Posted by student_steve on 11/18/09 11:42

Hey guys, here is some code for a password security measure in a
website:

<?php
session_start();
$errorMessage = '';
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] === 'steven' && $_POST['password'] ===
'crocker') {
$_SESSION['basic_is_logged_in'] = true;
header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.php');

} else {
$errorMessage = 'Sorry, wrong user id / password';
echo $errorMessage;
}
}
?>

The problem is, when i enter 'steven' as the username and 'crocker' as
the password.. nothing happerns, it should go to
"http://users.cs.cf.ac.uk/S.J.Crocker/search.php" but it remains on the
password enter screen. The error message works however, any idea where
im going wrong??

Cheers
Steve

[Back to original message]