Ok - I've screwed something up here, but can't figure out what. I want to make sure a user logs in to get to the form to update my db, but when I try to confirm login, I keep getting directed back to the login page, and even after entering a good user/password - redirects to login. If I remove the confirm login from the management page, I go right to the page without logging in and without the confirm_login on the management page, I can go to the login page, login and be redirected to the management page. Sounds confusing, but anyway
Here's what I have on the management page
and then the page info
Here's the login
I know that's a lot, and there's more, but can anyone point me to what I'm confusing myself with here?
Thanks,
Donna
Here's what I have on the management page
Code:
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/always.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php $cxn=mysqli_connect(DB_SERVER,DB_USER,DB_PASS,DB_NAME)
or die ("Could'nt connect to server");
?>
<?php confirm_logged_in(); ?>
Here's the login
Code:
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
if (logged_in()) {
redirect_to("manageSC.php");
}
include_once("includes/form_functions.php");
// START FORM PROCESSING
if (isset($_POST['submit'])) { // Form has been submitted.
$errors = array();
// perform validations on the form data
$required_fields = array('username', 'password');
$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
$fields_with_lengths = array('username' => 30, 'password' => 30);
$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
if ( empty($errors) ) {
// Check database to see if username and the hashed password exist there.
$query = "SELECT id, username ";
$query .= "FROM users ";
$query .= "WHERE username = '{$username}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "LIMIT 1";
$result_set = mysql_query($query);
confirm_query($result_set);
if (mysql_num_rows($result_set) == 1) {
// username/password authenticated
// and only 1 match
$found_user = mysql_fetch_array($result_set);
$_SESSION['id'] = $found_user['id'];
$_SESSION['username'] = $found_user['username'];
redirect_to("manageSC.php");
} else {
// username/password combo was not found in the database
$message = "Username/password combination incorrect.<br />
Please make sure your caps lock key is off and try again.";
}
} else {
if (count($errors) == 1) {
$message = "There was 1 error in the form.";
} else {
$message = "There were " . count($errors) . " errors in the form.";
}
}
} else { // Form has not been submitted.
if (isset($_GET['logout']) && $_GET['logout'] == 1) {
$message = "You are now logged out.";
}
$username = "";
$password = "";
}
?>
I know that's a lot, and there's more, but can anyone point me to what I'm confusing myself with here?
Thanks,
Donna