Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Jun 2012
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation I'm playing PHP for login and I'm using PDO

    I have created a login page with PDO connection for db.
    Then i got 5 files index.php, login.php, securedpage.php,
    user.php, connection.php, and the style.css.

    And now submitting my login form which is in login.php.
    Instead securedpage.php, it will display the index.php
    after submission. I wonder why it won't redirect to
    securedpage.php. Can anyone give advice on why and how.
    This is my securedpage.php
    Code:
     
    <?php
    
    // Inialize session
    session_start();
    
    // Check, if username session is NOT set then this page will jump to login page
    if (!isset($_SESSION['username'])){
      header("Location: index.php");
    }
    
    ?>
    <html> body goes along after this line.
    And my user.php to process the login.
    Code:
    <?php
    
    include_once('connection.php');
    
    class User{
    
    	private $db;
    	
    	public function __construct(){
    		$this->db = new Connection();
    		$this->db = $this->db->dbConnect();	
    	}
    
    	public function Login($name, $pass){
    		if(!empty($name) && !empty($pass)){
    			$st = $this->db->prepare("select * from user where username=? and password=?");
    			$st->bindParam(1, $name);
    			$st->bindParam(2, $pass);
    			$st->execute();
    			
    			var_dump($st->rowCount());
    			if($st->rowCount() == 1){
    				header('Location: securedpage.php');
    			}else {
    				echo "Incorrect username and password";			
    			}
    			
    		}else{
    			echo "Please enter username and password";
    		}
    		
    	}
    }
    I feel there is something missing on these part.
    Can anyone give an advice.

    Thanks advance.

  • #2
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,342
    Thanks
    13
    Thanked 349 Times in 345 Posts
    thought #1, why redirect when you can include the content directly?

    thought #2, a User class should not do the redirect. what if the target page changes? cf. thought #1

    thought #3, if you eventually make a redirect, do not proceed with the page. cf. thought #1

    thought #4, SQL, if you’re only interested in whether the user’s credentials are correct, why fetching alll the user data? using COUNT() and PDOStatement->fetchColumn() is better.

    thought #5, a class should not echo directly. otherwise its uses (use places) are limited.

    thought #6, where do you set $_SESSION['username']?

    thought #7, I recommend to use bindValue() over bindParam() in this case (the Manual is a bit inconsistent on when to use what).
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #3
    New Coder
    Join Date
    Jun 2012
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Dormilich View Post
    thought #1, why redirect when you can include the content directly?

    thought #2, a User class should not do the redirect. what if the target page changes? cf. thought #1

    thought #3, if you eventually make a redirect, do not proceed with the page. cf. thought #1

    thought #4, SQL, if you’re only interested in whether the user’s credentials are correct, why fetching alll the user data? using COUNT() and PDOStatement->fetchColumn() is better.

    thought #5, a class should not echo directly. otherwise its uses (use places) are limited.

    thought #6, where do you set $_SESSION['username']?

    thought #7, I recommend to use bindValue() over bindParam() in this case (the Manual is a bit inconsistent on when to use what).
    I'm not really good on this yet. Just following some random tuts then analyzing on how was it etc...
    #1 - Can you help me point?
    #2 - What do you mean changes and is it possible with a user class?
    #3 - I just want to go to another page once login has successfully.
    #4 - I'll try this one.
    #5 - I'll try this one.
    #6 - It was a name of my table col.
    #7 - Ok i'll try this one.

  • #4
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,342
    Thanks
    13
    Thanked 349 Times in 345 Posts
    #1, example
    PHP Code:
    // instead of
    if ($condition)
    {
        
    header("Location; page.php");
        exit;
    }

    // do
    if ($condition)
    {
        include 
    "page.php";
        exit;

    #2, what if you want to redirect to secure_page_2.php instead of securedpage.php?


    #3, if you send a redirect header, you tell the browser to request a new page. but if you send further output along, you will transfer unnecessary data.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •