Whats wrong with this code?

Discussion in 'PHP' started by krishmk, May 11, 2009.

0
  1. #1
    Whats wrong with this PHP code. No matter whats the length of the strings (User Name or Password) I get redirected to "index.php?err_code=1"

    If I take off the header function and use an echo/print it validates correctly.

    <?php
$username = htmlspecialchars($_POST['admin_user_name']);
$passwd = htmlspecialchars($_POST['admin_pass']);
// check string lengths of user name and password variables
if ((strlen($username) == 0) || (strlen($username) > 25))
{
header ("Location:index.php?err_code=1");
}
elseif (strlen($passwd) == 0 || strlen($passwd) > 25)
{
header ("Location:index.php?err_code=2");
}
// Redirect all login requests made thru $_GET variables to login page
elseif (isset($_GET['admin_user_name']) || isset($_GET['admin_pass']))
{
header ("Location:index.php");
}
else
{
echo ("Success");
}
?>
    PHP:
     
    krishmk, May 11, 2009 IP
  2. somanweb

    somanweb Peon

    Messages:
    21
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Hi,

    What you have given the input for the following varaiables

    $_POST['admin_user_name']

    and

    $_POST['admin_pass']

    Soman.
     
    somanweb, May 11, 2009 IP
  3. krishmk

    krishmk Well-Known Member

    Messages:
    1,376
    Likes Received:
    40
    Best Answers:
    0
    Trophy Points:
    185
    #3
    I have tried n number of combinations. But the result is the same.
    My intention to redirect the visitor to "index.php?err_code=1" is only under the following conditions
    a) If the user name is blank (string length of 0)
    [OR]
    b) If the user name is greater than 25 characters (my HTML form has a limit of 25 chars but still I wanted to have this on server side for security reasons).
    Is that because of the "?" mark symbol in the uri? (inside the header redirect function)

    UPDATE
    Found the error causing code. It was the code at the bottom which actually checks if the user name and password matches the info stored in database [not shown in this thread].

    Thanks "ranacseruet" - I will add the trim() function to them    .
     
    krishmk, May 11, 2009 IP
  4. ranacseruet

    ranacseruet Peon

    Messages:
    302
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #4
    use trim() function for both username & password,
     
    ranacseruet, May 11, 2009 IP
  5. somanweb

    somanweb Peon

    Messages:
    21
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Hi ,

    if you give the ? in the Header, it should work

    I have checked all the possiblities , it works

    $username = htmlspecialchars("soman%20%20we00b");
    $passwd = htmlspecialchars("");

    if ((strlen($username) == 0) || (strlen($username) > 25))
    {
    header ("Location:index.php?err_code=1");
    }
    elseif (strlen($passwd) == 0 || strlen($passwd) > 25)
    {
    header ("Location:index.php?err_code=2");
    }
    else
    {
    echo ("Success");
    }

    I have directly assign the value in the varaible, can you try this code.
    May be your POST method value is not getting correctly

    Soman
     
    somanweb, May 12, 2009 IP