I can't get my login page to work right...

[optiqvision]

First off I would like to let you guys know that I JUST started learning PHP a little over a week ago from a youtube video... so I don't know enough yet to even really know what to ask you guys... but I keep getting this error... (Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.) my coding is THE EXACT SAME as the coding in the tutorial save for my database n username info... another thing I noticed is in dreamweaver I see some of the coding in the upper left hand corner.. here's a pic of it..

the coding that's showing up is at the end of this php code

<?php
//Parse the log in form if the user has filled it out and pressed "Log In"
if(isset($_POST["username"])&&isset($POST["password"])){
	
	$manager=preg_replace('#[^A-Za-z0-9_]#i','',$_POST["username"]);//filter everything but numbers and letters
	$password=preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]);//filter everything but numbers and letters
	//Connect to the MySQL database
	include"../storescripts/connect_to_mysql.php";
	$sql=mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1");//query the person
	//---- MAKE SURE PERSON EXISTS IN DATABASEE ----
	$existCount=mysql_num_rows($sql);//count rows nums
	if($existCount==1){//evaluate the count
		while($row=mysql_fetch_array($sql)){
			$id=$row["id"];	
		}
		$_SESSION["id"]=$id;
		$_SESSION["manager"]=$manager;
		$_SESSION["password"]=$password;
		header("location:admin_index.php");
		exit();
		}
	else{
		echo'That information is incorrect, try again <a href="admin_index.php">Click Here</a>';
		exit();
		}
	}
?>

from what I've been reading all week they've updated functions and commands over time and the video I was learning from was released in 2010.. so I figured maybe that has something to do with it... but this is the video I was watching

http://www.youtube.com/watch?v=dZrCNhp0t_w

there's a whole series for this tutorial and this is the 3rd one.. which is where I'm stuck.. you can see the first two in the links on the side..

I made the (connect_to_mysql) page and that works fine... I also created other php pages to create the admin and product tables in my database which link to the connection page and those went through perfectly fine... The redirect error keeps occurring between the (admin_login.php) page and the (admin_index.php) page... here's the coding for both of those pages...

admin_index.php

<?php
session_start();
if(!isset($_SESSION["manager"])){
	header("location:admin_login.php");
	exit();
}
//Be sure to check that this manager SESSION value is in fact in the database
$managerID=preg_replace('#[^0-9]#i','',$_SESSION["id"]);//filter everything but numbers and letters
$manager=preg_replace('#[^A-Za-z0-9_]#i','',$SESSION["manager"]);//filter everything but numbers and letters
$password=preg_replace('#[^A-Za-z0-9]#i','',$SESSION["password"]);//filter everything but numbers and letters
//Run mySQL quesry to be sure that this person is an admin and that their password session var equals the database information
//Connect to the MySQL database
include"../storescripts/connect_to_mysql.php";
$sql=mysql_query("SELECT*FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1");//query the person
//----- MAKE SURE PERSON EXISTS IN DATABASE ------
$existCount=mysql_num_rows($sql);//count the row nums
if ($existCount==0){// evaluate the count
	echo "Your login session data is not on record in the database.";
	exit();
	}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/URL]
<html xmlns="[URL unfurl="true"]http://www.w3.org/1999/xhtml">[/URL]
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Store Admin</title>
<link rel="[URL unfurl="true"]http://www.optiq-customtees.zxq.net/style/style.css"[/URL] type="text/css" />
</head>

<body>
<div align="center" id="mainWrapper">
  <?php include_once("../template_header.php");?>
	<div id="pageContent">
		<div align="left" style="margin-left:24px;">
        	<h2>HelloStore manager what would you like to do today?</h2>
            <a href="inventory_list.php">Manage Inventory</a><br />
            <a href="something.php">Manage blahblahblah</a>
        </div>
	</div>
    <br />
    <br />
<?php include_once("../template_footer.php");?>

</div>

</body>
</html>

admin_login.php

<?php
session_start();
if(!isset($_SESSION["manager"])){
	header("location:admin_index.php");
	exit();
	}
?>
<?php
//Parse the log in form if the user has filled it out and pressed "Log In"
if(isset($_POST["username"])&&isset($POST["password"])){
	
	$manager=preg_replace('#[^A-Za-z0-9_]#i','',$_POST["username"]);//filter everything but numbers and letters
	$password=preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]);//filter everything but numbers and letters
	//Connect to the MySQL database
	include"../storescripts/connect_to_mysql.php";
	$sql=mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1");//query the person
	//---- MAKE SURE PERSON EXISTS IN DATABASEE ----
	$existCount=mysql_num_rows($sql);//count rows nums
	if($existCount==1){//evaluate the count
		while($row=mysql_fetch_array($sql)){
			$id=$row["id"];	
		}
		$_SESSION["id"]=$id;
		$_SESSION["manager"]=$manager;
		$_SESSION["password"]=$password;
		header("location:admin_index.php");
		exit();
		}
	else{
		echo'That information is incorrect, try again <a href="admin_index.php">Click Here</a>';
		exit();
		}
	}
?>

<!DOCTYPE html>
<html xmlns="[URL unfurl="true"]http://www.w3.org/1999/xhtml">[/URL]
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Store Admin</title>
<link rel="[URL unfurl="true"]http://www.optiq-customtees.zxq.net/style/style.css"[/URL] type="text/css" />
</head>

<body>
<div align="center" id="mainWrapper">
	<?php include_once("../template_header.php");?>
	<div id="pageContent"><br />
		<div align="left" style="margin-left:24px;">
        	<h2>Please Log In To Manage Store</h2>
            <form id="form1" method="post" action="admin_login.php">
            	User Name:<br />
                <input name="username" type="text" id="username" size="40" />
                <br /><br />
                Password:<br />
                <input name="password" type="password" id="password" size="40" />
                <br />
                <br />
                <br />
                <input type="submit" name="button" id="button" value="Log In" />
            </form>
            <p>&nbsp;</p>
        </div>
	</div>
    <br />
    <br />
	<?php include_once("../template_footer.php");?>

</div>
</body>
</html>

I'm using Zymic for hosting, which has MySQL 5.1.63 on the server and I use Dreamweaver CS6 to do my coding... that's as much as I'm able to say about the problem at the moment... so if you guys need more info please keep in mind that I just started php coding a little over a week ago when you ask questions because I may just be like (O_O) when reading it not knowing exactly what you're asking me... lol... so if you could elaborate a little or guide me with looking in the right direction to get the info you need to continue to help I'd be extremely grateful.... thanks in advance for the support..... I'm an illustrator and have been using PS and AI for over 15 years now... so if you guys need any help with that I'd be more than glad to assist for taking the time to help me... thanks again!!

 

[jpadie]

in the first code block, you should be referencing $_POST['password'] in the opening IF statement.

However I see no reason why the code would break half way and show the trailing text. Which means that you have not pasted exactly the code that you are using.

most likely $existCount will always be 1 or zero as you are limiting the result set to 1 (LIMIT 1). personally I don't think this is clever. If you want the ID to be returned then do so without bothering to check the num_rows(). If the call to mysql_fetch_array is false, then you know you don't have a match.

likewise because the resultset can only ever be empty or contain one row, there is no point at all in putting it in a while loop.

I'm not at all sure about using preg_replace as a means of managing passwords or cleansing data from sql injection. Essentially it means that there could be a "j padie" and a "jpadie" legitimately wishing to login but being treated as the same person. very poor coding practice.

you should always expressly close the session if you are going to do a header location redirect as otherwise you have the possibility of a race condition mucking things up.

lastly, the session must always be started before you write anything to the session variable. I suspect this is the root of much of your trouble.

<?php 
//Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])):

    //Connect to the MySQL database
    include "../storescripts/connect_to_mysql.php";
    $sql = mysql_query(sprintf("SELECT id FROM admin WHERE username='%s' AND password='%s' LIMIT 1", 
								mysql_real_escape_string($manager), 
								mysql_real_escape_string($password)
						)
						);//query the person
    $row = mysql_fetch_assoc($sql);
    if($row):
                if(session_id() == '') session_start();
		$_SESSION["id"] = $row['id'];
	    $_SESSION["manager"] = $_POST['manager'];
		$_SESSION["password"] = $_POST['password'];
		session_write_close();
		header("location:admin_index.php");
		exit();
	else:
		unset($_SESSION);
		session_write_close();
        echo 'That information is incorrect, try again <a href="admin_index.php">Click Here</a>';
        exit();
    endif;
endif;
?>

php code in the second snip lightly recast.

<?php
if(session_id() == '') session_start();
if(!isset($_SESSION["manager"])){
	header("location:admin_login.php");
	exit();
}

//Connect to the MySQL database
include"../storescripts/connect_to_mysql.php";

$result = mysql_query(sprintf( "SELECT count(*) as c FROM admin WHERE id='%s' AND username='%s' AND password='%s' LIMIT 1",
						mysql_real_escape_string($_SESSION['id']),
						mysql_real_escape_string($_SESSION['manager']),
						mysql_real_escape_string($_SESSION['password'])
						));

$row = mysql_fetch_assoc ($result); 
if ($row['c'] == 0):
	echo "Your login session data is not on record in the database.";
	exit();
endif;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/URL]
<html xmlns="[URL unfurl="true"]http://www.w3.org/1999/xhtml">[/URL]
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Store Admin</title>
<link rel="[URL unfurl="true"]http://www.optiq-customtees.zxq.net/style/style.css"[/URL] type="text/css" />
</head>

<body>
<div align="center" id="mainWrapper">
  <?php include_once("../template_header.php");?>
	<div id="pageContent">
		<div align="left" style="margin-left:24px;">
        	<h2>HelloStore manager what would you like to do today?</h2>
            <a href="inventory_list.php">Manage Inventory</a><br />
            <a href="something.php">Manage blahblahblah</a>
        </div>
	</div>
    <br />
    <br />
<?php include_once("../template_footer.php");?>

</div>

</body>
</html>

the last snip is essentially a recast of the first.

I don't think much of the youtube video you link to. I don't have a better suggestion for a learning environment though. I started with some O'Reilly books but after the first 50 pages or so I realised they were so full of poor practice etc that I gave up, and just spent time evolving my own skill set.

If you are set on books and courses take a look in the FAQ section and see whether there are recommendations there.