Posted by d on 11/18/70 11:42

"student_steve" <gingercrock@hotmail.com> wrote in message
news:1142439209.094140.120730@i40g2000cwc.googlegroups.com...
> Hey guys, here is some code for a password security measure in a
> website:
>
> <?php
> session_start();
> $errorMessage = '';
> if (isset($_POST['username']) && isset($_POST['password'])) {
> if ($_POST['username'] === 'steven' && $_POST['password'] ===
> 'crocker') {
> $_SESSION['basic_is_logged_in'] = true;
> header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.php');
>
> } else {
> $errorMessage = 'Sorry, wrong user id / password';
> echo $errorMessage;
> }
> }
> ?>
>
> The problem is, when i enter 'steven' as the username and 'crocker' as
> the password.. nothing happerns, it should go to
> "http://users.cs.cf.ac.uk/S.J.Crocker/search.php" but it remains on the
> password enter screen. The error message works however, any idea where
> im going wrong??

Have you checked that the session is being set correctly? Are you sure it's
actually working as expected?

Also, as you are using sessions, you should call session_write_close()
before you call header("location:...") - not doing so can cause serious
problems on some platforms.

> Cheers
> Steve
>

dave

[Back to original message]