too many redirects

[ashraf97]

when i add header('Location: login_form.php'); into my register and login forms they instantly crash because of too many redirects. when i take them out my forms load but don't work without them?

 

here is my register form, if you see any errors please notify me

 

<html>

<body>

 

<center><p>Input Details to Create an Account:</p></center>

 

</form>

</body>

</html

<!DOCTYPE html>

<html>

<body bgcolor="#069099">

</body>

</html>

 

<form name="register" action="register.php" method="post">

    Username: <input type="text" placeholder="Username" name="username" maxlength="30" />

    Password: <input type="password" placeholder="Password" name="pass1" />

    Password Again: <input type="password" placeholder="Re-Type Password" name="pass2" />

    <input type="submit" value="Register" />

</form>

 

<?php

 

$username = (isset($_POST['username']));

$pass1 = (isset($_POST['pass1']));

$pass2 = (isset($_POST['pass2']));

 

if($pass1 != $pass2)

    header('Location: register.php');

if(strlen($username) > 30)

    header('Location: register.php');

 

$hash = hash('sha256', $pass1);

 

function createSalt()

{

    $string = md5(uniqid(rand(), true));

    return substr($string, 0, 3);

}

$salt = createSalt();

$hash = hash('sha256', $salt . $hash);

$dbhost = 'localhost';

$dbname = 'Users';

$dbuser = 'ash';

$dbpass = 'password';

$conn = mysql_connect($dbhost, $dbuser, $dbpass);

mysql_select_db($dbname, $conn);

$username = mysql_real_escape_string($username);

$query = "INSERT INTO users ( username, password, salt )

        VALUES ( '$username' , '$hash' , '$salt' );";

mysql_query($query);

mysql_close();

 

header('Location: login_form.php');

 

?>

<!DOCTYPE html>

 

 

and here is my login form, again notify me of any errors

 

 

<center><h1>Hey People, Welcome to This Professional Website.</h1></center><bgcolour="#FFFFFF">

<form name="login" action="login_form.php" method="POST">

 

<center><input type="text" placeholder="Username" name="username"></center>

<br>

<center><input type="text" placeholder="Password" name="password"></center>

<br>

<center><input type="submit" value="Login"></center>

<html>

<body bgcolor="#069099">

<center><p><a href="register.php">Register Here to Enter!</a></p></center>

</body>

</html>

</form>

 

<?php

$username = (isset($_POST['username']));

$password = (isset($_POST['password']));

 

$username = mysql_real_escape_string($username);

$query = "SELECT password, salt

        FROM users

        WHERE username = '$username';";

$result = mysql_query($query);

if(mysql_num_rows($result) < 1)

 

//this is where the header('Location: login_form.php'); goes.

 

$userData = mysql_fetch_array($result, MYSQL_ASSOC);

$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );

if($hash != $userData['password'])

 

//this is where the header('Location: login_form.php'); goes.

 

?>

 

thanks in advance

 

[DavidTheWin]

Just a guess, you aren't creating an infinite redirect loop constantly going to login_form.php are you?

[Mr_KoKa]

You're probably not checking if form has been send, and then you're doing something like

$username = (isset($_POST['username']));

Which gives you boolean, then mysql_num_rows of $result  is < 0 so an "if" statement is fulfilled and it redirects itself creating a loop.

 

P.S. Please use [ code ] tag.

[ashraf97]

Just a guess, you aren't creating an infinite redirect loop constantly going to login_form.php are you?

hahah no man I'm really just lost atm need a bit of guidance.

[Guest]

See my response to your other thread. Calls to the header function must come before ANY html.

[ashraf97]

You're probably not checking if form has been send, and then you're doing something like

$username = (isset($_POST['username']));

Which gives you boolean, then mysql_num_rows of $result  is < 0 so an "if" statement is fulfilled and it redirects itself creating a loop.

 

P.S. Please use [ code ] tag.

 

can you debug the code and add and take away whats right and wrong please. I'm really lost...

 

 

[Mr_KoKa]

$username = (isset($_POST['username'])); //same as below

$password = (isset($_POST['password'])); //isset is function that returns boolean, you would rather do something like $password = (isset($_POST['password'])? $_POST['password'] : '');

 

$username = mysql_real_escape_string($username); //Here your boolean $username is casted to string which returns 1

$query = "SELECT password, salt

        FROM users

        WHERE username = '$username';"; // Here you check if any username equals your boolean casted befere to 1

$result = mysql_query($query);

if(mysql_num_rows($result) < 1) // There is no username '1' so you will trigger redirecton to this exact scriopt, which will fire all over again, caus eyou don't check if form was send or not

 

    //this is where the header('Location: login_form.php'); goes.

 

$userData = mysql_fetch_array($result, MYSQL_ASSOC);

$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );

if($hash != $userData['password'])

 

//this is where the header('Location: login_form.php'); goes.