PHP & MySQL Database Login w/ Redirect

Beginners - Learning PHP
#1

Currently I wish to use a database to enable different destinations for each login. Below is the code I am using but can’t seem to get it to work properly. I’ve removed the mysql database information for security reasons, but with the correct information it connects to the database just fine.

My database has four fields:
ID, user, pass, url

The passwords are md5 encoded, but even without encryption using the correct user/pass combo, I still get my returned error message. What am I doing wrong? I’ve been hunting around forums and web tutorials for two days now without any luck so I thought I would try the first PHP help forum listed on google. Thanks for any help and if you need more information, let me know and I will do what I can.

login.php

<?PHP

$uname = "";
$pword = "";
$errorMessage = "";
//==========================================
//	ESCAPE DANGEROUS SQL CHARACTERS
//==========================================
function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
	$uname = $_POST['username'];
	$pword = $_POST['password'];

	$uname = htmlspecialchars($uname);
	$pword = htmlspecialchars($pword);

	//==========================================
	//	CONNECT TO THE LOCAL DATABASE
	//==========================================
	$user_name = "MySQL USER";
	$pass_word = "MySQL PASS";
	$database = "DB NAME";
	$server = "SERVER";

	$db_handle = mysql_connect($server, $user_name, $pass_word);
	$db_found = mysql_select_db($database, $db_handle);

	if ($db_found) {

		$uname = quote_smart($uname, $db_handle);
		$pword = quote_smart($pword, $db_handle);

		$SQL = "SELECT * FROM logins WHERE user = $uname AND pass = md5($pword) AND url = $dest";
		$result = mysql_query($SQL);
		$num_rows = mysql_num_rows($result);

	//====================================================
	//	CHECK TO SEE IF THE $result VARIABLE IS TRUE
	//====================================================

		if ($result) {
			if ($num_rows > 0) {
				session_start();
				$_SESSION['login'] = "1";
				header ("Location: $dest");
			}
		}

		else {
			$errorMessage = "Error logging in, please try again.";
		}

	mysql_close($db_handle);

	}
}
?>
<?php
include("header.php");
?>
<div id="wrapper-content">
	<div id="content">
		<h2>Please Login</h2>
		<div align="center">
		<form name="form1" method="post" action="login.php">
		Username: <input type='text' name='username' value="<?PHP print $uname;?>" maxlength="20">
		Password: <input type='text' name='password' value="<?PHP print $pword;?>" maxlength="20">
		<p align="center">
		<input type="submit" name="submit1" value="Login">
		</p>
		</form>
		</div>
		<p align="center">
		<?PHP print $errorMessage;?>
		</p>
  </div><!--content-->
</div><!--wrapper-content-->
<?php include("footer.php"); ?>
#2

Are you sure you query is executing properly?

Perhaps you should echo out the results of mysql_error() RIGHT AFTER you attempt the query to see what it thinks is going on.

Sponsor our Newsletter | Privacy Policy | Terms of Service