My login system doesn't redirect successfully. (PHP and mysql)

Report · Sep 09, 2011

I have the registration system ready and it seems to be working fine. All the registrants appear in mysql verified. I have a log in system set up in conjuction with the registration system. I inserted a user in mysql in order to log in and it does redirect successfully. The problem I have is that when I try to log in as a registrant, it won't redirect successfully when I submit the form, it only remains in the log in page. How would I fix this issue? How would I make it redirect? Many thanks!

Here is the code:

This is the login.php file

<?php require_once('../Connections/connFormGod.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "verified";
$MM_redirectLoginSuccess = "admin_index.php";
$MM_redirectLoginFailed = "admin_login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_connFormGod, $connFormGod);

$LoginRS__query=sprintf("SELECT username, password, verified FROM `admin` WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $connFormGod) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

    $loginStrGroup = mysql_result($LoginRS,0,'verified');

if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
}
else {
    header("Location: ". $MM_redirectLoginFailed );
}
}
?>

This is the page that it should redirect to - Index.php file.

<?php require_once('../Connections/connFormGod.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}

$MM_authorizedUsers = "y";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    }
    if (($strUsers == "") && false) {
      $isValid = true;
    }
}
return $isValid;
}

$MM_restrictGoTo = "admin_login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
}
return $theValue;
}
}

$colname_userDets = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_userDets = $_SESSION['MM_Username'];
}
mysql_select_db($database_connFormGod, $connFormGod);
$query_userDets = sprintf("SELECT AdminID, username, password, verified FROM `admin` WHERE username = %s", GetSQLValueString($colname_userDets, "text"));
$userDets = mysql_query($query_userDets, $connFormGod) or die(mysql_error());
$row_userDets = mysql_fetch_assoc($userDets);
$totalRows_userDets = mysql_num_rows($userDets);

if (isset($_POST['username'])) {

$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "admin_index.php";
$MM_redirectLoginFailed = "admin_login.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_connFormGod, $connFormGod);

}

?>

Report · Sep 09, 2011

I think you must look into your HTML code instead of PHP Code. Look at the image below:

You can see there is an ACTION in HTML code where there is a form tag. When working with Dreamweaver, Dreamweaver automatically does that when you give it a server behavior. Please check this part and see if it works. Generally if you make ACTION="index.php", it will take you to the index page.

I hope this will help.

Regards,

Bilal A. Khan

Report · Sep 10, 2011

Thank you very much, but thats actually what I have. I've testing the login form through my web hosting and it does not redirect successfully. Can any body help plz.

Thanks in advance!

I had forgotten to include the html code.

   <form id="login_form" name="login_form" method="POST" action="<?php echo $loginFormAction; ?>">
        <table width="100%" border="0" cellpadding="5" cellspacing="0" id="login_table">
          <tr>
            <td align="right"> </td>
            <td align="left"> </td>
          </tr>
          <tr>
            <td width="41%" align="right">Username:</td>
            <td width="59%" align="left"><input type="text" name="username" id="username" /></td>
          </tr>
          <tr>
            <td align="right">Password:</td>
            <td align="left"><input type="password" name="password" id="password" /></td>
          </tr>
          <tr>
            <td> </td>
            <td> </td>
          </tr>
          <tr>
            <td> </td>
            <td><input type="submit" name="submit" id="submit" value="Login" /></td>
          </tr>
          <tr>
            <td> </td>
            <td> </td>
          </tr>
        </table>
        <p> </p>
      </form>

Report · Sep 10, 2011

Are you using the built in DW log in server behavior? It looks like it from the code. If so, then you would have selected both a success and fail redirect page. Try it using a wrong password and see if it redirects to the fail page. Also, I would try removing the restrict access behavior from the success page - it's possible that the log in is working but not the restrict access which bumps you back to the log in page.