Posted by Mark A. Boyd on 10/06/21 11:42

On Wed, 15 Mar 2006 16:13:29 GMT, student_steve posted in comp.lang.php:

> Hey guys, here is some code for a password security measure in a
> website:
>
> <?php
> session_start();
> $errorMessage = '';
> if (isset($_POST['username']) && isset($_POST['password'])) {
> if ($_POST['username'] === 'steven' && $_POST['password'] ===
> 'crocker') {
> $_SESSION['basic_is_logged_in'] = true;
> header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.php');
>
> } else {
> $errorMessage = 'Sorry, wrong user id / password';
> echo $errorMessage;
> }
> }
> ?>
>
> The problem is, when i enter 'steven' as the username and 'crocker' as
> the password.. nothing happerns, it should go to
> "http://users.cs.cf.ac.uk/S.J.Crocker/search.php" but it remains on the
> password enter screen. The error message works however, any idea where
> im going wrong??

Correct me if I'm wrong (relatively new to PHP), but don't you need to exit()
immediately after a redirect?

header('Location: http://users.cs.cf.ac.uk/S.J.Crocker/search.php');
exit();
} else {



--
Mark A. Boyd
Keep-On-Learnin' :)

[Back to original message]