PHP - The Page Isn't Redirecting Properly
I keep getting a 'The page isn't redirecting properly error on Firefox. Anyone have an idea? I think it has something to do with the header() function, but I can't seem to pinpoint it. Code for the two files are below.
Code: [Select] login.php <?php require_once('./lib/myform.class.php'); require_once('./functions.php'); $page = 'Login Page'; $myStyles = './css/mystyles.css'; if (isset($_POST['submit'])) { $error_ar = array(); $values_ar = array(); $username = sanatize($_POST['username']); $password = sanatize($_POST['password']); if (empty($username)) { $error_ar['username'] = 'You must enter your username'; //echo $arr_error['username']; } else { $values_ar['username'] = $_POST['username']; } if (empty($password)) { $error_ar['password'] = 'You must enter a password'; } } if (count($error_ar) == 0) { session_start(); $_SESSION['username'] = $username; $_SESSION['password'] = md5($password); header('Location: processform.php'); exit(); } ?> <html> <head> <title><?php print $page ?></title> <link href="<?php print $myStyles ?>" rel="stylesheet" type="text/css"> </head> <body> <div id="container"> <div id="form"> <?php $f = new myForm($error_ar); $f->beginForm("login.php"); $f->beginFieldset(array('class'=>'form')); $f->addLegend($page); $f->beginList(); $f->beginListItem(); $f->addLabel('username', 'Username'); $f->addInput('text', 'username', $values_ar['username'], array('class'=>'text', 'id'=>'username')); $f->endListItem(); $f->beginListItem(); $f->addLabel('password', 'Password'); $f->addPassword(); $f->endListItem(); $f->endList(); $f->endFieldset(); $f->beginFieldset(array('class'=>'form')); $f->addLegend('Submit'); $f->beginList(); $f->beginListItem(); $f->submitButton('Login', array('class'=>'submit')); $f->endListItem(); $f->endList(); $f->endFieldset(); echo $f->printForm(); ?> </div> </div> </body> </html> Code: [Select] processform.php <?php session_start(); require_once('./lib/mysqldb.class.php'); if (!isset($_SESSION['username'])) { header('Location: login.php'); exit(); } $db = new MySQLDB(); $username = $_SESSION['username']; $password = $_SESSION['password']; if ($db->authenticateUser($username, $password)) { echo "SUCCESS!!!"; } else { $_SESSION = array(); session_destroy(); header('Location: login.php'); } ?> Similar TutorialsMy website has been working just fine, and I negated a condition to trigger an error message, and now I keep getting this... Quote The page isn't redirecting properly Here is the file I am working with... <?php //Build Date: 2012-03-10 // ************************ // Update Last Activity. * // ************************ if ((isset($_SESSION['loggedIn'])) && ($_SESSION['loggedIn'] == TRUE)){ // Initialize variables. $loggedIn = 1; $memberID = (isset($_SESSION['memberID']) ? $_SESSION['memberID'] : ''); // ************************ // Update Member Record. * // ************************ // Connect to the database. require_once(WEB_ROOT . 'private/mysqli_connect.php'); // Build query. $q = "UPDATE member SET logged_in=?, last_activity=now() WHERE id=? LIMIT 1"; // Prepare statement. $stmt = mysqli_prepare($dbc, $q); // Bind variables to query. mysqli_stmt_bind_param($stmt, 'ii', $loggedIn, $memberID); // Execute query. $success = mysqli_stmt_execute($stmt); // Verify Update. if ($success === FALSE){ // Update Failed. $_SESSION['resultsCode'] = 'MEMBER_UPDATE_FAILED_2126'; // Redirect to Display Outcome. header("Location: " . BASE_URL . "/members/results.php"); // End script. exit(); } /* $affectedRows = mysqli_stmt_affected_rows($stmt); echo $affectedRows; exit(); // Verify Update. if ($affectedRows!==1){ //echo mysqli_stmt_affected_rows($stmt); //exit(); // Update Failed. $_SESSION['resultsCode'] = 'MEMBER_UPDATE_FAILED_2126'; // Redirect to Display Outcome. header("Location: " . BASE_URL . "/members/results.php"); // End script. exit(); }//End of UPDATE MEMBER RECORD */ // Close prepared statement. mysqli_stmt_close($stmt); // Close the connection. // mysqli_close($dbc); }//End of UPDATE LAST ACTIVITY ?> This file is included by all other pages so that as a User navigates my site I am constantly updating the "last_activity" field in the database. If I change the condition from... Code: [Select] if ($success === FALSE){ ...to... Code: [Select] if ($success !== FALSE){ ...then I get this error?! (Where I am at, the Internet is on and offline. Could that be a factor??) I am REALLY CONFUSED what is happening here... Debbie There seems to be something wrong with my code when run in Firefox I get an error, the full code is: Code: [Select] <head> <script type="text/javascript" src="tabber.js"></script> <link rel="stylesheet" href="example.css" TYPE="text/css" MEDIA="screen"> <link rel="stylesheet" href="example-print.css" TYPE="text/css" MEDIA="print"> <script type="text/javascript"> </script> </head> <div class="tabber"> <?php if (!isset($_GET["name"]) || empty($_GET["name"])) { $corpname = rawurlencode(stripslashes($_POST['corpname'])); } else { $corpname = rawurlencode(stripslashes($_GET['name'])); } //Check if Corp is in DataBase $sql = "SELECT * FROM `corps` where `name` = '$corpname'"; $result = mysql_query($sql); $num = mysql_num_rows($result); // If Corp Is In DB if ($num > 0) { While ($row = mysql_fetch_array($result)) { ?> <div class="tabbertab"> <h2>Corp Info</h2> <table width ="700" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="128" rowspan="7"><?php echo "<img src=http://image.eveonline.com/Corporation/".$row['id']."_128.png width=128 height=128 />"; ?></td> <td width="128">Corp Name</td> <td><?php echo "<a href= http://eve.battleclinic.com/killboard/combat_record.php?type=corp&name=".rawurlencode($row['name'])." target=_blank>".$row['name']."</a>"; ?></td> </tr> <tr> <td width="128">Ticker</td> <td><?php echo $row['ticker']; ?></td> </tr> <tr> <td width="128">Allance</td> <td><?php $alliance = $row['alliance']; if($alliance =="0") { $alliance0 = "No Alliance"; echo $alliance0; } Else { $sql = "SELECT * FROM `alliance` WHERE `id` = '$alliance'"; $result = mysql_query($sql); $num=mysql_numrows($result); $i=0; while ($i < $num) { $alliance0=mysql_result($result,$i,"name"); $i++; } echo $alliance0; } ?></td> </tr> <tr> <td width="128">CEO Name</td> <td><?php echo "<a href=main.php?id=pilotsearch.php&name=".$row['ceo'].">".$row['ceo']."</a>"; ?></td> </tr> <tr> <td width="128">Headquarters</td> <td><?php echo $row['hq']; ?></td> </tr> <tr> <td width="128">Tax Rate</td> <td><?php echo $row['tax']; ?> %</td> </tr> <tr> <td width="128">Member Count</td> <td><?php echo $row['members']; ?></td> </tr> </table> </div> <div class="tabbertab"> <?php $query=mysql_query("SELECT DISTINCT(name) FROM `characters` WHERE `corporation` = '$corpname' ORDER BY name ASC") or die("Error Occured,please try again"); $numm = mysql_num_rows($query); echo "<h2>Known Members (".$numm."/".$row['members'].") </h2>"; echo "<table border='0' width='100%' cellspacing='0' cellpadding='0'>"; $left = true; while($row=mysql_fetch_array($query)) { if ($left) { echo "<tr>"; } echo "<td align='left' width='50%' cellspacing='0' cellpadding='0' >"; echo "<a href=main.php?id=pilotsearch.php&name=".rawurlencode($row['name']).">".$row['name']."</a>"; echo"</td>"; if (!$left) { echo"</tr>"; } $left = !$left; } echo"</table>"; ?> </div> <div class="tabbertab"> <?php $sql = "SELECT * FROM `corpwhsystems` WHERE `corpname` = '$corpname'"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); echo"<h2>WH Locations (".$num_rows.")</h2>"; $i=0; ?> <table width="728" border="0"> <tr> <td><strong>System Name</strong></td> <td><strong>System Class</strong></td> <td><strong>Effect</strong></td> <td><strong>Date Added</strong></td> <td><strong>Added By</strong></td> </tr> <?php while ($i <= $num_rows) { $sname=mysql_result($result,$i,"systemname"); $sclass=mysql_result($result,$i,"systemtype"); $anomaly=mysql_result($result,$i,"anomaly"); $addedby=mysql_result($result,$i,"updatedby"); $dateupdated=mysql_result($result,$i,"dateupdated"); ?> <tr> <td> <?php echo $sname; ?></td> <td> <?php echo $sclass; ?></td> <td> <?php echo $anomaly; ?></td> <td> <?php echo $dateupdated; ?></td> <td> <?php echo $addedby; ?></td> <?php $i++; } ?> </tr> </table> <hr /> <form action="main.php?id=addwh.php" method="post"> Add WH Location: <input name="location" type="text" /> <select name="systemtype"> <option value="Class 1">Class 1</option> <option value="Class 2">Class 2</option> <option value="Class 3">Class 3</option> <option value="Class 4">Class 4</option> <option value="Class 5">Class 5</option> <option value="Class 6">Class 6</option> </select> <select name="anomaly"> <option value="None">None</option> <option value="Magnetar">Magnetar</option> <option value="Red Giant">Red Giant</option> <option value="Pulsar">Pulsar</option> <option value="Wolf Rayet">Wolf Rayet</option> <option value="Cataclysmic Variable">Cataclysmic Variable</option> <option value="Black Hole">Black Hole</option> </select> <input name="corpname" type="hidden" value="<?php echo $cnamedb; ?>" /> <input name="addwh" type="submit" value="Add" /> </form> </div> <div class="tabbertab"> <?php $sql = "SELECT * FROM `corps` WHERE `name` = '$corpname' AND `notedate` != '0000-00-00'"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); echo"<h2>Notes(".$num_rows.")</h2>"; $i=0; ?> <table width="700" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="480"><strong>Note</strong></td> <td width="119"><strong>Note Date</strong></td> <td width="101"><strong>Added By</strong></td> </tr> <?php while ($i <= $num_rows) { $notes=mysql_result($result,$i,"notes"); $notedate=mysql_result($result,$i,"notedate"); $updatedby=mysql_result($result,$i,"updatedby"); ?> <tr> <td><br /> <?php echo $notes; ?></td> <td width="136"><br /> <?php echo $notedate; ?></td> <td width="105"><br /> <?php echo $updatedby; ?></td> </tr> <?php $i++; } ?> </table> <hr /> <form action="main.php?id=updatecorptint.php" method="post"> <strong>Add Notes:</strong> <textarea name="notes" cols="50" rows="10"></textarea> <input name="cname" type="hidden" value="<?php echo $cnamedb; ?>" /> <input name="add" type="submit" value="Add Notes" /> </form> </div> <div class="tabbertab"> <?php $sql = "SELECT * FROM `pos` WHERE `corp` = '$corpname'"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); echo"<h2>POS (".$num_rows.")</h2>"; $i=0; ?> POS: <table width="700" border="0" cellspacing="0" cellpadding="0"> <tr> <td><strong>Location</strong></td> <td><strong>Type</strong></td> <td><strong>Size</strong></td> <td><strong>Corp Hangars</strong></td> <td><strong>Ship Hangars</strong></td> <td><strong>Notes</strong></td> </tr> <?php while ($i <= $num_rows) { $location=mysql_result($result,$i,"location"); $type=mysql_result($result,$i,"type"); $size=mysql_result($result,$i,"size"); $changar=mysql_result($result,$i,"changar"); $shangar=mysql_result($result,$i,"shangar"); $notes=mysql_result($result,$i,"notes"); ?> <tr> <td><br /><?php echo $location; ?></td> <td><br /><?php echo $type; ?></td> <td><br /><?php echo $size; ?></td> <td><br /><?php echo $changar; ?></td> <td><br /><?php echo $shangar; ?></td> <td><br /><?php echo $notes; ?></td> </tr> <?php $i++; } ?> </table> <hr /> <form action="main.php?id=addpos.php" method="post"> <table width="350" border="0" cellspacing="0" cellpadding="0"> <tr> <td>Location:</td> <td><label for="location"></label> <input type="text" name="location" id="location" /></td> <td>Type:</td> <td><select name="type"> <option value="Amarr">Amarr</option> <option value="Angel">Angel</option> <option value="Blood">Blood</option> <option value="Caldari">Caldari</option> <option value="Dark Blood">Dark Blood</option> <option value="Domination">Domination</option> <option value="Dread Guristas">Dread Guristas</option> <option value="Gallente">Gallente</option> <option value="Gurstas">Gurstas</option> <option value="Minmatar">Minmatar</option> <option value="Sansha">Sansha</option> <option value="Serpentis">Serpentis</option> <option value="Shadow">Shadow</option> <option value="True Sansha">True Sansha</option> </select></td> <td>Size:</td> <td><select name="size"> <option value="Large">Large</option> <option value="Medium">Medium</option> <option value="Small">Small</option> </select></td> </tr> <tr> <td>Corp Hangars:</td> <td><input name="changar" type="text" size="10" /></td> <td>Ship Hangars:</td> <td><input name="shangar" type="text" size="10" /></td> <td>Notes:</td> <td><textarea name="notes"></textarea></td> </tr> </table> <input name="cname" type="hidden" value="<?php echo $cnamedb; ?>" /> <input name="submit1" type="submit" value="Add POS" /> </form> </div> </div> <?php }} // IF Corp Is Not In DB ELSE { $url = 'http://api.eve-dev.com/eve/CharacterID.xml.aspx?names='.$corpname.''; $xml = simpleXML_load_file($url,"SimpleXMLElement",LIBXML_NOCDATA); $url = 'http://api.eve-dev.com/eve/CharacterID.xml.aspx?names='.$corpname.''; $xml = simpleXML_load_file($url,"SimpleXMLElement",LIBXML_NOCDATA); $corpid = $xml->result->rowset->row['characterID']; $url1 = 'http://api.eve-dev.com/corp/CorporationSheet.xml.aspx?CorporationID='.$corpid.''; $xml1 = simpleXML_load_file($url1,"SimpleXMLElement"); $cname = $xml1->result->corporationName; if($corpid == 0 OR $cname =="") { Echo $corpname."<br>No Corp Found In EVE Database"; } ELSE { $url1 = 'http://api.eve-dev.com/corp/CorporationSheet.xml.aspx?CorporationID='.$corpid.''; $xml1 = simpleXML_load_file($url1,"SimpleXMLElement"); $cname = $xml1->result->corporationName; $url1 = 'http://api.eve-dev.com/corp/CorporationSheet.xml.aspx?CorporationID='.$corpid.''; $xml1 = simpleXML_load_file($url1,"SimpleXMLElement"); $cname = $xml1->result->corporationName; $ticker = $xml1->result->ticker; $ceo = $xml1->result->ceoName; $station = $xml1->result->stationName; $descrption = $xml1->result->description; $alliance = $xml1->result->allianceID; $tax = $xml1->result->taxRate; $members = $xml1->result->memberCount; $username = $_SESSION['username']; mysql_query("INSERT INTO `corps` (`editid` , `id` , `name` , `ticker` , `alliance` , `ceo` , `tax` , `members` , `hq` , `apidate` , `notes` , `notedate` , `updatedby`) VALUES ( '' , '$corpid', '$cname', '$ticker', '$alliance', '$ceo', '$tax', '$members', '$station', NOW(), '', '', '$username')"); header('Location: main.php?id=corpsearch.php&name='.$corpname); exit; } } ?> The problem area is somewhere in here (I think): Code: [Select] // IF Corp Is Not In DB ELSE { $url = 'http://api.eve-dev.com/eve/CharacterID.xml.aspx?names='.$corpname.''; $xml = simpleXML_load_file($url,"SimpleXMLElement",LIBXML_NOCDATA); $url = 'http://api.eve-dev.com/eve/CharacterID.xml.aspx?names='.$corpname.''; $xml = simpleXML_load_file($url,"SimpleXMLElement",LIBXML_NOCDATA); $corpid = $xml->result->rowset->row['characterID']; $url1 = 'http://api.eve-dev.com/corp/CorporationSheet.xml.aspx?CorporationID='.$corpid.''; $xml1 = simpleXML_load_file($url1,"SimpleXMLElement"); $cname = $xml1->result->corporationName; if($corpid == 0 OR $cname =="") { Echo $corpname."<br>No Corp Found In EVE Database"; } ELSE { $url1 = 'http://api.eve-dev.com/corp/CorporationSheet.xml.aspx?CorporationID='.$corpid.''; $xml1 = simpleXML_load_file($url1,"SimpleXMLElement"); $cname = $xml1->result->corporationName; $url1 = 'http://api.eve-dev.com/corp/CorporationSheet.xml.aspx?CorporationID='.$corpid.''; $xml1 = simpleXML_load_file($url1,"SimpleXMLElement"); $cname = $xml1->result->corporationName; $ticker = $xml1->result->ticker; $ceo = $xml1->result->ceoName; $station = $xml1->result->stationName; $descrption = $xml1->result->description; $alliance = $xml1->result->allianceID; $tax = $xml1->result->taxRate; $members = $xml1->result->memberCount; $username = $_SESSION['username']; mysql_query("INSERT INTO `corps` (`editid` , `id` , `name` , `ticker` , `alliance` , `ceo` , `tax` , `members` , `hq` , `apidate` , `notes` , `notedate` , `updatedby`) VALUES ( '' , '$corpid', '$cname', '$ticker', '$alliance', '$ceo', '$tax', '$members', '$station', NOW(), '', '', '$username')"); header('Location: main.php?id=corpsearch.php&name='.$corpname); exit; } } ?> Any one with any ideas? I am trying to integrate facebook login into my application. If the user isn't logged in, I want to make sure that they get sent to the index page, but this doesn't work. Code: [Select] <?php if ($user) { try { // Proceed knowing you have a logged in user who's authenticated. $user_profile = $facebook->api('/me'); } catch (FacebookApiException $e) { $user = null; //echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>'; } } else { header('Location: /'); } ?> Any thoughts on how to fix? The following should be redirecting to a certain page based upon the variables given. If someone is logged into the admincp but enters the address index.php?admincp=users, all that shows up is a blank page, it should re-direct back to the admincp main page; aka index.php?admincp. Everything other than this is working... It's just not going back to the admincp when index.php?admincp=users is entered. <?php require_once 'db_select.php'; require_once 'func.php'; session_start(); $cadmin2=$_SESSION['admin_check']; if($cadmin2=="4" && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){ $SQL1="SELECT position FROM $tbl_name4 WHERE film_number='1' ORDER BY ABS(cost) ASC"; $result1=mysql_query($SQL1) or die(mysql_error()); if($_GET['do']=="add"){ $section.=' - Add User'; $content.=' <div class="main"> <div class="main_header">Add New User</div> <div class="user_form"> <form action="./index.php?admincp=users&do=process&source=new" method="post"> <p><label>Name:</label> <input type="text" name="name" size="30" /></p> <p><label>E-Mail:</label> <input type="email" name="email" size="32" /></p> <p><label>Amount:</label> <input type="text" name="amount" size="8" /></p> <p><label>Username:</label> <input type="text" name="username" size="30" /></p> <p> <label>Level:</label> <select name="level"> <option value=""></option> <option value="nickel">Nickel</option> <option value="copper">Copper</option> <option value="bronze">Bronze</option> <option value="silver">Silver</option> <option value="gold">Gold</option> <option value="platinum">Platinum</option> <option value="palladium">Palladium</option> </select> </p> <p> <label>User Level:</label> <select name="user_level"> <option value="0">No Account</option> <option value="1">Credit Purchase</option> <option value="2">Donation</option> <option value="3">Moderator</option> <option value="4">Admin</option> </select> </p> <p><label>Credit:</label> <select name="credit"> <option value=""></option>'; while($row1=mysql_fetch_array($result1)){ extract($row1); $content.='<option value="'.ucfirst($position).'">'.ucfirst($position).'</option>'; } $content.=' </select> <!--<label>Film Number:</label> <select name="film_number"> <option value=""></option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> </select>--> </p> <p><label>Password:</label> <input type="text" name="password" size="30" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </div> </div> '; } elseif($_GET['do']=="edit"){ if(isset($_GET['id'])){ $id=(int)$_GET['id']; $edit_user_query="SELECT * FROM $tbl_name WHERE $tbl_name.donor_id=$id"; $edit_user_result=mysql_query($edit_user_query); while($edit_user_row=mysql_fetch_array($edit_user_result)){ extract($edit_user_row); } $credits_query="SELECT * FROM donors_credits WHERE donor_id=".$id." ORDER BY id"; $credits_result=mysql_query($credits_query); while($credits_row=mysql_fetch_array($credits_result)){ $credits[]=$credits_row['credit']; } if(count($credits) > 0){ $credit=implode(", ",$credits); } if(!empty($amount)){ $amount=number_format($amount, 2, '.', ','); } $section.=' - Edit User: '.$username.''; $content.=' <div class="main"> <div class="main_header">Edit User - '.(!empty($username) ? ''.$username.'' : ''.$name.'').'</div> <div class="user_form"> <form action="./index.php?admincp=users&do=process&source=edit&id='.$id.'" method="post"> <p><label>Name:</label> <input type="text" name="name" size="30" value="'.$name.'" /></p> <p><label>E-Mail:</label> <input type="email" name="email" size="32" value="'.$email.'" /></p> <p><label>Amount:</label> <input type="text" name="amount" size="8" value="'.$amount.'" /></p> <p><label>Username:</label> <input type="text" name="username" size="30" value="'.$username.'" /></p> <p> <label>Level:</label> <select name="level"> <option value=""'.(empty($level) ? ' selected="selected"' : '').'></option> <option value="nickel"'.($level=="nickel" ? ' selected="selected"' : '').'>Nickel</option> <option value="copper"'.($level=="copper" ? ' selected="selected"' : '').'>Copper</option> <option value="bronze"'.($level=="bronze" ? ' selected="selected"' : '').'>Bronze</option> <option value="silver"'.($level=="silver" ? ' selected="selected"' : '').'>Silver</option> <option value="gold"'.($level=="gold" ? ' selected="selected"' : '').'>Gold</option> <option value="platinum"'.($level=="platinum" ? ' selected="selected"' : '').'>Platinum</option> <option value="palladium"'.($level=="palladium" ? ' selected="selected"' : '').'>Palladium</option> </select> (Blank if something other than Donation) </p> <p> <label>User Level:</label> <select name="user_level"> <option value="0"'.($admin=="0" ? ' selected="selected"' : '').'>No Account</option> <option value="1"'.($admin=="1" ? ' selected="selected"' : '').'>Credit Purchase</option> <option value="2"'.($admin=="2" ? ' selected="selected"' : '').'>Donation</option> <option value="3"'.($admin=="3" ? ' selected="selected"' : '').'>Moderator</option> <option value="4"'.($admin=="4" ? ' selected="selected"' : '').'>Admin</option> </select> </p> <p><label>Credit:</label> <input type="text" name="credit_old" size="30" value="'.$credit.'" disabled="disabled" /></p> <p><label>New Credit:</label> <select name="credit"> <option value=""></option>'; while($row1=mysql_fetch_array($result1)){ extract($row1); $content.='<option value="'.ucfirst($position).'">'.ucfirst($position).'</option>'; } $content.=' </select> <!--<label>Film Number:</label> <select name="film_number"> <option value=""></option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> </select>--> </p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </div> </div> '; } else{ $user_list_query="SELECT * FROM $tbl_name"; $user_list_result=mysql_query($user_list_query); $content=''; while($user_list_row=mysql_fetch_array($user_list_result)){ extract($user_list_row); $content.='<div class="center"><a href="./index.php?admincp=users&do=edit&id='.$donor_id.'">'.(!empty($username) ? ''.$username.'' : ''.$name.'').'</a></div>'; } } } elseif($_GET['do']="process"){ $source=sanitize($_GET['source']); $name=sanitize($_POST['name']); $email=sanitize($_POST['email']); $amount=amount_verify(sanitize($_POST['amount'])); $username=sanitize($_POST['username']); $level=sanitize($_POST['level']); $password=kam3($_POST['password']); $admin=sanitize($_POST['user_level']); //$film_number=sanitize($_POST['film_number']); $credits=sanitize($_POST['credit']); $credits=explode(",",$credits); array_walk($credits, 'trim_value'); if($amount=="00" || $amount==".00"){ $amount=""; } if($_GET['source']=="new"){ $add_user_query="INSERT INTO $tbl_name (username, name, level, amount, password, admin, email) VALUES ('$username', '$name', '$level', '$amount', '$password', '$admin', '$email')"; mysql_query($add_user_query); $insert_id=mysql_insert_id(); if(!empty($credits)){ $CreditArray = array(); foreach($credits as $credit){ $CreditArray[] = "('$credit',$insert_id)"; } if(mysql_affected_rows()==1){ $content.='<div class="center">User Added.</div>'; } if (count($CreditArray) > 0 ){ $credit_array_query="INSERT INTO $tbl_name2 (credit,donor_id) VALUES " . implode(',',$CreditArray); mysql_query($credit_array_query); } } } elseif($_GET['source']=="edit"){ $insert_id=$_GET['id']; $edit_user_query="UPDATE $tbl_name SET username='$username', name='$name', level='$level', amount='$amount', admin='$admin', email='$email' WHERE donor_id='$insert_id'"; mysql_query($edit_user_query); if(!empty($credits)){ $CreditArray = array(); foreach($credits as $credit){ $CreditArray[] = "('$credit',$insert_id)"; } if(mysql_affected_rows()==1){ $content.='<div class="center">User Edited.</div>'; } if (count($CreditArray) > 0 ){ $credit_array_query="INSERT $tbl_name2 (credit,donor_id) VALUES " . implode(',',$CreditArray); mysql_query($credit_array_query); } } } } else{ header('Location: ./index.php?admincp'); } } else{ header("Location: ./index.php?usercp"); } ?> Hi, Struggling to find the problem just getting page is not redirecting properly from browser Code: [Select] <?php function seoclean_ad( $uc_string ) { $seo_clean_string = strtolower( "{$uc_string}" ); $seo_clean_string = str_replace( " ", "_".SS_SEOSPREP."", "{$seo_clean_string}" ); $seo_clean_string = str_replace( "&", "and", "{$seo_clean_string}" ); $seo_clean_string = preg_replace( "[^A-Za-z0-9_-]", "", $seo_clean_string ); $seo_clean_string = "{$seo_clean_string}".SEO_SUFFIX.""; return $seo_clean_string; } function prepare_template_output( $data ) { if ( is_array( $data ) ) { $ret = array( ); foreach ( $data as $key => $value ) { $ret[$key] = prepare_template_output( $value ); } return $ret; } if ( !is_numeric( $data ) ) { $data = stripslashes( $data ); $data = trim( $data ); $data = htmlentities( $data ); } return $data; } function ukDate( $inDate ) { global $outDate; list( $uYear, $uMonth, $uDay ) = explode( "-", "{$inDate}" ); $outDate = "{$uDay}-{$uMonth}-{$uYear}"; return $outDate; } function write_cache( $f_cache_data, $f_cache_file ) { if ( !( $fp = fopen( $f_cache_file, "w" ) ) ) { trigger_error( "Error opening cache file" ); exit( ); } if ( !flock( $fp, LOCK_EX ) ) { trigger_error( "Unable to lock file" ); exit( ); } if ( !fwrite( $fp, serialize( $f_cache_data ) ) ) { trigger_error( "Error writing to cache file" ); exit( ); } flock( $fp, LOCK_UN ); fclose( $fp ); } function read_cache( $f_cache_file ) { if ( !file_exists( $f_cache_file ) ) { trigger_error( "Invalid cache file" ); exit( ); } return unserialize( file_get_contents( $f_cache_file ) ); } function list_options( $arrayname, $mode ) { global $row; global $row_2; $sarray = ""; foreach ( $arrayname as $v ) { if ( !isset( $row['salutation'] ) && $row['salutation'] == $v || isset( $row_2['salutation'] ) && $row_2['salutation'] == $v ) { if ( !isset( $mode ) ) { echo "<option value=\"".$v."\" selected>{$v}</option>\n"; } else { $sarray .= "<option value=\"".$v."\" selected>{$v}</option>\n"; } } else if ( !isset( $mode ) ) { echo "<option value=\"".$v."\">{$v}</option>\n"; } else { $sarray .= "<option value=\"".$v."\">{$v}</option>\n"; } } return $sarray; } function genprevnext( $total_pages, $position, $nresults, $scriptis, $extras ) { global $shopurl; global $seoFriend; global $connection; global $instdir; global $smode; if ( !empty( $smode ) ) { $smodebits = "{$smode}/"; } else { $smodebits = ""; } if ( !empty( $_GET['smode'] ) ) { $smodebits = "".htmlentities( $_GET['smode'] )."/"; } else { $smodebits = ""; } $disppages = intval( $total_pages / $nresults ); if ( $total_pages % $nresults ) { ++$disppages; } if ( $nresults <= $position ) { $current_page_num = $position / $nresults + 1; } else { $current_page_num = 1; } $limit = $nresults; $stages = 3; $position = $position; $page = $position / $nresults + 1; if ( $page ) { $start = ( $page - 1 ) * $limit; } else { $start = 0; } if ( $page == 0 ) { $page = 1; } $prev = $page - 1; $next = $page + 1; $lastpage = ceil( $total_pages / $limit ); $LastPagem1 = $lastpage - 1; $paginglinks = ""; if ( 1 < $lastpage ) { if ( 1 < $page ) { $prevoffset = $position - $nresults; $paginate .= "<a href=\"".$scriptis."?position={$prevoffset}&nresults={$nresults}{$extras}\">« Prev</a>"; } else { $paginate .= "<span class='pagination-disabled'>« Prev</span>"; } if ( $lastpage < 7 + $stages * 2 ) { $counter = 1; for ( ; $counter <= $lastpage; ++$counter ) { $newoffset = $counter * $limit - $limit; if ( $counter == $page ) { $paginglinks .= "<span class=\"pagination-current\">".$counter."</span>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">{$counter}</a>"; } break; } } while ( 1 ); } else if ( 5 + $stages * 2 < $lastpage ) { if ( $page < 1 + $stages * 2 ) { $counter = 1; for ( ; $counter < 4 + $stages * 2; ++$counter ) { $newoffset = $counter * $limit - $limit; if ( $counter == $page ) { $paginglinks .= "<span class=\"pagination-current\">".$counter."</span>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">{$counter}</a>"; } } $paginglinks .= "..."; $newoffsetlm1 = $LastPagem1 * $limit - $limit; $newoffsetlp = $lastpage * $limit - $limit; $paginglinks .= "<a href=\"".$scriptis."?position={$newoffsetlm1}&nresults={$nresults}{$extras}\">{$LastPagem1}</a>"; $paginglinks .= "<a href=\"".$scriptis."?position={$newoffsetlp}&nresults={$nresults}{$extras}\">{$lastpage}</a>"; } else if ( $page < $lastpage - $stages * 2 && $stages * 2 < $page ) { $paginglinks .= "<a href=\"".$scriptis."?position=0&nresults={$nresults}{$extras}\">1</a>"; $paginglinks .= "<a href=\"".$scriptis."?position={$limit}&nresults={$nresults}{$extras}\">2</a>"; $paginglinks .= "..."; $counter = $page - $stages; for ( ; $counter <= $page + $stages; ++$counter ) { $newoffset = $counter * $limit - $limit; if ( $counter == $page ) { $paginglinks .= "<span class=\"pagination-current\">".$counter."</span>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">{$counter}</a>"; } } $paginglinks .= "..."; $newoffsetlm1 = $LastPagem1 * $limit - $limit; $newoffsetlp = $lastpage * $limit - $limit; $paginglinks .= "<a href=\"".$scriptis."?position={$newoffsetlm1}&nresults={$nresults}{$extras}\">{$LastPagem1}</a>"; $paginglinks .= "<a href=\"".$scriptis."?position={$newoffsetlp}&nresults={$nresults}{$extras}\">{$lastpage}</a>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position=0&nresults={$nresults}{$extras}\">1</a>"; $paginglinks .= "<a href=\"".$scriptis."?position={$limit}&nresults={$nresults}{$extras}\">2</a>"; $paginglinks .= "..."; $counter = $lastpage - ( 2 + $stages * 2 ); for ( ; $counter <= $lastpage; ++$counter ) { $newoffset = $counter * $limit - $limit; if ( $counter == $page ) { $paginglinks .= "<span class=\"pagination-current\">".$counter."</span>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">{$counter}</a>"; } } } } $paginate .= $paginglinks; if ( $page < $counter - 1 ) { $newoffset = $position + $nresults; $paginate .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">Next »</a>"; } else { $paginate .= "<span class=\"pagination-disabled\">Next »</span>"; } } if ( $nresults < $total_pages ) { echo $paginate; } function buildCategorySelect( ) { global $connection; global $category_id; $level = "0"; $sql = "SELECT * from categories WHERE category_parent_id='deftl'"; if ( !( $result = @mysql_query( $sql, $connection ) ) ) { exit( "** COULD NOT BUILD CATEGORY DROP DOWN ** ".mysql_error( ) ); } while ( $row = mysql_fetch_array( $result ) ) { $parent = "{$row['category_id']}"; $row[category_name] = stripslashes( "{$row['category_name']}" ); if ( $category_id == $row[category_id] ) { echo "<option value=\"".$row['category_id']."\" selected>+ {$row['category_name']}</option>\n"; } else { echo "<option value=\"".$row['category_id']."\">+ {$row['category_name']}</option>\n"; } getchildren( $parent, $level ); } } function getChildren( $parent, $level ) { global $connection; global $category_id; ++$level; if ( !ctype_digit( $parent ) ) { $parent = ""; } $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."' order by category_name"; if ( !( $result1 = @mysql_query( $sql1, $connection ) ) ) { exit( "Couldn't build category tree child part: ".mysql_error( ) ); } while ( $row1 = mysql_fetch_array( $result1 ) ) { $parent = "{$row1['category_id']}"; if ( $category_id == $row1[category_id] ) { echo "<option value=\"".$row1['category_id']."\" selected>"; } else { echo "<option value=\"".$row1['category_id']."\">"; } $i = 0; for ( ; $i < $level; ++$i ) { echo " "; } echo "|--[".$level."]"; echo " ".$row1['category_name']."</option>\n"; getchildren( $parent, $level ); } } function getChildrenSEL( $parent, $myparent, $level ) { global $connection; global $https; global $category_id; ++$level; if ( !ctype_digit( $parent ) ) { $parent = ""; } $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."' order by category_name"; if ( !( $result1 = @mysql_query( $sql1, $connection ) ) ) { exit( "Couldn't build category tree child part: ".mysql_error( ) ); } while ( $row1 = mysql_fetch_array( $result1 ) ) { $parent = "{$row1['category_id']}"; if ( $myparent == $row1[category_id] ) { echo "<option value=\"".$row1['category_id']."\" selected>"; } else if ( $category_id == $row1[category_id] ) { echo "<option value=\"deftl\">"; } else { echo "<option value=\"".$row1['category_id']."\">"; } $i = 0; for ( ; $i < $level; ++$i ) { echo " "; } echo "|".$level."|"; echo "{$row1['category_name']}</option>\n"; getchildrensel( $parent, $myparent, $level ); } } function makeCategoryMap( ) { global $connection; global $adminurl; $level = "0"; $sql = "SELECT * from categories WHERE category_parent_id='deftl'"; if ( !( $result = @mysql_query( $sql, $connection ) ) ) { exit( "Couldn't build category tree parent part: ".mysql_error( ) ); } while ( $row = mysql_fetch_array( $result ) ) { $parent = "{$row['category_id']}"; $sql3 = "SELECT product_id from products WHERE category_id='".$parent."'"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't get data from products db" ); } $numrows = mysql_num_rows( $result3 ); if ( $numrows < 1 ) { $linker = ""; } else { $linker = "<input type=\"button\" class=\"list\" onclick=\"location.href='".$adminurl."products/productlist.php?category_id={$row['category_id']}'\" value=\"Products ({$numrows})\" />"; } $row[category_name] = stripslashes( "{$row['category_name']}" ); echo "<tr>\n\t\t\t\t<td> + <a href=\"".$adminurl."products/editcategory.php?category_id={$row['category_id']}\" title=\"{$row['category_desc']}\">{$row['category_name']}</a> </td>\n\t\t\t\t<td>"; if ( $row[category_publish] == Y ) { echo "<input type=\"button\" class=\"deactivate\" value=\"(click to deactivate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row['category_id']}&act=N'\" />"; } else { echo "<input type=\"button\" class=\"activate\" value=\"(click to activate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row['category_id']}&act=Y'\" />"; } echo "</td>\n\t\t\t\t<td> <input type=\"button\" class=\"add\" onclick=\"location.href='".$adminurl."products/addproduct.php?category_id={$row['category_id']}'\" value=\"Add\" /> {$linker} </td>\n\t\t\t\t<td> <input type=\"button\" class=\"edit\" onclick=\"location.href='{$adminurl}products/editcategory.php?category_id={$row['category_id']}'\" value=\"Edit\" /> <input type=\"button\" class=\"delete\" value=\"DELETE\" onclick='usr_conf(\"{$adminurl}products/bin/deletecategory.php\",\"category_id={$row['category_id']}\",\"Are you sure you want to delete this category?\");' /> </td>\n\t\t\t</tr>\n"; getchildrenlist( $parent, $level ); } } function getChildrenList( $parent, $level ) { global $connection; global $adminurl; ++$level; $where_in_level = "0"; if ( !ctype_digit( $parent ) ) { $parent = ""; } $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."'"; if ( !( $result1 = @mysql_query( $sql1, $connection ) ) ) { exit( "Couldn't build category tree child part: ".mysql_error( ) ); } while ( $row1 = mysql_fetch_array( $result1 ) ) { ++$where_in_level; $parent = "{$row1['category_id']}"; $level_indent = $level - 1; $i = 0; for ( ; $i < $level_indent; ++$i ) { echo " "; } if ( $last_level == $level ) { echo " "; } else { echo " "; } $i = 0; for ( ; $i < $level; ++$i ) { echo " "; } $sql3 = "SELECT product_id from products WHERE category_id='".$parent."'"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't get data from products db" ); } $numrows = mysql_num_rows( $result3 ); if ( $numrows < 1 ) { $linker = ""; } else { $linker = "<input type=\"button\" class=\"list\" onclick=\"location.href='".$adminurl."products/productlist.php?category_id={$row1['category_id']}'\" value=\"Products ({$numrows})\" />"; } echo "\t<tr>\n\t\t<td> » (".$level.") <a href=\"{$adminurl}products/editcategory.php?category_id={$row1['category_id']}\" title=\"{$row1['category_desc']}\">{$row1['category_name']}</a></td>\n\t\t\t<td>"; if ( $row1[category_publish] == Y ) { echo "<input type=\"button\" class=\"deactivate\" value=\"(click to deactivate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row1['category_id']}&act=N'\" />"; } else { echo "<input type=\"button\" class=\"activate\" value=\"(click to activate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row1['category_id']}&act=Y'\" />"; } echo "</td> \n\t\t\t<td><input type=\"button\" class=\"add\" onclick=\"location.href='".$adminurl."products/addproduct.php?category_id={$row1['category_id']}'\" value=\"Add\" /> {$linker}</td>\n\t\t\t<td> <input type=\"button\" class=\"edit\" onclick=\"location.href='{$adminurl}products/editcategory.php?category_id={$row1['category_id']}'\" value=\"Edit\" /> <input type=\"button\" class=\"delete\" value=\"DELETE\" onclick='usr_conf(\"{$adminurl}products/bin/deletecategory.php\",\"category_id={$row1['category_id']}\",\"Are you sure you want to delete this category?\");' /></td>\n\t</tr>\n"; getchildrenlist( $parent, $level ); $last_level = $level; } } function productcheckcategories( ) { global $connection; global $oktoadd; $sql3 = "SELECT * from categories"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't get data from category db" ); } $numrows = mysql_num_rows( $result3 ); if ( 1 <= $numrows ) { $oktoadd = "Y"; } } function countrycompareDD( $country_dd ) { global $connection; echo "<select name=\"country\">"; $sql3 = "SELECT country_short, country_long from country WHERE zone_id !='0'"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't execute request 1" ); } while ( $row3 = mysql_fetch_array( $result3 ) ) { if ( $row3[country_short] == $country_dd ) { echo "<option value=\"".$row3['country_short']."\" selected>{$row3['country_long']}</option>\n"; } else { echo "<option value=\"".$row3['country_short']."\">{$row3['country_long']}</option>\n"; } } echo "</select>"; } function alternatecolour( $level ) { global $altclass; $class_1 = " class=altlight"; $class_2 = " class=altdark"; $altclass = $class_1; $level % 2 ? 0 : ( $altclass = $class_2 ); } function check_email_address( $email ) { if ( !preg_match( "/[^@]{1,64}@[^@]{1,255}/i", $email ) ) { return FALSE; } $email_array = explode( "@", $email ); $local_array = explode( ".", $email_array[0] ); $i = 0; for ( ; $i < sizeof( $local_array ); ++$i ) { if ( preg_match( ">^(([A-Za-z0-9!#\$%&'*+/=?^_`{|}~-][A-Za-z0-9!#\$%&'*+/=?^_`{|}~\\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))\$>i", $local_array[$i] ) ) { continue; } return FALSE; } if ( !preg_match( "/^\\[?[0-9\\.]+\\]?\$/i", $email_array[1] ) ) { $domain_array = explode( ".", $email_array[1] ); if ( sizeof( $domain_array ) < 2 ) { return FALSE; } $i = 0; for ( ; $i < sizeof( $domain_array ); ++$i ) { if ( preg_match( "/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))\$/i", $domain_array[$i] ) ) { continue; } return FALSE; } } return TRUE; } if ( get_magic_quotes_gpc( ) ) { $in = array( $GLOBALS['_GET'], $GLOBALS['_POST'], $GLOBALS['_COOKIE'] ); while ( list( $k, $v ) = each( &$in ) ) { foreach ( $v as $key => $val ) { if ( !is_array( $val ) ) { $in[$k][$key] = stripslashes( $val ); } else { $in[] =& $in[$k][$key]; } } } unset( $in ); } if ( isset( $_POST ) || isset( $_GET ) ) { $in = array( $GLOBALS['_GET'], $GLOBALS['_POST'] ); while ( list( $k, $v ) = each( &$in ) ) { foreach ( $v as $key => $val ) { if ( !is_array( $val ) ) { if ( ( $key == "txtContent" || $key == "category_desc" || !( $key == "metaadd" ) && !( $admin_ok_check == $_SESSION[admin_ok] ) ) || !preg_match( "/".$adminDir."/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypalcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/updatecurrency.php/", "{$_SERVER['PHP_SELF']}" ) ) { if ( !preg_match( "/createcurrency.php/", "{$_SERVER['PHP_SELF']}" ) ) { $val = preg_replace( "/\\s+/", " ", $val ); $in[$k][$key] = htmlentities( trim( $val ) ); } } } else { $in[] =& $in[$k][$key]; } } } unset( $in ); } $sYear = "2007"; $cwd = dirname( __FILE__ ); $instdir = str_replace( "private", "", "{$cwd}" ); include( "{$instdir}private/config.php" ); include( "{$instdir}private/cache.php" ); include( "{$instdir}private/pca_config.php" ); if ( empty( $shopurl ) ) { header( "Location: install/" ); exit( ); } include( "{$instdir}private/db_connect.php" ); include( "{$instdir}private/messages.php" ); include( "{$instdir}private/shop_messages.php" ); $admin_dirs = array( "settings", "orders", "newsletter", "reports", "shoppers", "products", "content" ); $mtta = array( "mail", "smtp" ); $ppgfields = array( "ppemail", "ppmerchantid", "ppsecret", "pptestmode", "ppinstid", "ppintip", "ppextip", "ppgiftaid", "ppApply3DSecure", "ppApplyAVSCV2", "ppauthmode", "ppsignature" ); $category_style = array( "List with Thumbnail", "List no Thumbnail", "Grid" ); $category_sort_order = array( "Alphabetical", "Newest Items First", "Newest Items Last", "Featured Items First", "Custom Sort", "Price Low - High", "Price High - Low" ); $sf_style = array( "List", "Grid" ); $sf_sort_order = array( "Alphabetical", "By ID", "Randomised" ); $cf_sort_order = array( "Alphabetical", "By ID", "Custom" ); $allow_next = array( "selectdeliveryaddress.php", "revieworder.php", "reviewproduct.php", "revieworder.php?clearptid=Y", "orders.php" ); if ( $_GET[next] && !in_array( "{$_GET['next']}", $allow_next ) ) { echo "Not allowed!"; exit( ); } if ( !ctype_digit( $_GET[cmsid] ) ) { $GLOBALS['_GET'][cmsid] = ""; } $GLOBALS['_GET'][cmsid] = mysql_real_escape_string( "{$_GET['cmsid']}" ); if ( !ctype_digit( $_GET[category_id] ) ) { $GLOBALS['_GET'][category_id] = ""; } $GLOBALS['_GET'][category_id] = mysql_real_escape_string( "{$_GET['category_id']}" ); if ( !ctype_digit( $_GET[product_id] ) ) { $GLOBALS['_GET'][product_id] = ""; } $GLOBALS['_GET'][product_id] = mysql_real_escape_string( "{$_GET['product_id']}" ); if ( !ctype_digit( $_GET[product_xo_id] ) ) { $GLOBALS['_GET'][product_xo_id] = ""; } $GLOBALS['_GET'][product_xo_id] = mysql_real_escape_string( "{$_GET['product_xo_id']}" ); if ( !ctype_digit( $_GET[o_id] ) ) { $GLOBALS['_GET'][o_id] = ""; } $GLOBALS['_GET'][o_id] = mysql_real_escape_string( "{$_GET['o_id']}" ); if ( !ctype_digit( $_GET[p_id] ) ) { $GLOBALS['_GET'][p_id] = ""; } $GLOBALS['_GET'][p_id] = mysql_real_escape_string( "{$_GET['p_id']}" ); if ( !ctype_digit( $_GET[a_id] ) ) { $GLOBALS['_GET'][a_id] = ""; } $GLOBALS['_GET'][a_id] = mysql_real_escape_string( "{$_GET['a_id']}" ); $GLOBALS['_POST'][query_string] = mysql_real_escape_string( "{$_POST['query_string']}" ); if ( !ctype_digit( $_POST[pre_xo_id] ) ) { $GLOBALS['_POST'][pre_xo_id] = ""; } $GLOBALS['_POST'][pre_xo_id] = mysql_real_escape_string( "{$_POST['pre_xo_id']}" ); if ( !ctype_digit( $_POST[p_id] ) ) { $GLOBALS['_POST'][p_id] = ""; } $GLOBALS['_POST'][p_id] = mysql_real_escape_string( "{$_POST['p_id']}" ); if ( !ctype_digit( $_POST[qty] ) ) { $GLOBALS['_POST'][qty] = ""; } $GLOBALS['_POST'][qty] = mysql_real_escape_string( "{$_POST['qty']}" ); $GLOBALS['_POST'][loginemail] = mysql_real_escape_string( "{$_POST['loginemail']}" ); $GLOBALS['_POST'][loginpass] = mysql_real_escape_string( "{$_POST['loginpass']}" ); if ( $_POST[mail_outs] != "Y" && $_POST[mail_outs] != "N" ) { $GLOBALS['_POST'][mail_outs] = "Y"; } $GLOBALS['_POST'][mail_outs] = mysql_real_escape_string( "{$_POST['mail_outs']}" ); $GLOBALS['_POST'][old_password] = mysql_real_escape_string( "{$_POST['old_password']}" ); $GLOBALS['_POST'][confirm_password] = mysql_real_escape_string( "{$_POST['confirm_password']}" ); $search = array( "@<script[^>]*?>.*?</script>@si", "@<[\\/\\!]*?[^<>]*?>@si", "@&(quot|#34);@i", "@&(amp|#38);@i", "@&(lt|#60);@i", "@&(gt|#62);@i", "@&(nbsp|#160);@i", "@&(iexcl|#161);@i", "@&(cent|#162);@i", "@&(pound|#163);@i", "@&(copy|#169);@i", "@&#(\\d+);@e" ); $replace = array( "", "", "\\1", "\"", "&", "<", ">", " ", chr( 161 ), chr( 162 ), chr( 163 ), chr( 169 ), "chr(\\1)" ); $GLOBALS['_POST'][company] = mysql_real_escape_string( "{$_POST['company']}" ); $GLOBALS['_POST'][company] = mysql_real_escape_string( "{$_POST['company']}" ); $GLOBALS['_POST'][company] = preg_replace( $search, $replace, $_POST[company] ); $GLOBALS['_POST'][first_name] = mysql_real_escape_string( "{$_POST['first_name']}" ); $GLOBALS['_POST'][first_name] = preg_replace( $search, $replace, $_POST[first_name] ); $GLOBALS['_POST'][last_name] = mysql_real_escape_string( "{$_POST['last_name']}" ); $GLOBALS['_POST'][last_name] = preg_replace( $search, $replace, $_POST[last_name] ); $GLOBALS['_POST'][email] = mysql_real_escape_string( "{$_POST['email']}" ); $GLOBALS['_POST'][email] = preg_replace( $search, $replace, $_POST[email] ); $GLOBALS['_POST'][no_name] = mysql_real_escape_string( "{$_POST['no_name']}" ); $GLOBALS['_POST'][no_name] = preg_replace( $search, $replace, $_POST[no_name] ); $GLOBALS['_POST'][street] = mysql_real_escape_string( "{$_POST['street']}" ); $GLOBALS['_POST'][street] = preg_replace( $search, $replace, $_POST[street] ); $GLOBALS['_POST'][town] = mysql_real_escape_string( "{$_POST['town']}" ); $GLOBALS[ Partially a continuation from my other thread, as this a little similar, but... The below should be redirecting a user that is not logged into the admin control panel back to the admincp log-in page. Instead it's showing the actual page. This is only the case if the user has a cadmin number of 3 or 4... so it is limiting the access to people that should have access and blocking those that shouldn't. But it should still be pointing a user not logged in back to the admincp log-in page because the mypassword3 session variable should not be set. When I var_dump $_SESSION mypassword3 is NULL. Everything else is set properly. <?php require_once 'db_select.php'; require_once 'func.php'; session_start(); $cadmin2=$_SESSION['admin_check']; if($cadmin2=="4" || $cadmin2=="3" && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){ if($_GET['view']=="applications"){ $section.=' - New Applications'; $content.=' <div class="main"> <div class="main_header">New Investor Applications</div> </div> '; } elseif($_GET['view']=="accounts"){ $section.=' - View Accounts'; $content.=' <div class="main"> <div class="main_header">View Investor Accounts</div> </div> '; } else{ header("Location: ./index.php?admincp"); } } else{ header("Location: ./index.php?usercp"); } ?> Here's the admin panel/admin panel log-in if it helps anything: <?php require_once 'func.php'; session_start(); $cadmin2=$_SESSION['admin_check']; if($cadmin2=="3" || $cadmin2=="4"){ if(isset($_SESSION['myusername2']) && kam3($_POST['password'])==$_SESSION['mypassword2'] || isset($_SESSION['myusername2']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){ if(!empty($_POST['password'])){ $_SESSION['mypassword3']=kam3($_POST['password']); } $content.=' <div class="main"> <p class="main_header">Admin Control Panel</p> </div> <div class="usercp_links">'; if($cadmin2=="4"){ $content.=' <div class="ilink"> <a href="./index.php?admincp=users&do=add">New User</a> </div> <div class="ilink"> <a href="./index.php?admincp=investors&view=applications">Investor Applications</a> </div> <div class="ilink"> <a href="./index.php?admincp=requests&view=donation">Additional Donation Requests</a> </div> '; } $content.=' <div class="ilink"> <a href="./index.php?admincp=manage&view=ideas">Manage Idea Submissions</a> </div> </div> <div class="usercp_links">'; if($cadmin2=="4"){ $content.=' <div class="ilink"> <a href="./index.php?admincp=users&do=edit">Edit Users</a> </div> <div class="ilink"> <a href="./index.php?admincp=investors&view=accounts">Investor Accounts</a> </div> <!--<div class="ilink"> <a href="./index.php?admincp=requests&view=credit">Additional Credit Requests</a> </div>-->'; } $content.=' <div class="ilink"> <a href="./index.php?admincp=manage&view=exclusive">Manage Exclusive Content</a> </div> <div class="ilink"> <a href="./logout.php?logout=admin">Log-Out</a> </div> </div>'; } else{ if(!isset($_SESSION['myusername2'])){ header("Location: ./index.php"); } $content=' <table class="actors_table"> <tr> <td align="center">'; if(isset($_GET['e']) && $_GET['e']=="0") { $content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>'; } else{ $content .=""; } $content .='Re-Type your password to view this information: <form action="" method="post"> <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p> <p>Password: <input type="password" name="password" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </td> </tr> </table> '; } } else{ header("Location: ./index.php?usercp"); } ?> Is it okay to redirect a user to another page - which displays an outcome message - after a form is submitted? Debbie I have a program that is loaded into an iframe, more specifically the fancybox modal window app. It is the one here http://www.phpfreaks.com/forums/index.php?topic=332297.0 which dragonSA and others so graciously helped me with. On completion of the program (no errors), I want it to redirect the entire page to a new one. (the user successfully logs in) The problem it seems is that my header('URL'); redirects to the page, but within the iframe. I want the top frame to redirect, and obviously closing the modal window. I did some research and it seems that frames are client-side while PHP is getting processed server-side so it's unable to target another frame. I believe that this makes it out of PHP's scope to do this, but I am not sure. I did some more research and a lot of people on the web are using javascript to do this, but none of the examples showed how it could be implemented in something like mine (after a true if statement inside the php script). Code: [Select] // the following code is inside a <?php ?> statement if (count($aError) == 0) { header( 'Location: http://www.site.com/welcome.html' ) ; } How can I write a 404 file to redirected any 'not found' page with structure of example.com/something/more/final.html to example.com/search?q=something+more+final Thanks Hello everyone, I'm not a php coder so I really need help on a simple question... I am trying to direct users to a page in my mySQL database (http://www.educatorsoverseas.com/index.php?section=teacher&act=registration) via the button form below: <FORM METHOD="LINK" ACTION="http://www.educatorsoverseas.com/index.php?section=teacher&act=registration" target="_blank"> <INPUT TYPE="submit" VALUE="Sign Up"> </FORM> But when when users click on the button it is directing instead to the mySQL authentication page (http://www.educatorsoverseas.com/index.php?section=auth). I don't know why this is happening but can anyone tell me how to make it go to the proper page? When I copy and paste the correct page it works, so I am at a loss as to what to do. This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=315463.0 I am trying to make a login and direct for my clients. I have all the login stuff working but can't figure out how to redirect specific clients to their pages only. Any help anyone can offer would be great. Code: [Select] <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Hi I am trying to upload images and add the details to a database, the problem I have is the photos are not being uploaded or added to the database but the page is redirecting to the next page in the process I have. The images are selected using this code Code: [Select] <?php include("config.inc.php"); // initialization $photo_upload_fields = ""; $counter = 1; // default number of fields $number_of_fields = 10; // If you want more fields, then the call to this page should be like, // preupload.php?number_of_fields=20 //if( $_GET['number_of_fields'] ) //$number_of_fields = (int)($_GET['number_of_fields']); // Lets build the Photo Uploading fields while( $counter <= $number_of_fields ) { $photo_upload_fields .=<<<__HTML_END <tr> <td> Photo {$counter}: <input name=' photo_filename[]' type='file' /> </td> </tr> <tr> <td> Title: <input name='photo_title[]' type="text" size="30"> </td> </tr> __HTML_END; $counter++; } ?> html code for page look and feel <form enctype='multipart/form-data' action='upload.php' method='post' name='upload_form'> <table width='90%' border='0' align='center' style='width: 90%;'> <!-Insert the photo fields here --> <?php echo $photo_upload_fields;?> <tr> <td> <input name="lot_id" type="text" value="<?php echo $lot_id; ?>" /><input type='submit' name='submit' value='Add Photos' /> </td> </tr> </table> </form> and then uploaded with this Code: [Select] <?php include("config.inc.php"); // initialization $result_final = ""; $counter = 0; // List of our known photo types $known_photo_types = array( 'image/pjpeg' => 'jpg', 'image/jpeg' => 'jpg', 'image/gif' => 'gif', 'image/bmp' => 'bmp', 'image/x-png' => 'png' ); // GD Function List $gd_function_suffix = array( 'image/pjpeg' => 'JPEG', 'image/jpeg' => 'JPEG', 'image/gif' => 'GIF', 'image/bmp' => 'WBMP', 'image/x-png' => 'PNG' ); // Fetch the photo array sent by preupload.php $photos_uploaded = $_FILES['photo_filename']; // Fetch the photo caption and title array $photo_title = $_POST['photo_title']; while( $counter <= count($photos_uploaded) ) { if($photos_uploaded['size'][$counter] > 0) { if(!array_key_exists($photos_uploaded['type'][$counter], $known_photo_types)) { $result_final .= "File ".($counter+1)." is not a photo<br />"; } else { mysql_query( "INSERT INTO gallery_photos(`photo_filename`,`category_id`, `photo_title`) VALUES('0','".addslashes($_POST['lot_id'])."', '".addslashes($photo_title[$counter])."')" ); $new_id = mysql_insert_id(); $filetype = $photos_uploaded['type'][$counter]; $extention = $known_photo_types[$filetype]; $filename = $new_id.".".$extention; mysql_query( "UPDATE gallery_photos SET photo_filename='".addslashes($filename)."' WHERE photo_id='".addslashes($new_id)."'" ); // Store the orignal file copy($photos_uploaded['tmp_name'][$counter], $images_dir."/".$filename); // Let's get the Thumbnail size $size = GetImageSize( $images_dir."/".$filename ); if($size[0] > $size[1]) { $thumbnail_width = 100; $thumbnail_height = (int)(100 * $size[1] / $size[0]); } else { $thumbnail_width = (int)(100 * $size[0] / $size[1]); $thumbnail_height = 100; } // Build Thumbnail with GD 1.x.x, you can use the other described methods too $function_suffix = $gd_function_suffix[$filetype]; $function_to_read = "ImageCreateFrom".$function_suffix; $function_to_write = "Image".$function_suffix; // Read the source file $source_handle = $function_to_read ( $images_dir."/".$filename ); if($source_handle) { // Let's create an blank image for the thumbnail $destination_handle = ImageCreate ( $thumbnail_width, $thumbnail_height ); // Now we resize it ImageCopyResized( $destination_handle, $source_handle, 0, 0, 0, 0, $thumbnail_width, $thumbnail_height, $size[0], $size[1] ); } // Let's save the thumbnail $function_to_write( $destination_handle, $images_dir."/tb_".$filename ); ImageDestroy($destination_handle ); // $result_final .= "<img src='".$images_dir. "/tb_".$filename."' /> File ".($counter+1)." Added<br />"; } } $counter++; } // redirect to Add Vehicle Damage header("Location: vehicle-damage.php"); ?> It is however redirecting to the header indicated at the bottom of the page. I can't see why the photos are not uploading or being added to the database. Hi everyone, I have a page that contains a registration form that writes the users details to a mysql database. Im having some difficulties redirecting to a thank you page after the details have successfully been submitted. I have tried using header("location: http://whatever.com/thankyou.php"); at the very top of the page however i get redirected as soon as the page loads. Please could someone suggest a good way to redirect to the thankyou page after the data has been inserted to the database? I have included my code if it helps. Thanks <? header("Location: thanks.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form name="registration_form" method="post"> First Name: <input value = "<?php print $_POST["first_name"]; ?>" type="text" name="first_name"><br /> Last Name: <input value = "<?php print $_POST["last_name"]; ?>" type="text" name="last_name"><br /> Email: <input value = "<?php print $_POST["email"]; ?>" type="text" name="email"><br /> Confirm Email: <input value = "<?php print $_POST["confirm_email"]; ?>" type="text" name="confirm_email"><br /> Username: <input value = "<?php print $_POST["username"]; ?>" type="text" name="username"><br /> Password: <input type="password" name="password"><br /> Confirm Password: <input type="password" name="confirm_password"><br /> <input type="submit" name="submit" value="Register"> </form> <?php $connect=mysql_connect("localhost","leemp5_admin","p7031521"); mysql_select_db("leemp5_database",$connect) or die (mysql_errno().":<b> ".mysql_error()."</b>"); if (isset($_POST['submit'])) { if (empty($_POST['first_name'])){ echo ('Please enter your first name<br />');} if (empty($_POST['last_name'])){ echo ('Please enter your last name<br />');} if (empty($_POST['email'])){ echo ('Please enter your email address<br />');} if (!empty($_POST['email'])){ if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){ echo ('The email address you entered is not valid<br />');}} $email = $_POST["email"]; $emailquery = mysql_query("SELECT * FROM users WHERE email='$email'"); if(mysql_num_rows($emailquery) != 0){ echo ('The email you have entered is already in use<br />');} if (empty($_POST['confirm_email'])){ echo ('Please confirm your email address<br />');} if (!empty($_POST['email']) && !empty($_POST['confirm_email']) &&($_POST['email']) != ($_POST['confirm_email'])){ echo ('The emails you entered do not match<br />');} if (empty($_POST['username'])){ echo ('Please enter your username<br />');} if (empty($_POST['password'])){ echo ('Please enter your password<br />');} if (empty($_POST['confirm_password'])){ echo ('Please confirm your password<br />');} if ($_POST['password'] != $_POST['confirm_password']){ echo ('The passwords you entered do not match');} $username = $_POST["username"]; $usernamequery = mysql_query("SELECT * FROM users WHERE username='$username'"); if(mysql_num_rows($usernamequery) != 0){ echo ('The username you have entered is already in use<br />');} if (!empty($_POST['first_name']) && !empty($_POST['last_name']) && !empty($_POST['email']) && !empty($_POST['confirm_email']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['confirm_password']) && ($_POST['email']) == ($_POST['confirm_email']) && (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) && ($_POST['password'] == $_POST['confirm_password']) && (mysql_num_rows($emailquery) == 0) && (mysql_num_rows($usernamequery) == 0)) { $insert_query = 'insert into users (username,first_name,last_name,email,password) values ( "' . $_POST['username'] . '", "' . $_POST['first_name'] . '", "' . $_POST['last_name'] . '", "' . $_POST['email'] . '", "' . $_POST['password'] . '" )'; mysql_query($insert_query);} } ?> </body> </html> I'm assuming this has something to do with cookies, which I am not to familiar with as I am pretty new to this PHP world and have mostly worked with wordpress... but this question was brought up to me, and I don't know where to start. If a user is signed up for the mailing list on a site, we would like the home page the user lands on to be different than the page a new visitor who isn't signed up for the mailing list would see. I have tried to google this, but maybe I am using the wrong choices of words? Any advice, links, etc would be so so soooo appreciated. Thanks V Hi, I am sending data from a form to a URL using $_GET but I would also like the user to be redirected to a thankyou page which is a different URL. Does anyone know if this is possible? Thanks, Hi there, I wrote a pretty simple html form that inputs data into my database. I've included a truncated version of it, There are a lot more fields. Basically when i hit the submit it processes input.php but after its been successful the page is still at input.php in the browser Is there anyway to take the page back to the page i was using to input data Code: [Select] <form action="insert.php" method="post"> <p>Adornment Name: <br> <input type="text" name="name"> <br> <br> Quality: <br> <select name="quality"> <option value="Other">Other Not Listed</option> <option value="Superior">Superior</option> <option value="Greater">Greater</option> <option value="Lesser">Lesser</option> <option value="Raid">Raid</option> <option value="Faction">Faction</option> </select> </form> Code: [Select] include 'db_connect.php'; $sql="INSERT INTO $db_table (name, quality) VALUES ( '$_POST[name]', '$_POST[quality]')"; if (!mysql_query($sql,$db)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($db) ?> so the user is reading a story, to finish reading he has to click a link that redirects them to the signup page. Code: [Select] <?php session_start(); $beginurl = $_SERVER['HTTP_REFERER']; $_SESSION['beginurl'] = $beginurl; echo $_SESSION['beginurl']; ?> <html> <head> </head> <body> <script type="text/javascript"><!-- location.replace("http://www.mysite.com/members/"); //--></script> </body> </html> When they get to the second page, they have to click a link that opens up a modal. this is the code that runs when they hit the register button Code: [Select] session_start(); $beginurl = $_SESSION['beginurl']; $beginurl= (isset($_SESSION['beginurl'])) ? $_SESSION['beginurl'] : 'Error'; if( $_SESSION['status'] ='authorized') $_SESSION['$makemodal'] = 0; //sends the user to the page upon successful password credential if(!isset($_SESSION['SESS_USERID'])||(trim($_SESSION['SESS_USERID']=='admin'))) { echo '<script language="javascript">'; echo "top.location.href = $beginurl"; echo '</script>'; exit(); } Am I passing this variable correctly? and I'm not sure if the top.location.href towards the bottom is correct either, right now after I hit the register button I'm redirected to a blank page where the url is, "http://www.mysite.com/function Error() { [native code]}" Hi: I can't seem to get the 2 Functions to write properly to the page: myLogin.php Code: [Select] <?php include('../include/myConn.php'); //contains your mysql connection and table selection include('../include/myCodeLib.php'); include('include/myAdminNav.php'); ob_start(); // Connect to server and select database. //mysql_connect("$host", "$username", "$password")or die("cannot connect"); //mysql_select_db("$db_name")or die("cannot select DB"); // Define $myUserName and $myPassword $myUserName=$_POST['myUserName']; $myPassword=$_POST['myPassword']; // To protect MySQL injection (more detail about MySQL injection) $myUserName = stripslashes($myUserName); $myPassword = stripslashes($myPassword); $myUserName = mysql_real_escape_string($myUserName); $myPassword = mysql_real_escape_string($myPassword); $sql="SELECT * FROM myAdmins WHERE myUserName='$myUserName' and myPassword='$myPassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myUserName and $myPassword, table row must be 1 row if($count==1){ // Register $myUserName, $myPassword and redirect to file "a_Home.php" session_register("myUserName"); session_register("myPassword"); header("location:a_Home.php"); } else { echo " <!DOCTYPE HTML> <html> <head> <meta name=\"author\" content=\"MontyTheWebmaster.com\" /> <meta charset=\"ISO-8859-1\" /> <meta http-equiv=\"refresh\" content=\"5;url='Login.php'\"> <title>Admin Area</title> <?php echo spAdminLinks(); ?> </head> <body> <div id=\"siteContainer\"> <div id=\"topContainer\"> </div> <div id=\"topMenuContainer\"> <div id=\"topMenu\"> </div> </div> <div id=\"contentContainer\"> <div id=\"mainContent\"> <h1>Incorrect User Name or Password.</h1> <p>You will now be re-directed back to the login area to try again, or <a href=\"Login.php\">click here</a>.</p> </div> <div style=\"clear: both;\"></div> </div> <div id=\"footerContainer\"> <?php echo spAdminFooter(); ?> </div> </div> </body> </html> "; } ob_end_flush(); ?> Meaning, these 2: Code: [Select] <?php echo spAdminLinks(); ?> <?php echo spAdminFooter(); ?> I know I asked about this before, but can't remember what the solution was .. sighhh .. I know it has something to do with the already being in an "echo" tag .. Anyone help me out? <?php require_once('upper.php'); $error_msg=''; if(!isset($_COOKIE['LoginIdCookie'])){ if(isset($_POST['submit'])) { require_once('database.php'); $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password=mysqli_real_escape_string($dbc,trim($_POST['Password'])); if((!empty($LoginId)) && (!empty($Password))){ $query="SELECT * FROM registration WHERE LoginId='$LoginId' AND Password=SHA('$Password') AND Flag='A'"; $result=mysqli_query($dbc,$query) or die('Not Connected'); if(mysqli_num_rows($result)==1) { $row=mysqli_fetch_array($result); setcookie('LoginIdCookie',$row['LoginId']); //$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index1.php'; header('Location: index1.php'); } else{ echo 'Enter right UserName/Password combination or You may not approved yet. '; echo '<a href="ForgetPassword.php">Can\'t access your account?"</a>'; }} else{ echo' Fill all fields'; } }} ?> <html> <title>Log In</title> <body> <?php if(empty($_COOKIE['LoginIdCookie'])) { echo $error_msg; ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF'] ;?>" > <div class="LoginValidator"> <fieldset> <legend> Log In</legend><table><tr><td> <label for="username">User Name :</label><br/><br/></td> <td><input type="text" name="LoginId"><br/><br/></tr> <td><label for="password">Password :</label></td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type="password" name="Password"><br/></td></tr></table> <input type="submit" name="submit" value="Login" class="Login_button"> </fieldset> </div> </form> <?php } else{ echo 'You are logged in as '.$_COOKIE['LoginIdCookie']; } require_once('lower.php'); mysqli_close($dbc); ?> HI friends.......... In above code when I enter wrong user name or password, it displays error msg properly but problem is that when i enter right user name and password instead to redirect to index1.php it displays LoginPage again.......... I think cookie is not created as well.......... I can't understand where is problem???????/ please help me.................... |