The code works once but then it will not load the customer_login.php page again. It gives HTTp 404 Not Found error when I try for a second time. Between the time it was working and got the error, I did not change anything.
<?php
session_start();
if(isset($_SESSION["manager"]))
{
header("location: ./admin/website/".$websitelocation."/index.html");
exit();
}
?>
<?php
if(isset($_POST["username"])&&isset($_POST["password"]))
{
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
include "./scripts/connect_to_mysql.php";
$sql = mysql_query("SELECT UsersID, Active, Website_Location FROM users WHERE User_Name='$manager' AND Password='$password' LIMIT 1") or die(mysql_error());
$existCount = mysql_num_rows($sql);
echo $existCount;
if ($existCount == 1)
{
while($row = mysql_fetch_array($sql))
{
$id = $row["UsersID"];
$active = $row["Active"];
$websitelocation = $row["Website_Location"];
}
if($active == 'Yes')
{
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: ./admin/website/".$websitelocation."/index.html");
exit();
}
else
{
echo "<script type='text/javascript'>alert('You are not authorized to login!!!!');</script> ";
echo "click here to go back to <a href='admin_login.php'>login page</a>. <br><br>";
echo "click here to go to <a href='../customer_login.php'>customer login</a>. <br><br>";
echo "click here to go to <a href='../index.php'>JE Designs LLC main page</a>. <br><br>";
exit();
}
}
else
{
echo "<script type='text/javascript'>alert('The information you have entered is not correct, please try again.');</script> ";
echo "<a href=\"javascript:history.go(-1)\">Go back to login page.</a>";
exit();
}
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>User Login</title>
</head>
<body>
<div align="center" id="mainWrapper">
<?php include_once("template_header.php");?>
<div id="pageContent"><br />
<div align="left" style="margin-left:24px;">
<h2>Log in to view website.</h2>
<form id="form1" name="form1" method="post" action="
<?php
if(isset($_POST["username"])&&isset($_POST["password"]))
{
echo "./admin/website/".$websitelocation."/index.html";
}
else
{
echo "customer_login.php";
}
?> " >
User Name:<br />
<input name="username" type="text" id="username" size="40" />
<br /><br />
Password:<br />
<input name="password" type="password" id="password" size="40" />
<br />
<br />
<br />
<input type="submit" name="button" id="button" value="Log In" />
</form>
<p> </p>
</div>
<br />
<br />
<br />
</div>
<?php include_once("template_footer.php");?>
</div>
</body>
</html>
When you are already logged in, you redirect to
./admin/website/$websitelocation/index.html. But where does the variable$websitelocationcome from? It does not help if you set this variable in the login script! So you will be redirected to./admin/website//index.html, and this gives you the 404.BTW: Don’t use relative redirections, it is best practice to include the hostname in the
Locationheader, because that is more widely supported.