0

Ok,

I am having a 'WTF' moment, I cannot see what is going wrong and it is really beginning to bug me.
I am attempting to send a user to an error page if the username or password is incorrect but it keeps redirecting to a page which doesn't exist and that I didn't specify.

This is my HTML (it does go to the correct page as if I get my password e.t.c. correct then I can login):

<form action = "../Scripts/Login.php" method = "POST" >

    <p> Username: </p>
    <input type = "text" name = "Username" /> <br><br>

    <p> Password: </p>
    <input type = "password" name = "Password" /> <br><br>

    <input type = "submit" value = "Login" /> <br><br>

</form>

That should then go to this PHP script:

<?php

    session_start();

    $User        = mysql_real_escape_string(strtolower($_POST['Username']));
    $Password  = mysql_real_escape_string(md5($_POST['Password']));

    $Username = preg_replace('/\s+/', '', $User);

    mysql_connect ("localhost", "root", "password") or die ("Couldn't Connect to Database Server");
    mysql_select_db ("database") or die ("Couldn't Find Database on Server");

    $Login = mysql_query ("SELECT * FROM Member_Data WHERE Username = '$Username' AND Password = '$Password'");
    $Count = mysql_num_rows($Login);


    if ($Count == 0)
    {
        mysql_close();

        die (Header ('Location: Errors/Login/Existance.php'));
    }

    while ($Privilege = mysql_fetch_array($Login))
    {

        if ($Privilege['Privilege'] == 3)
        {
            die (Header ('Location: Errors/Login/Banned.php'));
        }

        else
        {
            $_SESSION['Logged'] = "YES";
            $_SESSION['Username'] = $Username;

            die (Header ('Location: ../Pages/Members.php'));
        }

    }

?>

So if either the username or password is incorrect, it shouldn't be found in the database and thus it should display the error message that it doesn't exist.
Instead it goes to the following page: http://192.168.0.10/Scripts/Errors/Login/Login.php
Am I going crazy or is something very strange happening?

Thank you

Edited by Octet

3
Contributors
3
Replies
4
Views
5 Years
Discussion Span
Last Post by Octet
0

not sure if this is correct but remove the die statment from your redirect:

<?php
if ($Count == 0)
 {
 mysql_close();
 header("Location: Errors/Login/Existance.php");
 exit();
 }
?>

Also check the relativness of the path to your current script

Edited by Squidge

0

Try this snip:

if ($Count == 0){
        mysql_close();
        echo '<a href="Errors/Login/Existance.php">none found</a>';
        exit;

        //die (header('Location: Errors/Login/Existance.php'));
}else{
    $Privilege = mysql_fetch_array($Login);

    if ($Privilege['Privilege'] == 3){
        echo '<a href="Errors/Login/Banned.php">banned</a>';
        exit;
        //die (header ('Location: Errors/Login/Banned.php'));
    }else{
        $_SESSION['Logged'] = "YES";
        $_SESSION['Username'] = $Username;
        echo '<a href="../Pages/Members.php">logged in</a>';
        exit;
        //die (header ('Location: ../Pages/Members.php'));
    }

}

It should let you see if your code works (user checking). You then click the link to see if you go to the correct page.

Edited by diafol

0

Thanks for all the help but I have found the problem...
Instead of writing out all the code again for the basic layouts of the pages, I copied one of them accross. This happened to be the Members page which would redirect if you hadn't logged in hence why it said '

http://192.168.0.10/Scripts/Errors/Login/LOGIN.php

Thanks for the help though, my stupid mistake!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.