By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,967 Members | 1,690 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,967 IT Pros & Developers. It's quick & easy.

Help needed with Php session variable..!

P: 2
the code does not head me to the index page instead it head me to (itself) even though true user name and password is set
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. if (isset($_SESSION['pass'])){
  4.     header("location:index.php");
  5.     exit();
  6.     }
  7.     //Connection to database
  8.       if(isset($_POST['enter']))
  9.           {     
  10.                if($_POST['name']!=NULL && $_POST['pass']!=NULL)
  11.                     {
  12.                                //...
  13.                             $pass1=preg_replace('#[*0-9]#i','',$_POST['pass']);
  14.                             $manager1=preg_replace('#[*A-Za-z0-9]#i','',$_POST['name']);
  15.                             //connect to the databases
  16.                                 include "../ex/connect_to_mysql.php";
  17.                             //Query database
  18.                            $sql=mysql_query("select password from admin where password='$pass' and name='$manager' limit 1");
  19.                            $adminCount=mysql_num_rows($sql);
  20.                            if($adminCount==1)
  21.                                {
  22.                                    while($row=mysql_fetch_array($sql))
  23.                                            {
  24.                                            $pass=$row['password'];
  25.                                         }
  26.                                         $_SESSION['pass']=$pass1;
  27.                                         $_SESSION['manager']=$manager1;
  28.                                         //send to index page..
  29.                                     header("location:index.php");
  30.                                     exit();
  31.                                }
  32.                            else
  33.                                {
  34.                                      echo 'The Information Is Not Correct: <a href="index.php">Click Here...!';
  35.                                       exit();  
  36.                                 }
  37.                     }
  38.                 else
  39.                    {
  40.                        header("location:login.php");
  41.                        exit();
  42.                    }
  43.           }
  44. ?>
  45. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  46. <html xmlns="http://www.w3.org/1999/xhtml">
  47. <head>
  48. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  49. <title>login</title>
  50. </head>
  51.  
  52. <body>
  53. <form action="login.php" name="frmlog" method="post">
  54. <table width="45%" border="1" align="center">
  55.   <tr>
  56.     <td>&nbsp;</td>
  57.     <td>&nbsp;</td>
  58.     </tr>
  59.   <tr>
  60.     <td colspan="2" align="center"><h3>Enter Login Details:</h3></td>
  61.     </tr>
  62.   <tr>
  63.     <td width="32%" align="right">User Name:</td>
  64.     <td width="56%"><label for="name"></label>
  65.       <input name="name" type="text" id="name" size="30" /></td>
  66.   </tr>
  67.   <tr>
  68.     <td align="right">password:</td>
  69.     <td><label for="pass"></label>
  70.       <input name="pass" type="password" id="pass" size="30" /></td>
  71.   </tr>
  72.   <tr>
  73.     <td></td>
  74.     <td align="left"><input type="submit" name="enter" id="enter" value="Login" /></td>
  75.   </tr>
  76.   <tr>
  77.     <td colspan="2" align="center">hilaryComber &copy;2012</td>
  78.   </tr>
  79. </table>
  80. </form>
  81. </body>
  82. </html>
Jan 17 '12 #1
Share this Question
Share on Google+
3 Replies


100+
P: 1,059
I dont know anything about preg_replace, i dont know how it work, so I wonder what does that function returns.

Besides your Query is very much unsafe. Your server will be cracked very fast.

learn about the SQL Injection. and also look at mysql_real_escape_string function

and do not put your password into session. keep the username.

I wonder which one is index.php????

if your user logged in already then he will be forwarded to index.php file using location header. But if user login failed then user is suggested to click on certain link that will forward to index.php? what is your intension buddy?
Jan 18 '12 #2

P: 2
When user directed to index.php the session will automatic realize that user session was not created, then he/she will be directed to login.php page,Since user session was not created
Jan 18 '12 #3

Dormilich
Expert Mod 5K+
P: 8,639
I dont know anything about preg_replace, i dont know how it work, so I wonder what does that function returns.
preg_replace() returns an array if the subject parameter is an array, or a string otherwise.

If matches are found, the new subject will be returned, otherwise subject will be returned unchanged or NULL if an error occurred.
Jan 18 '12 #4

Post your reply

Sign in to post your reply or Sign up for a free account.