Nested IF statements and running code - oh my!

Hi all,

I’m pretty new to php, but I was making a login script for my website, the script worked beautifully but it was enclosed in an IF statement to stop the username/password wrong message appearing the first time the page was loaded. This worked fine again but i disabled the IF statement for testing - only it still logs in!
I’ve pasted my code below but it has me stumped as to why this code block runs at all?

Please help!

	if ($_POST["Username1"] != $_POST["Username1"]){
	// To protect MySQL injection
	$myusername = $_POST["Username1"];
	$mypassword = $_POST["Password1"];
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	$sql="SELECT PID FROM login WHERE username='$myusername' and password='$mypassword'";

	echo '<script language="Javascript">';
	echo 'window.location="main.php"';
	echo '</script>';
	else {
	echo "Wrong Username or Password";

the working code before was identical, but the top line read if ($_POST[“Username1”] != null){

also i have tried if (1==2){ - but even that still logs in!
any help anyone can give would be much appreciated.

also i have tried if (1==2){ - but even that still logs in!

This is not possible. You need to check your other code. Maybe your login form’s action is set to different url, etc.
As an option try to coment out all these lines you want disabled, and I’m sure you will see it still logs in.

Ah yeah, you’re right. revisiting it showed its not working now… i’ve made several changes, but none i thought would have affected this. Must have been a mistake on my part.

Similarly though, i’ve tried to make a redirect back to the login page (from the main page) if the user is not logged in.

i used:


<?php if ($_SESSION['UID'] == null) { echo ''; } ?>


but it redirects back to login, even if the user sucessfully ran the script i used before. i’ve also tried == “” but that does the same - can i ask what is the correct syntax/symantics please?

Do you have this at top of your script, before the code you posted here?

In fact you should call session_start() function in each script where you want to track session. I.e. if you refer to session array $_SESSION in some script, make sure you have session_start(); before this reference.

Also, I am not sure about ‘null’, but I would do this:
[php]if(isset($_SESSION[‘UID’]) and $_SESSION[‘UID’]!=’’) {
// …

And, finally, about redirect… You are making redirect using javascript. This will work only if document loaded to the browser, on the onLoad event. To redirect properly with PHP you need to do this:
if(isset($_SESSION[‘UID’]) and $_SESSION[‘UID’]!=’’) {
header(‘Location: login.php’);

But again, there should be NO any output before this code. First you send headers to a browser, then content. In this example, you only send headers.


Thanks for all your assistance with this - it’s much appreciated.

Yes, I have a session start in my code - but only on the login page - I thought I only needed to call it once, but as I understand your post I need it on every page that uses the session info? If so this could well be the problem.

I tried using a header call to redirect, but I had output before it. Once I get back i’ll try and rearrange the code to avoid this, but the javascript redirect worked anyway - the issue is that it is always called. I’m guess this might be because of the session_start(); missing from this page?

Again, thanks for your help with this.

I would still recomment to separate javascript program flow from PHP. Because PHP is executed on server side, and javascript - in browser. In other words, by the time when page loaded to your browser, PHP code already finished its work - HTML page generated and outputted to browser. Javascript start working only after page HTML page is loaded to browser.

Sponsor our Newsletter | Privacy Policy | Terms of Service