php login redirection issue

General PHP Help
#1

Thank you in advance for looking and assistance with this.

I am a php noob… lets get that right out of the way.

i was contracted to revise a website. It uses an old php member log in system.

http://www.nbmbaapgh.org/career1.php

when one clicks on the Career Bank link without logging in, it takes you to the OLD site, it should keep you on the same page with a error message saying blah blah blah…

I have revised the following php coding with ONLY changing the appropriate links… thats it… and I cannot find for the life of me the redirection area if there is a error. Any assistance understanding what is going on would be helpful.

The following is the registration.php code

[code]<?php

// Set user Information - Test Environment

  include "../_private/DatabaseConnect.inc";

// Create a new session or find an existing one.

session_start();

// Set Email Port - Default Port will not work
 
ini_set('smtp_port','465');

// Initialize Local Variables

$CloseDatabase = false;
$debug = true;
$EmailHeader = "From: [email protected]";
$EmailSubject = "Username and Password - National Black MBA Association Pittsburgh Chapter Web Server";
$headerstring = "Location: ../career1.php";

// Get Submit Button that triggered event

$Operation = $_POST['Operation'];

if ($Operation == "Login")
{             
    // Welcome visitor and set privileges
    
    if (Login())
    {        
        if ($_SESSION['Registered'])
        {
            // check password
            
            if (empty($_POST['Password_LoginForm']) || strcmp($_SESSION['Password_LoginForm'],$_SESSION['Password']))
            {   
                $_SESSION['Message'] = "Invalid or Missing Password - Try Again";
                header($headerstring);
                exit;
             }
           
            $_SESSION['ChangePassword'] = "no";
            $_SESSION['LoggedIn'] = "yes";
            $_SESSION['Message'] = "Welcome " . $_SESSION['FullName'];
        
            GrantAccess();
        }
            
        else
        {
            $_SESSION['ChangePassword'] = "yes";
            $_SESSION['LoggedIn'] = "no";
            $_SESSION['Message'] = "Change " . $_SESSION['FullName'] . " Registration.";
        }
    }
    
    // Close database connection if flag is true.

    if ($CloseDatabase)
    {
        if (!mysql_close($connection))
            if ($debug)
                {
                    $_SESSION['Message'] = "Error " . mysql_errno() . " : " .mysql_error() . "Hostname: " . $hostname;
                    header($headerstring);
                }
    }

    if (!empty($_SESSION['GoToURL']))
        $headerstring = "Location: ../career1.php" . $_SESSION['GoToURL'];
    else
        $headerstring = "Location: ../career1.php";
    
        
    header($headerstring);
    exit;    
}

else if ($Operation == "Send Password")
{
    // email username and password to owner
    
    if (Login())
    {
        
        if (!$_SESSION['Registered'])
        {        
             $_SESSION['ChangePassword']= "yes";
             $_SESSION['Message'] = $_SESSION['FullName'] . " is not registered.";

             header($headerstring);
             exit;
        }
        
        if (!empty($_SESSION['EMail']))
        {
            //$EmailRecipient = "[email protected]";
            $EmailRecipient = $_SESSION['EMail'];
            
            $EmailMessage = "Name: " . $_SESSION['FullName'] . "    Member Number: " . $_SESSION['ID_Number'] . "\n" .
                            "Username: " . $_SESSION['Username'] . "    Password: " . $_SESSION['Password'];

            $success = mail($EmailRecipient, $EmailSubject, $EmailMessage, $EmailHeader);
        
            if (success)
                $_SESSION['Message'] = "Username & Password for " . $_SESSION['FullName'] ." sent to ". $EmailRecipient;
            else
                $_SESSION['Message'] = "Email attempt for " . $_SESSION['FullName'] . " to " . $EmailRecipient . " Failed";
        }
        else
            $_SESSION['Message'] = "No email address found for " . $_SESSION['FullName'];
            
            
        // Close database connection if flag is true.

        if ($CloseDatabase)
        {
            if (!mysql_close($connection))
                if ($debug) $_SESSION['Message'] = "Error " . mysql_errno() . " : " .mysql_error() . "Hostname: " . $hostname;
        }        
    }
    header($headerstring);          
    exit;
}

else if ($Operation == "Logout")
{
    // Select Log In Form
    
    $_SESSION['CareerBank_Access'] = "disabled";
    $_SESSION['ChangePassword'] = "no";
    $_SESSION['GoToURL'] = "";
    $_SESSION['LoggedIn'] = "no";
    
    $_SESSION['Message'] = $_SESSION['FullName'] . " Logged Out.";
    header($headerstring);
    exit;       
}
    
else if ($Operation == "Change Password")
{
    // Return to home page to enter Username and Password.
    
    $_SESSION['ChangePassword']= "yes";
    $_SESSION['Message'] = "Change " . $_SESSION['FullName'] . " Registration";

    header($headerstring);
    exit;
}
       
else if ($Operation == "Change")
{
    // Change password
    
    if (Login())
    {                           
        $query = mysql_query("LOCK TABLES usercredentials WRITE",$connection);
        if (mysql_errno($connection)&& debug)
        {
            $_SESSION['Message'] = "Error " . mysql_errno() . " : " . mysql_error() . "Hostname: " . $hostname;
            header($headerstring);
            exit;
        }
        
        if ($_SESSION['Registered'])
        {
            $UpdateQuery = sprintf("UPDATE usercredentials SET
            ID_Number = '%s', Full_Name = '%s', Username = '%s', Password = '%s', Access_Code = %s WHERE ID_Number = '%s'",
            $_SESSION['Member_Number'], $_SESSION['FullName'], $Username_ChangeForm, $Password_ChangeForm, $_SESSION['Access_Code'], $_SESSION['Member_Number']);
            
            $success = mysql_query($UpdateQuery, $connection);
            
            if (!$success && debug)
            {
                $_SESSION['Message'] = "Update Query: " . $UpdateQuery;
                header($headerstring);
                exit;
            }
        }
        else
        {
            $InsertQuery = sprintf("INSERT INTO usercredentials SET
            ID_Number = '%s', Full_Name = '%s', Username = '%s', Password = '%s', Access_Code = %s",
            $_SESSION['Member_Number'], $_SESSION['FullName'], $Username_ChangeForm, $Password_ChangeForm, $_SESSION['Access_Code']);

            $success = mysql_query($InsertQuery,$connection);
            
            if (!$success && debug)
            {
                $_SESSION['Message'] = "Insert Query: " . $InsertQuery;
                header($headerstring);
                exit;
            }
            
            $_SESSION['Registered'] = true;
        }
        
        $_SESSION['ChangePassword'] = "no";
        $_SESSION['LoggedIn'] = "yes";
        $_SESSION['Message'] = "Welcome " . $_SESSION['FullName'] . "<br>";
        
        GrantAccess();

        if (!empty($_SESSION['GoToURL']))
            $headerstring = "Location: ../" . $_SESSION['GoToURL'];
        
        if (success && mysql_affected_rows($connection)== 1 && !empty($_SESSION['EMail']))
        {
            //$EmailRecipient = "[email protected]";
            $EmailRecipient = $_SESSION['EMail'];
            
            $EmailMessage = "Name: " . $_SESSION['FullName'] . "    Member Number: " . $_SESSION['Member_Number'] . "\n" .
                            "Username: " . $Username_ChangeForm . "    Password: " . $Password_ChangeForm;

            $success = mail($EmailRecipient, $EmailSubject, $EmailMessage, $EmailHeader);
        
            if (success)
                $_SESSION['Message'] = $_SESSION['Message'] . "Username & Password sent to ". $EmailRecipient;
            else
                $_SESSION['Message'] = "Email attempt to " . $EmailRecipient . " Failed";   
        }
        else if (success && mysql_affected_rows($connection)== 1)
            $_SESSION['Message'] = $_SESSION['Message'] . "Username & Password Changed";
        
        $query = mysql_query("UNLOCK TABLES",$connection);
        if (mysql_errno($connection)&& debug)
        {
            $_SESSION['Message'] = "Error " . mysql_errno() . " : " . mysql_error() . "Hostname: " . $hostname;
            header($headerstring);
            exit;
        }

                   
    }
    
    // Close database connection if flag is true.

    if ($CloseDatabase)
    {
        if (!mysql_close($connection))
            if (debug)
                {
                    $_SESSION['Message'] = "Error " . mysql_errno() . " : " .mysql_error() . "Hostname: " . $hostname;
                }
    }
    header($headerstring);
    exit;
}

else if ($Operation == "Cancel")
{
    $_SESSION['ChangePassword'] = "no";
    $_SESSION['Message'] = "Cancelled - username password change";       
    header($headerstring);
    exit;
}

function ConnectToDatabase()
{
   global $connection;
          
   global $hostname;
   global $databasename;
   global $username;
   global $password;
          
   // Connect to the MySQL Database Server

   $connection = mysql_connect($hostname, $username, $password);
   if (mysql_errno($connection))
   {
        $_SESSION['Message'] = "Error " . mysql_errno() . " : " .mysql_error() . "Hostname: " . $hostname;
        return false;
   }

  // Select the profiles database

   mysql_select_db($databasename, $connection);   
   if (mysql_errno($connection))
   {
      $_SESSION['Message'] = "Error " . mysql_errno() . " : " .mysql_error() . "Hostname: " . $hostname;
      return false;
   }
   
   $_SESSION['Message'] = "";
   return true;
}

function GrantAccess()
{

    // Access Codes

    $CareerBank_Access = 1;
    
    // For future expansion set and test additional bits in Access_Code.
        
    if (!strcmp($_SESSION['Access_Code'], $CareerBank_Access))
                $_SESSION['CareerBank_Access'] = "enabled";
    return;       
}            

 
function Login()
{
    global $connection;
    global $databasename;
    global $debug;
    global $hostname;
    global $Password_ChangeForm;
    global $Username_ChangeForm;
    
    $headerstring = "Location: ../career1.php";
    
    // Connect to database.
    
    if (!ConnectToDatabase())
        if (debug)
            $_SESSION['Message'] = "Error " . mysql_errno() . " : " . mysql_error() . "Hostname: " . $hostname;
        else
            $_SESSION['Message'] = "Login not available. Try again later.";
    else
        if (debug) $_SESSION['Message'] = "Successful Database Connection";
        
    // Get username and password from form
    
    if (!strcmp($_SESSION['ChangePassword'], "yes"))
    {
        if (empty($_POST['Username_ChangeForm']))
        {
            $_SESSION['Message'] = "Username Required";
            header($headerstring);
            exit;
        }
                    
        if (empty($_POST['Password_ChangeForm']))
        {
            $_SESSION['Message'] = "Password Required";
            header($headerstring);
            exit;
        }

        if (empty($_POST['Confirm_ChangeForm']))
        {
            $_SESSION['Message'] = "Confirmation Required";
            header($headerstring);
            exit;
        }

        $Username_ChangeForm = $_POST['Username_ChangeForm'];
        $Password_ChangeForm = $_POST['Password_ChangeForm'];
        $Confirm_ChangeForm = $_POST['Confirm_ChangeForm'];
    
        if (strcmp($Password_ChangeForm, $Confirm_ChangeForm))
        {
            $_SESSION['Message'] = "Password Confirmation Failed - Try Again";
            header($headerstring);
            exit;
        }
        
        return true;
    }
    
    if (empty($_POST['Username_LoginForm']))
    {
        $_SESSION['Message'] = "Username Required to Login or Retrieve Password";
        header($headerstring);
        exit;
    }
    $_SESSION['Username_LoginForm'] = $_POST['Username_LoginForm'];
    
    if (!empty($_POST['Password_LoginForm']))
        $_SESSION['Password_LoginForm'] = $_POST['Password_LoginForm'];
              
    // Query User Credentials for username and password.
    
    $CredentialsQuery = sprintf("SELECT ID_Number,Full_Name,Username,Password,Access_Code FROM `usercredentials` WHERE Username = '%s'",$_SESSION['Username_LoginForm']);
    $UserCredentials = mysql_query($CredentialsQuery, $connection);
    if (mysql_errno($connection))
    {
        if ($debug)
        {
            $_SESSION['Message'] = "User Credentials - Error(Username) " . $CredentialsQuery . " " . mysql_errno() . " : " . mysql_error() . " Hostname: " . $hostname  . " Database Name: " . $databasename;
            header($headerstring);
            exit;
        }
    }
    
    $row = mysql_fetch_array($UserCredentials, MYSQL_ASSOC);
    $num_of_rows = mysql_num_rows($UserCredentials);
            
    if ($num_of_rows == 0)
    {
        $CredentialsQuery = sprintf("SELECT ID_Number,Full_Name,Username,Password,Access_Code FROM `usercredentials` WHERE ID_Number = '%s'",$_SESSION['Username_LoginForm']);
        $UserCredentials = mysql_query($CredentialsQuery, $connection);
        if (mysql_errno($connection))
        {
            if ($debug)
            {
                $_SESSION['Message'] = "User Credentials - Error(ID_Number) " . $CredentialsQuery . " " . mysql_errno() . " : " . mysql_error() . " Hostname: " . $hostname  . " Database Name: " . $databasename;
                header($headerstring);
                exit;
            }
        }
        
        $row = mysql_fetch_array($UserCredentials, MYSQL_ASSOC);
        $num_of_rows = mysql_num_rows($UserCredentials);
    }
    
    if ($num_of_rows == 0)
       $_SESSION['Registered'] = false;
    else if ($num_of_rows == 1)
    {
        $_SESSION['Registered'] = true;
        
        $_SESSION['ID_Number'] = $row["ID_Number"];
        //$_SESSION['FullName'] = $row["Full_Name"];
        $_SESSION['Username'] = $row["Username"];
        $_SESSION['Password'] = $row["Password"];
        $_SESSION['Access_Code'] = $row["Access_Code"];            
    }
    else
    {
        $_SESSION['Registered'] = false;
        $_SESSION['Message'] = "Multiple credential records found for user: " . $_SESSION['Username_LoginForm'] . " Credential Query: " . $CredentialsQuery . " Num of Rows: " . $num_of_rows;
        header($headerstring);
        exit;
    }
    
    // Query UserProfiles for user information
            
    if ($_SESSION['Registered'])
        $_SESSION['Member_Number'] = $_SESSION['ID_Number'];
    else
        $_SESSION['Member_Number'] = $_SESSION['Username_LoginForm'];

    $UserProfileQuery = sprintf("SELECT Member_Number,Financial_Status,First_Name,Last_Name,EMail,Access_Code FROM `userprofiles` WHERE Member_Number = '%s'",$_SESSION['Member_Number']);
    $UserProfile = mysql_query($UserProfileQuery, $connection);
    if (mysql_errno($connection))
    {
        if ($debug)
            $_SESSION['Message'] = "User Profiles - Error " . $UserProfileQuery . " " . mysql_errno() . " : " . mysql_error() . " Hostname: " . $hostname  . " Database Name: " . $databasename;
        else
            $_SESSION['Message'] = "User not found";
            
        header($headerstring);
        exit;
    }          
       
    $row = mysql_fetch_array($UserProfile, MYSQL_ASSOC);
    $num_of_rows = mysql_num_rows($UserProfile);
    
    if ($num_of_rows == 0)
    {
        $_SESSION['Message'] = "User not found";
        header($headerstring);
        exit;
    }
    else if ($num_of_rows > 1)
    {
        $_SESSION['Message'] = "Multiple user records found for user: " . $_SESSION['Username_LoginForm'];
        header($headerstring);
        exit;
    }
    
     $_SESSION['FullName'] = $row["First_Name"] . " " . $row["Last_Name"];
     $_SESSION['Member_Number'] = $row["Member_Number"];

     if (!empty($row["EMail"]))
         $_SESSION['EMail'] = $row["EMail"];
     else
         $_SESSION['EMail'] = "";
         
     $_SESSION['Access_Code'] = $row["Access_Code"]; 
                    
    // Check financial status.
    
    if (!strcmp($row["Financial_Status"],"Inactive") || !strcmp($row["Financial_Status"], "inactive"))
    {
         $_SESSION['Message'] = $_SESSION['FullName'] . " is not an active member.";
         header($headerstring);
         exit;
    }   
    
    return true;

}

function showError()
{
    die("Error " . mysql_errno() . " : " .mysql_error());
}

?>[/code]

#2

I don’t know if this helps, but the Career Bank link goes to: nbmbaapgh.org/Career_Opportinities1.php

and this redirects to: nbmbaapgh.org/index.php#Top_of_Form

The (new) homepage of the site is: nbmbaapgh.org/index1.php

So I’d say there is something in Career_Opportinities1.php that is redirecting to index.php rather than index1.php. Maybe search for index.php?

Sponsor our Newsletter | Privacy Policy | Terms of Service