Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Jun 2005
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts

    session - redirect url cannot load!

    Hi, here's my sample_login.php. The redirected url cannot be loaded. The code means that unless mobile and password are the same from those db, then it will always redirect to iteself, else it will direct to the url indicated. thks a lot!

    rgds

    P.S I really hate to paste a whole lump of code, when I could not get the answers from the search results, I left with no choice.


    <?
    session_start(); // start session.
    //modified from http://www.evolt.org/article/Creatin.../?format=print
    //google search login php
    ?>
    <!-- header tags, edit to match your own, or include template header file. -->
    <html>
    <head>
    <title>Login</title>
    <head>
    <body>
    <?
    if(!isset($Mobile) | !isset($password)) {
    //echo"<br>mobile and password not set";
    // escape from php mode.
    ?>
    <form action="<?=$PHP_SELF;?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST" name="loginform" target="_self" >
    <p align="center">Members only. Please login to access this document.</p>
    <table align="center" border="0">
    <tr>
    <th>
    Username:
    </th>
    <th>
    <input type="text" name="Mobile">
    </th>
    </tr>
    <tr>
    <th>
    Password:
    </th>
    <th>
    <input type="password" name="password">
    </th>
    </tr>
    <tr>
    <th colspan="2" align="right">
    <input type="submit" value="Login" >
    </form>
    </th>
    </tr>
    </table>
    </body>
    </html>
    <?
    exit();
    }

    // If all is well so far.
    include ("Conf_Main.php");
    session_register("Mobile");
    session_register("password"); // register mobile and password as session variables.

    $table = "tblcdr_users_test";

    // Here you would check the supplied mobile and password against your database to see if they exist.
    // For example, a MySQL Query, your method may differ.

    $Link1 = mysql_connect($g_dbHost1, $g_dbUser1, $g_dbPass1)or die("Fail to Conn DB! ".mysql_error());
    mysql_select_db($g_dbmysmscallback, $Link1) or die("Fail to Select DB! ".mysql_error);


    $current_date = date('Y-m-d');
    $sql = "SELECT password FROM $table WHERE mobile = '$Mobile' and expired>'$current_date'";
    //echo"<br>\$sql: $sql";
    $result = mysql_query($sql);
    //echo"<br>SELECT password FROM $table WHERE mobile = '$Mobile'";
    $fetch_em = mysql_fetch_array($result);
    $numrows = mysql_num_rows($result);

    if($numrows != "0" & $password == $fetch_em["password"]) {
    $valid_user = 1;
    $insertGoTo="osms_svc_mgmt5.php?Mobile=$Mobile&password=$password";
    print "<script language=\"JavaScript\">";
    print "window.location ='$insertGoTo'";
    print "</script>";
    exit();
    }
    else {
    $valid_user = 0;
    }

    // If the mobile exists and pass is correct, don't pop up the login code again.
    // If info can't be found or verified....

    if (!($valid_user))
    {
    session_unset(); // Unset session variables.
    session_destroy(); // End Session we created earlier.
    // escape from php mode.
    ?>
    <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST" name="loginform" target="_self">
    <p align="center">Incorrect login information, please try again. You must login to access this document.</p>
    <table align="center" border="0">
    <tr>
    <th>
    Username:
    </th>
    <th>
    <input type="text" name="Mobile">
    </th>
    </tr>
    <tr>
    <th>
    Password:
    </th>
    <th>
    <input type="password" name="password">
    </th>
    </tr>
    <tr>
    <th colspan="2" align="right">
    <input type="submit" value="Login">
    </form>
    </th>
    </tr>
    </table>
    </body>
    </html>
    <?
    exit();
    }
    ?>

    part of the url the login script direct to

    <?php
    //session_start(); // start session.
    include ("Conf_Main.php");
    include ("login15.php");
    //template is osms_svc_mgmt3.html
    //starting from osms_svc_mgmt4.php will capture password
    //from version osms_svc_mgmt5.php will prevent user from coming to this page straight away from typing address/query string in URL
    //from osms_svc_mgmt6.php uses !isset($_SESSION['

    /*if (isset($_GET['Mobile']))
    {echo"<br>\$Mobile get";$Mobile=$_GET['Mobile'];}
    else if (isset($_POST['Mobile']))
    {echo"<br>\$Mobile post";$Mobile=$_POST['Mobile'];}
    else $Mobile="";

    if (isset($_GET['password']))
    $password=$_GET['password'];
    else if (isset($_POST['password']))
    $password=$_POST['password'];
    else $password="";*/

    if (!isset($_SESSION['Mobile'])) {
    $Mobile = $_SESSION['Mobile'];
    }
    else {
    $Mobile="";
    }

    if (!isset($_SESSION['password'])) {
    $password = $_SESSION['password'];
    }
    else {
    $password="";
    }

    echo "<br>\$Mobile: $Mobile";
    echo "<br>\$password: $password";

    //echo"<br>\$password before session_register: $password";
    /*session_register("Mobile");
    session_register("password"); // register mobile and password as session variables.
    echo"<br>\$Mobile after session_register: $Mobile";*/
    //echo"<br>\$password after session_register: $password";

    ?>
    Last edited by chleng; 07-12-2005 at 08:43 AM.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Eh?
    I'm confused, what is the trouble its causing exactly?
    If this is all one script, one thing I'll mention is that your placing exit functions without being in conditional statements. This is by no means wrong, however for your purposes it will never make it to the next set of evaluations.
    If you want me to, I'll throw together a simple login script for you, based off of what you have. All I need to know is what your php configurations are for sessions.use_cookies, sessions.use_only_cookies, and sessions.use_trans_sid, and if you would like to force only cookies on (which is more secure in this situation, though don't mistaken it as the same for using cookies).


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •