My login script is something like this, usually included on top of the login form:
<?php
if(isset($_POST['login']))
{
require_once("dbconfig.php");
$email=$_POST["username"];
$password=$_POST["password"];
$password=md5("$pass");
$msg="";
if ($email==""){
$msg=$msg."You didn't enter your Username.<br/>";
$fstatus= "NOTOK";}
if ($pass==""){
$msg=$msg."You didn't enter your Password.";
$fstatus= "NOTOK";}
if($fstatus=="NOTOK"){
echo "<div class=error>$msg</div>";
}
else{
$logincheck=mysql_query("SELECT id FROM users WHERE username='$email' AND password='$password' limit 1");
if(mysql_num_rows($logincheck)==0)
{
echo "<div class=error>Invalid login: wrong username or password.</div>";
}
else
{
$_SESSION['XYZ']= TRUE;
header("Location:member-page.php");
}
}
}
}
}
?>
To get the redirection to work, I usually use an htaccess file with the instruction
PHP_FLAG output_buffering on. But this doesn't work on some servers. I understand
that it is possible to do away with the htaccess file, how do I re-write the login script
to make the redirection work.
You can just put...
<?php
ob_start();
as the very first thing in your file (and make sure there's nothing else before the PHP code). This will turn on output buffering without a need for a .htaccess file.