwd != $_POST['conf_pwd']) {
    $message[] = 'Your passwords don\'t match';
}
  
  // if no errors so far, check for duplicate username
  if (!$message) {
    // connect to database as administrator
$conn = dbConnect('admin');

// check for duplicate username
    $checkDuplicate = "SELECT user_id FROM users
                   WHERE username = '$username'";
$result = mysql_query($checkDuplicate) or die(mysql_error());
$numRows = mysql_num_rows($result);
// if $numRows is positive, the username is already in use
if ($numRows) {
  $message[] = "$username is already in use. Please choose another username.";
  }

// otherwise, it's OK to insert the details in the database
else {
  // create a salt using the current timestamp
  $salt = time();
  // encrypt the password and salt with SHA1
  $pwd = sha1($pwd.$salt);
  // insert details into database
  $insert = "INSERT INTO users (username, salt, pwd, ip)
             VALUES ('$username', '$salt', '$pwd', '$ip')";
  $result = mysql_query($insert) or die(mysql_error());
  if ($result) {
    $message[] = "Account created for $username";
	}
  else {
    $message[] = "There was a problem creating an account for $username";
	}
  }
    }
  }
?>

 

and my login code is this:

 

<?php
// process the script only if the form has been submitted
if (array_key_exists('login', $_POST)) {
  // start the session
  session_start();
  include('../_inc/corefuncs.php');
  include('../_inc/conn_mysql.inc.php');
  // clean the $_POST array and assign to shorter variables
  nukeMagicQuotes();
  $username = trim($_POST['username']);
  $pwd = trim($_POST['pwd']);
  $ip = trim($_POST['ip']);
  
  // connect to the database as a restricted user
  $conn = dbConnect('query');
  // prepare username for use in SQL query
  $username = mysql_real_escape_string($username);
  // get the username's details from the database
  $sql = "SELECT * FROM users WHERE username = '$username'";
  $result = mysql_query($sql);
  $row = mysql_fetch_assoc($result);
  // use the salt to encrypt the password entered in the form
  // and compare it with the stored version of the password
  // if they match, set the authenticated session variable 
  if (sha1($pwd.$row['salt']) == $row['pwd']) {
    $_SESSION['authenticated'] = 'Jethro Tull';
}
  // if no match, destroy the session and prepare error message
  else {
    $_SESSION = array();
session_destroy();
$error = 'Invalid username or password';
}
  // if the session variable has been set, redirect
  if (isset($_SESSION['authenticated'])) {
// get the time the session started
$_SESSION['start'] = time();
header("Location:$ip");  
exit;
}
  }
?>

 

I hope this is more clear..

[barrycorrigan]

any help on this would be greatly appreciated :-)