All geek questions in one place

Index page does not appear after login

I have a process page for logging in, I can connect to the database, and also check the username and password.

but after that I can’t show the index page after a successful login. This is my code:

$dbc=mysql_connect(_SRV,_ACCID,_PWD) or die(_ERROR15.": ".mysql_error());
$db=mysql_select_db("qdbase",$dbc) or die(_ERROR17.": ".mysql_error());

    switch(postVar('action')) {
                    case 'submitlogin' :
                    submitlogin(postVar('loguser'),postVar('logpass'));
                    break;
    }
    function submitlogin($loguser,$logpass){
    if(isset($loguser, $logpass)) {
        ob_start();
        // To protect MySQL injection (more detail about MySQL injection)
        $myusername = stripslashes($loguser);
        $mypassword = stripslashes($logpass);
        $myusername = mysql_real_escape_string($myusername,$dbc);
        $mypassword = mysql_real_escape_string($mypassword, $dbc);
        $sql="SELECT * FROM admin WHERE user='$myusername' AND password=('$mypassword')";
        $result=mysql_query($sql, $dbc);
        // Mysql_num_row is counting table row
        $count=mysql_num_rows($result);
        // If result matched $myusername and $mypassword, table row must be 1 row
        if($count==1){
            // Register $myusername, $mypassword and redirect to file "admin.php"
            session_register("admin");
            session_register("password");
            $_SESSION['name']= $myusername;
            header("location:index1.php");
        }
        else {
            $msg = "Wrong Username or Password. Please retry";
            header("location:login.php?msg=$msg");
        }
  //      ob_end_flush();
    }
    else {
        header("location:login.php?msg=Please enter some username and password");
    }
    mysql_close($dbc);
    ob_end_flush();
    }

Can you help me solve this problem?

EDIT

I got confused in this part from index1.php:

<?php
session_start(); //Start the session
define(ADMIN,$_SESSION['name']); //Get the user name from the previously registered super global variable
if(!session_is_registered("admin")){ //If session not registered
header("location:login.php"); // Redirect to login.php page
}
else //Continue to current page
header( 'Content-Type: text/html; charset=utf-8' );
?>

and this part is from login.php because I think they are not syncing:

if(mysql_num_rows($result) > 0)
        {
            session_register("admin");
            session_register("password");

            $_SESSION['name']= $myusername;

            header("location:index1.php");
        }

I only have a user and password, where does it come from admin? bcoz from this i get:

 PHP Notice:  Use of undefined constant ADMIN - assumed 'ADMIN' in /var/www/html/index1.php on line 12
+3
source share
2 answers

Damage to your real shoots.

$myusername = mysql_real_escape_string($dbc, $myusername);
$mypassword = mysql_real_escape_string($dbc, $mypassword);

Must be

$myusername = mysql_real_escape_string($myusername, $dbc);
$mypassword = mysql_real_escape_string($mypassword, $dbc);

heres doc block:

string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )

@source: http://php.net/manual/en/function.mysql-real-escape-string.php

$result=mysql_query($dbc, $sql);


$result = mysql_query($sql, $dbc);

# 1

, , , :

if(false === ($dbc = mysql_connect(_SRV,_ACCID,_PWD) die(_ERROR15.": ".mysql_error());
if(false === mysql_select_db("qdbase",$dbc)) die(_ERROR17.": ".mysql_error());


switch(postVar('action'))
{
    case 'submitlogin':
        submitlogin(postVar('loguser'),postVar('logpass'));
            mysql_close($dbc);
            exit; //Flushing the headers
    break;
}

function submitlogin($loguser,$logpass)
{
    if(isset($loguser, $logpass))
    {
        $myusername = mysql_real_escape_string(stripslashes($loguser));
        $mypassword = mysql_real_escape_string(stripslashes($logpass));

        $sql = sprintf("SELECT * FROM admin WHERE user='%s' AND password=('%s')",$myusername,$mypassword);

        if(false === ($result = mysql_query($sql))
        {
            //Show Database query error and die()
        }

        // If result matched $myusername and $mypassword, table row must be 1 row
        if(mysql_num_rows($result) > 0)
        {
            session_register("admin");
            session_register("password");

            $_SESSION['name']= $myusername;

            header("location:index1.php");
        }else
        {
            header("location:login.php?msg=" . urlencode("Wrong Username or Password. Please retry"));
        }
    }else{
        header("location:login.php?msg=" . urlencode("Please enter some username and password"));
    }
}
+2

, - header()? ( ), .

http://php.net/manual/en/function.header.php

0

Source: https://habr.com/ru/post/1772819/

More articles:


All Articles