Board index   FAQ   Search  
Register  Login
Board index php forum :: Database mySQL & php coding

Redirect unauthorized user to login form

Codes here !

Moderators: macek, egami, gesf

Redirect unauthorized user to login form

Postby wmdrumaizi » Mon Apr 28, 2003 3:05 am

Hi guys;

I'm working on my login page. I have login.html(user enter username and password) and login.php (to process login.html entry-only authorized user can access).

When user enter valid username and password it will redirect user to login.php....ok it's work very well. But when user enter invalid username and password it will redirect user to login.php too but with error

Warning: Cannot add header information - headers already sent by (output started at C:\apache\htdocs\researchers\login.php:19) in C:\apache\htdocs\researchers\login.php on line 147

What I want is if user enter invalid username and password, they will be redirected to login form once again (login.html). Which mean they have to enter username and passsord once again. here is my code for login.php
Code: Select all
<?php
//declare
define ('HOST', 'localhost');
define ('USER', '');
define ('PASS', '');
define ('DB', 'researchers');
//Check if user has logged in,
if (empty($HTTP_SESSION_VARS['username']))
{
   //connect to the database  and get numfound
   mysql_connect(HOST, USER, PASS);
   mysql_select_db(DB);
   $result = mysql_query("SELECT COUNT(*) AS numfound FROM maintable WHERE username='{$HTTP_POST_VARS['username']}' AND pass='{$HTTP_POST_VARS['pass']}'");
   $result_ar = mysql_fetch_array($result);
   if ($result_ar['numfound'] > 0)
   {
      $username=$HTTP_POST_VARS['username'];
      session_register('username');
      echo "<font color=\"#000000\" face=\"verdana\" size=\"3\">Success!!!!</font>";
   }
   else
   {
      header( 'Location: login.html?error=1' );
      exit;
   }
}
?>


I'm also having problem to logging out. When user has logged in and they want to log out, they click Log Out button.
What I want is when they click Log Out button, they will be redirected to login.html. But what is happening to my page is they can log out but they are not redirected to login.php
Here is my log out code:
Code: Select all
<?php
session_start();
?>
<?php
if(session_is_registered('username'))
   {
   session_unset();
   session_destroy();
   }
   else
   {
   header( 'Location: login.html' );
   }
?>


Any help would highly be appreciated...
Best regards
User avatar
wmdrumaizi
New php-forum User
New php-forum User
 
Posts: 40
Joined: Thu Jan 23, 2003 5:15 pm
Location: Malaysia

Postby bezmond » Mon Apr 28, 2003 4:22 am

I'm also having problem to logging out. When user has logged in and they want to log out, they click Log Out button.
What I want is when they click Log Out button, they will be redirected to login.html. But what is happening to my page is they can log out but they are not redirected to login.php
Here is my log out code:
Code:


Code: Select all
<?php
session_start();
?>
<?php
if(session_is_registered('username'))
   {
   session_unset();
   session_destroy();
   header( 'Location: login.html' );
   }
   else
   {
   echo "You are not logged in";
   }
?> 


where I put the echo, you could also include a header() function, but that is just to demonstrate.[/quote][/code]
User avatar
bezmond
Moderator
Moderator
 
Posts: 312
Joined: Sat Apr 05, 2003 4:33 am
Location: Mansfield, UK

Postby wmdrumaizi » Mon Apr 28, 2003 11:09 pm

Hey man, I got this error:

Warning: Cannot add header information - headers already sent by (output started at C:\apache\htdocs\researchers\logout.php:4) in C:\apache\htdocs\researchers\logout.php on line 9

Line 9 is:
header( 'Location: login.html' );
User avatar
wmdrumaizi
New php-forum User
New php-forum User
 
Posts: 40
Joined: Thu Jan 23, 2003 5:15 pm
Location: Malaysia

Postby wmdrumaizi » Mon Apr 28, 2003 11:36 pm

I've finally find out how to get rid of thid error:

Warning: Cannot add header information - headers already sent by (output started at C:\apache\htdocs\researchers\logout.php:4) in C:\apache\htdocs\researchers\logout.php on line 9

I simply put
Code: Select all
<?php
ob_start();
?>

on the top of my php page...(page with header('Location: page.php') function).

p/s: Just in case our pal having this same problem. Thanks bezmond...

But I need more help:
If user entered invalid password/username or they did not enter password/username they will be redirected to login form (mine is login.html).

Could you please tell me how to display message in the login form once the visitor have been redirected. i.e "Your password is incorrect" or "You did not provide password/username, try again".
Do I need to change my login form(login.html) to php (login.php)...
Thanks once again.
User avatar
wmdrumaizi
New php-forum User
New php-forum User
 
Posts: 40
Joined: Thu Jan 23, 2003 5:15 pm
Location: Malaysia

Postby Redcircle » Tue Apr 29, 2003 2:25 am

ob_start is just a workaround it is not a solution. You are getting that error because output is being sent to the browser then later in the script you are making a header call which you cannot do. make sure there are no echo's or missed spaces outside of the <? and ?> if you have any characters even spaces outside of those it output's to the browser and can cause conflicts. If I were you I would look for those errors.
User avatar
Redcircle
Moderator
Moderator
 
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA

Postby wmdrumaizi » Wed Apr 30, 2003 1:32 am

What do you mean? Is there any disadvantages/vulnerabilities if I put "ob_start();" in my php page? So what is your opinion?

Any opinion and advise would be appreciated
User avatar
wmdrumaizi
New php-forum User
New php-forum User
 
Posts: 40
Joined: Thu Jan 23, 2003 5:15 pm
Location: Malaysia


Return to mySQL & php coding

Who is online

Users browsing this forum: Baidu [Spider] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.