0

first of all i have done it using classes but actually i have to do it using curl. I want to send my email username and password to system and then taking this values for login check and redirect to table.php

This is my service i tried: 

        case 'LOGIN':
        $uname = strip_tags($_POST['txt_uname_email']);
        $upass = strip_tags($_POST['txt_password']);

        $staffuname         =$comingdata[0];
        $staffpassword      =$comingdata[1];

        try
            {
                $login = $myPDO->query("SELECT * FROM users WHERE (user_name='{$uname}' OR user_email='{$uname}') AND user_pass='{$upass}' ")->fetch(PDO::FETCH_ASSOC);
                if($login->rowCount() > 0 )
                {
                    Redirect('table.php');
                }else{
                    $data=array("Response"=>"Failed");
                }
            }
            catch(PDOException $e)
            {
                echo $e->getMessage();
            }

        break;

and here is the curl login post:

     if(isset($_POST['btn-login']))
     {

$uname = strip_tags($_POST['txt_uname_email']);
$upass = strip_tags($_POST['txt_password']);

 $query=$uname.'|'.$upass;
 echo $query;
 $params=array(
        'action' => "LOGIN",
        'query' => $query
            );
        $postData='';
        foreach($params as $k => $v){
            $postData .= $k . '='.$v.'&';
        }
        rtrim($postData, '&');
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL,"http://localhost/skynebtrack/pages/dutyservice.php");
        curl_setopt($ch, CURLOPT_POST, count($params));
        curl_setopt($ch, CURLOPT_POSTFIELDS,$postData);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        print_r($response);
        curl_close ($ch);
        $cvp=json_decode($response,true);

if($cvp["Response"]=="SUCCESSFULL")
{
    $_SESSION['user_session'] = $userRow['user_id'];
    redirect('table.php');
}
else
{

}   
  }

i am getting ıname and password but it doesntredirect me to home page. Thanks for yor feedback.

Cugurel
  • 47
  • 5
  • If that is the same portal. .. Why you need CURL? Make just simple PHP login form – Ingus Jan 14 '19 at 10:49
  • Because all system goes on webservices. So i have to do it using cURL. – Cugurel Jan 14 '19 at 10:51
  • Oh! Then maybe instead of `redirect()` use `header()` `header("Location: table.php"); die();` – Ingus Jan 14 '19 at 10:53
  • Tried but not sir. :( – Cugurel Jan 14 '19 at 10:54
  • Are you able to get inide `if($cvp["Response"]=="SUCCESSFULL")` ? – Ingus Jan 14 '19 at 10:55
  • Unfortunately... – Cugurel Jan 14 '19 at 10:56
  • if your if statement works as need but still have no redirect you can also try with `echo '';` – Ingus Jan 14 '19 at 10:58
  • Can you post response? – Ingus Jan 14 '19 at 11:00
  • Thank i tried but again same thing. I can see username and password on screen but doesn't redirect... – Cugurel Jan 14 '19 at 11:01
  • Do `var_dump($cvp)` and see what it gives – Ingus Jan 14 '19 at 11:01
  • It says NULL...but if it is null.. How can i see uname and password. – Cugurel Jan 14 '19 at 11:02
  • There you go! ` $response = curl_exec($ch); print_r($response);` you do that before `$cvp` you print it out – Ingus Jan 14 '19 at 11:04
  • I did it already. But it is same... :/ – Cugurel Jan 14 '19 at 11:07
  • Does `print_r($response);` returns only username and password? If there are no `Response` in response how you want that to work? Also `$cvp=json_decode($response,true);` seems to be useless here same as `$cvp["Response"]=="SUCCESSFULL"` – Ingus Jan 14 '19 at 11:09
  • I did all system like that. Other systems are works perfectly. Bu i dont know what is error at here – Cugurel Jan 14 '19 at 11:11
  • 1
    Check if you pass back all needed from webservices. – Ingus Jan 14 '19 at 11:12
  • Checked. Anyways.. I have to do more try... – Cugurel Jan 14 '19 at 11:17
  • 1
    VTC. Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a [mcve]. – mario Jan 14 '19 at 11:20
  • 1
    Just from the looks of this code, you also ought to read [How to get useful error messages in PHP?](//stackoverflow.com/q/845021) and [How to fix "Headers already sent" error in PHP](//stackoverflow.com/q/8028957), the obligatory [How can I prevent SQL injection in PHP?](//stackoverflow.com/q/60174), [How to use password\_hash](//stackoverflow.com/q/30279321) -- Those longwinded comments are a good indicator that your question isn't fit for SO yet, might need more debugging, perhaps rather take it to a bulletin board. – mario Jan 14 '19 at 11:21
  • Thank for your understanding. :) – Cugurel Jan 14 '19 at 11:24
  • Warning: your strip_tags() is NOT protecting you from SQL injection, your login code is wide open to SQL injection attack from hackers. also, you shouldn't have to strip anything from either the username nor password. - read this https://stackoverflow.com/a/60496/1067003 – hanshenrik Jan 15 '19 at 07:20

0 Answers0