Re: stay logged in for session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

2007. 05. 18, péntek keltezéssel 12.43-kor Joshua ezt írta:
> hey guys, i am trying to set up a session so that when a user logs in,
> they will stay logged in until they close their browser.  i have the
> session set up, however i keep getting an error saying:
> 
> The page isn't redirecting properly        
> 
> Firefox has detected that the server is redirecting the request for this
> address in a way that will never complete.

it might be because one of your pages redirects to another, then the
other one redirects back...

> 
> ----------------------------------------------------------------------
> this is my code, any help plz.
> ----------------------------------------------------------------------
> checklogin.php:
> 
> <?php
> session_start();
> //set session variables 
> $_SESSION['txtSurname'] = $_REQUEST['txtSurname'];
> $_SESSION['txtPassword'] = $_REQUEST['txtPassword']; 

why are you using $_REQUEST? I usually prefer using $_GET and $_POST to
avoid confusion

> session_write_close();
> 
> include('includes/dbconnect.php');
> 
> $nextpage = $_REQUEST['np'];
> $profile = $_REQUEST['ob'];
> 
> //Matching usernames and passwords
> $uname = $_REQUEST['txtSurname'];
> $pword = $_REQUEST['txtPassword'];
> $user = "SELECT * FROM oldboys WHERE OBSURNAME='" . $uname . "' AND
> PWORD='" . $pword . "'";

this is just the best way to let hackers do SQL injection on your site.
check those values first, then escape them with mysql_real_escape_string
and pass them to mysql only after it

greets
Zoltán Németh

> $ResSql = mysql_query($user) ;
> //If any errors then print `em out----------------------------
> if (!$ResSql)  {
>   echo("<p>Error performing query: " . mysql_error() . "</p>");
>   exit();
>   }
> //if user does not exist
> if (mysql_num_rows($ResSql)==0)  {
>   echo 'Incorrect username or password have been specified.<br>';
>   echo '<a href="updlogin.php">Click here to Log In</a>';
>   exit;
>   }
> else  {
>   header("Location:" . $nextpage . "?ob=" . $_REQUEST['ob'] .
> "&uname=" . $_REQUEST['txtSurname'] . "&pword=" .
> $_REQUEST['txtPassword']);
> }
> ?>
> 
> verify.php:
> 
> <?php
> session_start();
> if(!isset($_SESSION['txtSurname']) && !isset($_SESSION['txtPassword']))
> {
>   header("location:updlogin.php?np=" . $_REQUEST['np'] . "&ob=" .
> $_REQUEST['ob']);
> }
> else  {
>   header("location:" . $nextpage . "?np=" . $_REQUEST['np'] . "&ob=" .
> $_REQUEST['ob']);
> }
> ?>
> -----------------------------------------------------------------------
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux