View Single Post
  #1 (permalink)  
Old June 5th, 2005, 04:52 AM
cshu cshu is offline
Registered User
 
Join Date: Jun 2005
Location: , , .
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chapter 12 - $_POST['redirect'] problem

In Chapter 12 there is an administrator registration 'module' which allows an administrator to log in to update/delete user details. If you log in incorrectly you will get 'Invalid Username and/or Password' screen (admin_login.php) so you can re-enter username/password. If you purposely enter another incorrect username/password, instead of kicking you back into this screen so you can re-enter another username/password (admin_login.php) you get the following error:
'File "C:\sokkit\site\admin_me\admin_login.php method=" not found'.

NB:This also occurs with the previous section 'user_login' but I figure it is the same problem.

I suspect it has something to do with the 'redirect' but who knows because I am just a mere beginner.

admin_login.php:
************************************************** *************
<?php
ob_start();
session_start();
include "conn.inc.php";

if (isset($_POST['submit'])) { //(1)
  $query = "SELECT username,password, admin_level FROM admin " .
           "WHERE username = '" . $_POST['username'] . "' " .
           "AND password = (password('" . $_POST['password'] . "'))";

//echo "query:";
//echo $query;
//echo "<br>";

  $result = mysql_query($query)
    or die(mysql_error());

  $row = mysql_fetch_array($result);

  if (mysql_num_rows($result) ==1) {
//echo "<br>";
//echo "1a";
//echo "<br>";
    $_SESSION['admin_logged'] = $_POST['username'];
    $_SESSION['admin_password'] = $_POST['password'];
    $_SESSION['admin_level'] = $row['admin_level'];
    header ("Refresh: 5; URL=" . $_POST['redirect'] . "");
    echo "COLLEEN You are being redirected to your original page request!<br>";
    echo "(If your browser doesn't support this, " .
         "<a href=\"" . $_POST['redirect']. "\">click here</a>)";
  }
  else { //(2)

ob_end_flush();
    ?>
    <html>
    <head>
    <title>Beginning PHP5, Apache and MySQL</title>
    </head>
    <body>
    <p>
      Invalid Username and/or Password<br><br>
      <form action="admin_login.php method="post">
        <input type="hidden" name="redirect"
          value="<?php echo $_POST['redirect']; ?>">
        Username: <input type="text" name="username"><br>
        Password: <input type="password" name="password"><br><br>
        <input type="submit" name="submit" value="Login-invalid">
      </form>
    </p>
    </body>
    </html>
    <?php
  } //end else (2)
} //end if (1)
else { //else (1)
    if (isset($_GET['redirect'])) {
      $redirect = $_GET['redirect'];
    }
    else {
       $redirect = "index.php";
     }
?>
  <html>
  <head>
  <title>Beginning PHP5, Apache and MySQL</title>
  </head>
  <body>
  <p>
    Login below by supplying your username/password....<br>
    <form action="admin_login.php" method="post">
      <input type="hidden" name="redirect"
        value="<?php echo $redirect; ?>">
      Username: <input type="text" name="username"><br>
      Password: <input type="password" name="password"><br><br>
      <input type="submit" name="submit" value="Login">
    </form>
  </p>
</body>
</html>
<?php
}
?>

in case you need to see index.php, here it is:

index.php
_____________________________________________
<?php
session_start();
echo "getting to index.php";
echo "<br>";
if ((isset($_SESSION['admin_logged']) && $_SESSION['admin_logged']!= "") ||
   (isset($_SESSION['admin_password']) && $_SESSION['admin_password'] != "")) {
      include "logged_admin.php";
}
else {
  include "unlogged_admin.php";
}

------------------------------------------------------
Thanks in advance.

Reply With Quote