> -----Original Message----- > From: Joshua [mailto:josh@xxxxxxxxxxxx] > Sent: 18 May 2007 12:09 > To: Edward Kay > Subject: RE: stay logged in for session > > > On Fri, 2007-05-18 at 11:53 +0100, Edward Kay wrote: > > > > > -----Original Message----- > > > From: Joshua [mailto:josh@xxxxxxxxxxxx] > > > Sent: 18 May 2007 11:43 > > > To: PHP.net > > > Subject: stay logged in for session > > > > > > > > > hey guys, i am trying to set up a session so that when a user logs in, > > > they will stay logged in until they close their browser. i have the > > > session set up, however i keep getting an error saying: > > > > > > The page isn't redirecting properly > > > > > > Firefox has detected that the server is redirecting the > request for this > > > address in a way that will never complete. > > > > > > ---------------------------------------------------------------------- > > > this is my code, any help plz. > > > ---------------------------------------------------------------------- > > > checklogin.php: > > > > > > <?php > > > session_start(); > > > //set session variables > > > $_SESSION['txtSurname'] = $_REQUEST['txtSurname']; > > > $_SESSION['txtPassword'] = $_REQUEST['txtPassword']; > > > session_write_close(); > > > > > > include('includes/dbconnect.php'); > > > > > > $nextpage = $_REQUEST['np']; > > > $profile = $_REQUEST['ob']; > > > > > > //Matching usernames and passwords > > > $uname = $_REQUEST['txtSurname']; > > > $pword = $_REQUEST['txtPassword']; > > > $user = "SELECT * FROM oldboys WHERE OBSURNAME='" . $uname . "' AND > > > PWORD='" . $pword . "'"; > > > $ResSql = mysql_query($user) ; > > > //If any errors then print `em out---------------------------- > > > if (!$ResSql) { > > > echo("<p>Error performing query: " . mysql_error() . "</p>"); > > > exit(); > > > } > > > //if user does not exist > > > if (mysql_num_rows($ResSql)==0) { > > > echo 'Incorrect username or password have been specified.<br>'; > > > echo '<a href="updlogin.php">Click here to Log In</a>'; > > > exit; > > > } > > > else { > > > header("Location:" . $nextpage . "?ob=" . $_REQUEST['ob'] . > > > "&uname=" . $_REQUEST['txtSurname'] . "&pword=" . > > > $_REQUEST['txtPassword']); > > > } > > > ?> > > > > > > verify.php: > > > > > > <?php > > > session_start(); > > > if(!isset($_SESSION['txtSurname']) && > !isset($_SESSION['txtPassword'])) > > > { > > > header("location:updlogin.php?np=" . $_REQUEST['np'] . "&ob=" . > > > $_REQUEST['ob']); > > > } > > > else { > > > header("location:" . $nextpage . "?np=" . $_REQUEST['np'] . "&ob=" . > > > $_REQUEST['ob']); > > > } > > > ?> > > > > ----------------------------------------------------------------------- > > > > HTTP Location headers require the full hostname, i.e. > > > > header("Location: http://www.example.com/page_to/redirect/to.php";); > > > > As others on this list will say however, you don't have to use a full > > redirect. Just use different PHP includes. > > > > E > > > thx so much, it works now. > Excellent. Please include the list on replies so that it all gets archived and others can see your responses. By the way, I suggest you have a read up on PHP security, especially SQL injection attacks. Looking at the code above, what would happen if the username I supplied was the following: foo'; DELETE FROM oldboys; # E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
