php - Logging in gets me to the wrong page -

on page, http://mackscript.netii.net/main_login.php when login, gets me wrong page, want me page specified ?nav_to so, specify ?nav_to=shop.php. redirects login_success.php.

code main_login.php

<html> <head> <title>please login</title> <link rel="stylesheet" type="text/css" href="style.css"> </head> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#cccccc"> <tr> <form name="form1" method="post" action="checklogin.php" style="color:#b3b3b3;"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff"> <tr> <td colspan="3"><strong>member login </strong></td> </tr> <tr> <td width="78">username</td> <td width="6">:</td> <td width="294"><input name="myusername" type="text" class="field" id="myusername"></td> </tr> <tr> <td>password</td> <td>:</td> <td><input name="mypassword" type="password" class="field" id="mypassword"></td> </tr> <tr> <td><a href="insert.php">register</a></td> <td><input type="submit" name="submit" class="but" value="login"></td> <td><a href="contact.php">forgot pass?</a></td> </tr> </table> </td> </form> </tr> </table> </body> </html>

code checklogin.php (this checks login , redirects)(details have been removed)

<?php ob_end_flush();  define('debug', true);  ob_start(); $host=""; // host name  $username=""; // mysql username  $password=""; // mysql password  $db_name=""; // database name  $tbl_name=""; // table name   // connect server , select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect");  mysql_select_db("$db_name")or die("cannot select db");  // username , password sent form  $myusername=$_post['myusername'];  $mypassword=$_post['mypassword'];  $nav = $_get['nav_to']; $nav_to = (string)$nav;  // protect mysql injection (more detail mysql injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $mypass = md5($mypassword); $sql="select * $tbl_name username='$myusername' , password='$mypass'"; $result=mysql_query($sql);  // mysql_num_row counting table row $count=mysql_num_rows($result);  // if result matched $myusername , $mypassword, table row must 1 row if($count==1){  // register $myusername, $mypass , redirect file "login_success.php" $sql="select credits $tbl_name username='$myusername' , password='$mypass'"; $creds=mysql_query($sql); $row = mysql_fetch_row($creds); session_register("myusername"); session_register("mypass"); if(!empty($nav_to)){ header("location:$nav_to"); } if(empty($nav_to)){  header("location:login_success.php?name=$myusername"); setcookie("valid", "true", time()+3600); setcookie("creds", "$row[0]", time()+3600); }  }else { echo "wrong username or password"; echo "<p><a href='main_login.php'>back</a></p>"; } ?> <html> <head> <link rel="stylesheet" type="text/css" href="style.css"> </head> <body> </body> </html>

i think because $nav_to not in $_get ! - method in form "post" cant see input name.

you should add form this:

<input type="hidden" name="nav_to" value="<?php echo $_get["nav_to"]; ?>" />

Search This Blog

Bradly

php - Logging in gets me to the wrong page -

Comments

Post a Comment

Popular posts from this blog

java.util.scanner - How to read and add only numbers to array from a text file -

rewrite - Trouble with Wordpress multiple custom querystrings -

php - Accessing static methods using newly created $obj or using class Name -