473,407 Members | 2,359 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > not go to right page after login

Join Bytes to post your question to a community of 473,407 software developers and data experts.

not go to right page after login

halo!!
when i login for the user it cannot go to the user page but go to admin page...
plz help me...
Expand|Select|Wrap|Line Numbers
  1. if(isset($_POST['submit']))
  2.     {
  3.         if($_POST['reg_empNo']!='' && $_POST['reg_pword']!='')
  4.         {
  5.             //Use the input username and password and check against 'users' table
  6.             $query = mysql_query("SELECT * FROM register WHERE reg_empNo='".$_POST["reg_empNo"]."' AND reg_pword='".$_POST["reg_pword"]."'");
  7.  
  8.             if(mysql_num_rows($query) == true || $_SESSION['reg_position']=="admin")
  9.             {    
  10.                 $_SESSION["valid_user"] = $_POST["reg_empNo"];
  11.                 $_SESSION["valid_time"] = time();
  12.                 die("<html><head><meta http-equiv=\"Content-type\" content=\"text/html; charset=utf-8\" /><link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" /></head><body><div><center><img src=\"source/statschipac logo.ashx.gif\" alt=\"Logo\" /><img src='source/comp_info.bmp'></center></div><p align='right'><SCRIPT TYPE=\"text/javascript\">document.write(new Date());</SCRIPT><ul id='nav'><li><b><font size='3'><a href='' target='middle'>LIST</a></li><li><a href='' target='middle'>UPDATE</a></li><li><a href='' target='middle'>DELETE</a></li><li><a href='index.html' target='middle'>LOGOUT</a></li></ul><br><h3><align=left><font color='blue'>EMPLOYEE NO : " . $_POST["reg_empNo"]."<br>LOGGED IN : " . date("m/d/Y", $_SESSION["valid_time"])."</font></h3><br><br><table border=3 bordercolor='#990066'><tr><td>LOT ID : </td><td><input type=text name=pro_lot_id size=10></td></tr><tr><td colspan='2' align='center' bgcolor=><input type=submit value=SEARCH></td></tr></table></body></html>");
  13.             }
  14.             if($_SESSION['reg_position'] !=='admin')
  15.             {    
  16.                 $_SESSION["valid_time"] = time();
  17.                 die("<html><head><meta http-equiv=\"Content-type\" content=\"text/html; charset=utf-8\" /><link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" /></head><body><div><center><img src=\"source/statschipac logo.ashx.gif\" alt=\"Logo\" /><img src='source/comp_info.bmp'></center></div><p align='right'><SCRIPT TYPE=\"text/javascript\">document.write(new Date());</SCRIPT><ul id='nav'><li><b><font size='3'><a href='' target='middle'>INSERT</a></li><li><a href='' target='middle'>DISPLAY</a></li><li><a href='' target='middle'>LIST</a></li><li><a href='index.html' target='middle'>LOGOUT</a></li></ul><br><h5><font color='green'>EMPLOYEE NO : " . $_POST["reg_empNo"]."<br>LOGGED IN : " . date("m/d/Y", $_SESSION["valid_time"])."</font></h3><br><br><table border=3 bordercolor='#990066'><tr><td>LOT ID : </td><td><input type=text name=pro_lot_id size=10></td></tr><tr><td colspan='2' align='center' bgcolor='#CC3399'><input type=submit value=SEARCH></td></tr></table></body></html>");
  18.             }
  19.             else 
  20.             {
  21.                 $error = 'Your membership was not activated.';
  22.             }
  23.         }
  24.         else 
  25.         {
  26.             $error = 'Please user both your username and password to access your account';
  27.         }
  28.     }
  29.  
Feb 22 '10 #1
3 1806
dlite922
1,584 Expert 1GB
@taurus89. No offense but you have to go back to the drawing board and learn PHP.

To guide in the right direction, here's what you're doing wrong.

1. No sanitation. Imagin what would happen if I put this for your reg_pword field:

hack'; DROP TABLE register; '

Say good bye to your register table! This is called SQL Injection and a hacker could do much worse.

2. You're using die() to do forwarding. try header("Location: url/file.php").
Examples: http://php.net/manual/en/function.header.php

I'll leave it at those two for now. fix those then your code is worthy of logic debugging.





Dan
Feb 22 '10 #2
johny10151981
1,059 1GB
dlite922 San,
I just get surprised by the intelligence of your observation. This is a huge thing I have learned today.

Thanks.

Best Regards,
Johny
Feb 22 '10 #3
dlite922
1,584 Expert 1GB
You're welcome @Johny

BTW: Link to SQL Injection
http://en.wikipedia.org/wiki/SQL_injection

You can google "SQL Injection" for a wealth of more information.

I wish there was one complete source for those trying to learn PHP, to teach them right to begin with and put them on the right path. I.e. to teach them about SQL injection before giving them the functions to do it.

Online tutorials are really dispersed.



Dan
Feb 22 '10 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

0
session problem: don't work! but it's right! problem to destroy the session.
by: _mario.lat | last post by:
for ending a session I go to a page: destroysession.php and all it's right: I mean, all variable of session are destroied! BUT when I go to another page a new session (should) be created BUT whit...
PHP
1
What are the Consequences of Aspx page separate DLL from application DLL ?
by: Paul | last post by:
Title: What are the Consequences of Aspx page separate from app DLL Hi JL; I am working on a big asp.net application. When we migrate the dll (or dlls) to the production server, all users who are...
ASP / Active Server Pages
6
HttpWebRequest not accessing a logged in page correctly
by: omyek | last post by:
I'm trying to mimic the browsing of a webpage using an HttpWebRequest. I've had a lot of luck with it so far, including logging into pages, posting form data, and even collecting and using cookies....
C# / C Sharp
7
back in history on aspx page
by: Luboą ©lapák | last post by:
Hi, I have a login page and after click on button Login I check username and password and if it is correct, i want load page, which was there before Login page. How can I do it? In javascript it...
C# / C Sharp
1
Login into a web page
by: Tom Jones | last post by:
Hi, I am using the HttpWebRequest and HttpWebResponse classes to pull information from a web server on the internet. I have an account on one of the webservers that I need to log into...
C# / C Sharp
8
RedirectFromLoginPage never returns to original page
by: Edward Mitchell | last post by:
I have a main project that is protected in that the user is directed to a login.aspx file. The text in the web.config file is: <authentication mode="Forms"> <forms loginUrl="Login.aspx" />...
ASP.NET
3
VB Login Page Problem
by: Dam6 | last post by:
Okay... Using vb .net within DW MX2004, connecting to an access database: Background: I have created a simple login.aspx page that is supposed to re-direct to default.aspx using...
ASP.NET
7
How do I protect my login page from prying eyes (forms authentication)?
by: Alan Silver | last post by:
Hello, Sorry this is a bit wordy, but it's a pretty simple question... I have a web site, http://domain/ which is a public site, part of which (http://domain/a/) is protected by forms...
ASP.NET
3
Page not updating after Login control authenticates
by: Bruce | last post by:
I just started the design of an ASP.NET application which accesses one of our custom web services to provide user authentication, among other purposes. I created a log-in page (code below),...
ASP.NET
5
Left column not growing with right
by: Timeri | last post by:
This is a bit confusing until you actually see what I'm talking about but the main content of my page is not growing with the right column. I want the main content (left/larger column) to take into...
HTML / CSS
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!