I am trying to add a members only section to a website, and having trouble with jumping from the login page to the welcome page. (on my local Windows 7 machine test site, running XMAPP 1.7.7)
I wish to use sessions for this. I have created a test user in the database, of which I am certain of the username and password, because I can see it in the table in Phpmyadmin. I have double checked the table names in the database as well, and the welcome php file is in the same directory as the php login page.
The login page comes up fine on my browser with no php errors listed and it has an include file with the html form in it attached to the php login file, However, every time I try to log in to see if I can be taken to the php welcome page, or even if I deliberately put in a wrong username and password which is not in the database it comes up with:
Object not found!
The requested URL was not found on this server. The link on the referring page seems to be wrong or outdated. Please inform the author of that page about the error.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
12/27/11 12:32:11
Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
Here is the php code I am trying to use:
- Code: Select all
<?php
session_start();
header('Cache-Control: public');
switch (@$_POST['Button']) // Existing member Login
{
case "Log in":
include("includes/database.inc"); //my database connection include file
$cxn = mysqli_connect($host, $user, $password, $dbase)
or die("Query died: connect");
$sql = "SELECT loginName from member
WHERE loginName='$_POST[fusername]'";
$result = mysqli_query($cxn, $sql)
or die("Query died: fusername");
$num = mysqli_num_rows($result);
if($num > 0)
{
$sql = "SELECT loginName FROM member
WHERE loginName='$_POST[fusername]'
AND password=md5('$_POST[fpassword]')";
$result2 = mysqli_query($cxn, $sql)
or die("Query died: fpassword");
$num2 = mysqli_num_rows($result2);
if($num2 > 0)
{
$_SESSION['auth']="yes";
$_SESSION['logname'] = $_POST['fusername'];
$sql = "INSERT INTO login (loginName, loginTime)
VALUES ('$_SESSION[logname]',NOW())";
$result = mysqli_query($cxn, $sql)
or die ("Query died: insert");
header("Location: welcome.php");
}
else
{
$message_1 = "The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.";
$fusername=strip_tags(trim($_POST['fusername']));
include("includes/form_member_login.inc");
}
}
else
{
$message_1 = "The User Name you entered does not
exist! Please try again.";
include("includes/form_member_login.inc");
}
break;
default:
include("includes/form_member_login.inc");
}
?>
Even if I put the wrong information in the username and password fields in the form, it should still re-display the form page listing appropriate errors, but this is not happening either.
I have checked the apache error log file and I am getting these type of errors:
[Tue Dec 27 11:44:27 2011] [error] [client 127.0.0.1] File does not exist: C:/xampp/htdocs/site/pages/member/$_SERVER['PHP_SELF'], referer: http://localhost/site/pages/member/welcome.php