After Successfull Login - Redirect to new page 2

[josel]

Can't search so I have to ask.

I just wrote a login script. After checking that login was successful, I need to redirect user to home page with all session variables set.

I tried header() but it gave me an error!

What can I use to do this?

Regards,


Jose Lerebours




KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours

 

[feherke]

Hi

How you tried it ? What was the error message ?

Anyway. Make sure the call for [tt]header()[/tt] is before sending out the content, so before "<!DOCTYPE...>" or "<html...>", whichever is the first tag in your markup.

Feherke.

http://rootshell.be/~feherke/

 

[jpadie]

i also think it is better to use a dispatch method of navigation rather than multiple redirects. or, at worst, to have the login as an include on every page rather than a separate page itself.

see

http://phpsec.org/projects/guide/

 

[Sleidia]

Thanks for the link jpadie

Josel, here is how I do (very simplified) :

<?php

function redirect($location) {

header("Location: " . $location);
exit;

}

............................

if ($_POST) {

// ... do some verification

...

// ... store vars in session
$_SESSION["user"]["name"] = "......";
$_SESSION["user"]["surname"] = "......";

// ... redirect
redirect(basename($_SERVER['SCRIPT_NAME']));

}

?>

 

[seanjgbr]

You can always redirect back to the page the form was submitted from:

<?php

header("location: {$_SERVER['HTTP_REFERER']}");
exit;

?>

 

[josel]

I ventured to have my login form to be included on top of my nav bar. This works very nice but, I cannot get the session variables to hold.

Sessions in PHP have proven to be a challenge for me. I know how to use sessions, I understand the concept behind sessions, I have plenty of experience with variables and managing them but I cannot get PHP session logic under control ... They do say that every man reaches his level of incompetence; have I reached mine?

I see Sleidia code snip and it does not look like what I have (which I've done based on samples I've read on php.net).

On top of my PHP script I have

<?PHP
session_start();
global $fpMemberID, $fpMemberFirstName, $fpMemberLastName, $fpMemberSince;
/*	print $GLOBALS['fpMemberID'] . "<br>";
	print $GLOBALS['fpMemberFirstName'] . "<br>";
	print $GLOBALS['fpMemberLastName'] . "<br>";
	print $GLOBALS['fpMemberSince'] . "<br>";
*/
if(isset($_POST['submit']) && $_POST['submit'] == "Log In") {
/* $fpMemberID=$GLOBALS['fmMemberID'];
$fpMemberFirstName=$GLOBALS['fpMemberFirstName'];
$fpMemberLastName=$GLOBALS['fpMemberLastName'];
$fpMemberSince=$GLOBALS['fpMemberSince'];
*/
$_SESSION['fpMemberID'];
$_SESSION['fpMemberFirstName'];
$_SESSION['fpMemberLastName'];
$_SESSION['fpMemberSince'];
}

// Lets load the script with all the functions in it
// Kind of the same as procedure programs in dBase
include_once("include/functions.php");
// include_once("include/marketplace.php");

$Target = "main.txt" ;
if(isset($_REQUEST['Target'])):
  $Target = $_REQUEST['Target'];
endif ; 

if ($_POST['submit'] != "" && $_GET['Target'] == "validlogon") {
  $isValid = ValidLogon($_POST['email'],$_POST['password']);
}

?>

The function ValidLogon looks like this

<?PHP
function ValidLogOn($email,$password) {
global $fpMemberID, $fpMemberFirstName, $fpMemberLastName, $fpMemberSince;
print $email . "<br />";
print $password . "<br />";

//variables for connecting to MySQL
$mysql_host = 'thehost';
$mysql_user = 'theuser';
$mysql_pass = 'password';
$mysql_db   = 'thedatabase';
//set the number of records per page
$records_per_page = 15;
//connect to MySQL
mysql_connect ($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db ($mysql_db);
//find out how many records are in the table
$query = "SELECT * FROM members WHERE `MemberEmail` = '" . $email . "' AND `MemberPwd` = '" . $password . "' LIMIT 1";
$data = mysql_query ($query) or die (mysql_error());

if (mysql_num_rows($data) > 0) {
	$memberInfo = mysql_fetch_assoc($data);
	$fpMemberID = $memberInfo['MemberID'];
	$fpMemberFirstName = $memberInfo['MemberFirstName'];
	$fpMemberLastName = $memberInfo['MemberLastName'];
	$fpMemberSince = $memberInfo['MemberSince'];
/*	print $fpMemberID . "<br>";
	print $fpMemberFirstName . "<br>";
	print $fpMemberLastName . "<br>";
	print $fpMemberSince . "<br>"; */
	return 1;
} else { 
print "Invalid User ID + Password!";
return 0; }

}
?>

If I allow the print commands to run, it does show that the record is found and variables are set. But this is only true for as long as I do not change page. The moment I move to another page, my variables go blank.

Here is where the login name and ID are validated and variables are set

<?PHP
function ValidLogOn($email,$password) {
global $fpMemberID, $fpMemberFirstName, $fpMemberLastName, $fpMemberSince;
print $email . "<br />";
print $password . "<br />";

//variables for connecting to MySQL
$mysql_host = 'thehost';
$mysql_user = 'theuser';
$mysql_pass = 'password';
$mysql_db   = 'thedatabase';
//connect to MySQL
mysql_connect ($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db ($mysql_db);
//find out how many records are in the table
$query = "SELECT * FROM members WHERE `MemberEmail` = '" . $email . "' AND `MemberPwd` = '" . $password . "' LIMIT 1";
$data = mysql_query ($query) or die (mysql_error());

if (mysql_num_rows($data) > 0) {
	$memberInfo = mysql_fetch_assoc($data);
	$fpMemberID = $memberInfo['MemberID'];
	$fpMemberFirstName = $memberInfo['MemberFirstName'];
	$fpMemberLastName = $memberInfo['MemberLastName'];
	$fpMemberSince = $memberInfo['MemberSince'];
/*	print $fpMemberID . "<br>";
	print $fpMemberFirstName . "<br>";
	print $fpMemberLastName . "<br>";
	print $fpMemberSince . "<br>"; */
	return 1;
} else { 
print "Invalid User ID + Password!";
return 0; }

}
?>

I have the PHP Black Book and it dedicates an entire chapter to sessions but, it suggests one uses MySQL to store them. I might have to go that route but before I do, I sure would like to know what in the world I'm doing wrong.

I will read through the given link and learn a couple of things.

Regards,


Jose Lerebours








KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours

 

[josel]

You see, I am loosing my mind ... Sorry guys, I posted the ValidLogOn() function twice

KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours

 

[jpadie]

sessions are very straightforward in php. almost as easy as with ASP.

the key things to remember are

1. always to start the session before you doing anything

session_start(); //at the top of the file BEFORE any output

2. treat the session variable like any other global variable

$_SESSION['somevar'] = "somevalue";

unset($_SESSION['somevar']);

to destroy a session takes a couple of steps to be sure

$_SESSION = array(); //kill session vars

//destroy the cookie holding the session iD (expire it)
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
//now destroy the session (i.e. delete the file on the server that holds the data
session_destroy();

some other potential pitfalls:

1. if you are doing any session manipulation followed by a header redirect you should always close the session before the redirect

session_write_close();

2. you must make sure that your session files are stored in a read/writable directory. typically /tmp is good. the setting for this is in php.ini.

and that's pretty much it for file based sessions (the default). database based sessions are good when you are managing multiple domains and you want the session to persist.

 

[josel]

jpadie,

You are a life saver ... I got it and my originally posted problem is solved.

You solved two problems and get one star? That does not add up!

Thank you so very much ...


Jose Lerebours


KNOWLEDGE: Something you can give away endlessly and gain more of it in the process! - Jose Lerebours