Page Redirect Issues

You mean user is not redirected to play.php even he is valid user?

<?
{
$username = mysql_real_escape_string($username); 
$password = md5( mysql_real_escape_string($password) );
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
$rows = mysql_num_rows($sql); 

	if ($rows<1)
	{ 
		echo "&serverResponse=Incorrect username/password"; 
	}
	else 
	{
		setcookie("username", "$username", time()+3600);
		$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
		$row=mysql_fetch_assoc($result);
		$total = $row['total'];
		setcookie("total", "$total", time()+3600);
		$_SESSION['username'] = $username;
		
		header( "Location: play.php" ) ;
		exit;
	} 
}
?>

Add echo 'hi';exit; in first line of play.php. Post your output.

vibhadevit:

Yes if the user is valid he or she is not redirected to the play page or the nogo page. The page just sits on the log in page. However if it is an invalid user, it does echo Incorrect User/Password.

If I am not logged in and I manually type in play.php it takes me to nogo.php (which it should). If I am logged in it takes me to play.php and displays User Name and Score (which it should). When I add the line of code you asked, it does what I assume it would. Which is as follows:

1. It still does not redirect me from log in.
2. It allows the play page to be accessed weather logged in or not (as this line of code is below the exit command).
3. It does echo back hi.

so issue is with play.php page.Post its code here.

And also try print_r($_SESSION); exit; after session _start(); function on play.php.Which will show sessions available on that page.

There should be no spaces in between header function.. for (e.g) header(Location:sample.php); and no echo function to be used before header function. This will also deny the redirection task.... Suppose still any problem, please let me know....

Vib,

I am not sure why the issue would be on the play.php page if it does not redirect regardless of what is on play.php.

This code is what is on db.php:

<?php
session_start(); 
mysql_connect("localhost", "dbuser", "dbpassword"); 
mysql_select_db("myDB");
function user_login($username, $password) 
{
$username = mysql_real_escape_string($username); 
$password = md5( mysql_real_escape_string($password) );
$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
$rows = mysql_num_rows($sql); 

if ($rows<1)
{ 
echo "&serverResponse=Incorrect username/password"; 
}
else {
$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
$row=mysql_fetch_assoc($result);
$total = $row['total'];
header( "Location: play.php" ) ;
setcookie("username", "$username", time()+3600);
setcookie("total", "$total", time()+3600);
$_SESSION['username'] = $username;


} 
}
?>

This is what is on login.php:

<?php
include("db.php"); 
if (isset($_POST['username']) && isset($_POST['pword']))
{     
user_login($_POST['username'], $_POST['pword']); 
} 
?>

This is what is on play.php for now:

<?php
include("db.php"); 
if ((isset($_COOKIE["username"])) && (isset ($_COOKIE["total"]))) {
        echo ("Welcome" . $_COOKIE["username"]);
		echo ("Score: " . $_COOKIE["total"]); }
else {
 ob_start();
 header( 'Location: nogo.php' ) ;
}

?>

Also try below debugging.
echo "SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"; exit;
Run that output in phpmyadmin sql tab. Just crosscheck query returns result.

Why are you usign function for login?
You can direct do below:

<?php session_start(); 
mysql_connect("localhost", "dbuser", "dbpassword"); 
mysql_select_db("myDB");

if (isset($_POST['username']) && isset($_POST['pword']))
{
	
	$username = mysql_real_escape_string($_POST['username']); 
	$password = md5( mysql_real_escape_string($_POST['pword']) );
	$sql = mysql_query("SELECT * FROM usersystem WHERE username = '$username' AND password = '$password' LIMIT 1"); 
	$rows = mysql_num_rows($sql); 
	
	if ($rows<1)
	{ 
	echo "&serverResponse=Incorrect username/password"; 
	}
	else 
	{
	$result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() );
	$row=mysql_fetch_assoc($result);
	$total = $row['total'];
	header( "Location: play.php" ) ;
	setcookie("username", "$username", time()+3600);
	setcookie("total", "$total", time()+3600);
	$_SESSION['username'] = $username;
	
	
	} 
}
?>

Reason for checking play.php is below:
Sometimes it happens that you have successfully login but in your protected page say play.page session is not set because of any reason, then even user is rediretd to play.php he is again thrown to login page.
I have this scenario in past so i asked you to check.

@Dragon,

The only echo I have is if it is the wrong username and/or password (on the IF statement) will this affect the ELSE content, including the redirect? I tried placing ob_start (); above the redirect command. I made the changes with the spaces, but it made no difference. (I also have spaces on the play.php that do not affect the redirection. I did remove them and retest everything but it made no difference. Still stuck!

@Vib,

It is outputting the right information. It is running the querey. The code is doing EVERYTHING except redirecting.
When I used your code that removed the function aspect, I get the system error of: Fatal Error: Call to undefined function User_Login()

Don't call user_login function in login.php.
Just remove function user_login from all.
I think you can not redirect within a php function like this so avoid it.

No error, but still no redirect. Am I correct in assuming that all I should have on the login.php is this:

<?php
include("db.php"); 
?>

Sorry, like I said in my initial post, this is all new to me.

I ended up redoing everything and I got it to work. Thanks for your help.