0

Trying to authenticate a user login on php. I am just getting sent to 'index2.php' even if I use the correct information. Any idea how I should debug this or what I need to do? Thanks

**I also changed the query to, SELECT COUNT(ID) FROM CUSTOMER

and set the if statement to, "if ($result>1) {"

But still got sent to 'index2.php'

<?php

// ----------------------
// Retrieve login information

   include("db_info.php");

// ----------------------
// Connect to database

$conn = oci_connect($db_user, $db_pwd, '(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(Host=*****.edu)(Port=1521)))(CONNECT_DATA=(SID=asuka)))');

if (!$conn) {
 $e = oci_error();
 print_r($e);
 exit();
}

// ----------------------
// Authenticate User

// Create query
$sql = "SELECT COUNT(ID) FROM CUSTOMER WHERE EMAIL='$email' AND PASSWORD='$password'";

// Create database query statement
$statement_id = oci_parse($conn, $sql);

// Execute query statement
$result = oci_execute($statement_id, OCI_COMMIT_ON_SUCCESS);

// Check for successful authentication
if ($result==1) {
    if ($email=="admin@hotmail.com") {
        $db_login_status = 2;
        header("location: index1.php");
    } else {
        $db_login_status = 1;
        header("location: index.php");
    }
} else {
    header("location: index2.php");
}

// ----------------------
// Close connections

oci_free_statement($statement_id);
oci_close($conn);
Meowbits
  • 586
  • 3
  • 9
  • 28
  • 1
    Please stop writing new code with the ancient `mysql_*` functions. They are no longer maintained and community has begun the [deprecation process](http://news.php.net/php.internals/53799). Instead you should learn about prepared statements and use either [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). If you care to learn, [here is a quite good PDO-related tutorial](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers). – Madara's Ghost Apr 29 '12 at 19:22
  • Are you storing user passwords in plaintext? [That's a bad idea](http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely). *Edit*: You are not actually assigning any value to `$result` before checking it? – DCoder Apr 29 '12 at 19:26
  • You worked with Oracle extension (oci) in your queries , and then you want to get your errors using mysql_error()!? – Mohammad Saberi Apr 29 '12 at 19:36
  • Updated, set the value.. thanks for pointing that out. I am not getting sent to 'index1.php' every time, even if my text fields are blank. – Meowbits Apr 29 '12 at 20:17

1 Answers1

0

There are a few issues here. For one, we have if ($email="admin@hotmail.com"). That should a) be == b) have curly braces after it. Another issue is that you can't output text before changing the http location header, so you should get rid of your echo statements. A third problem is that you redirect to index.php before doing your admin check to forward to index1.php.

Webkudu
  • 49
  • 4