2nd elseif "Header Location" statement, not redirecting (no error)

Question

My 2nd elseif "Header Location" statement is not redirecting (no error).

Warning: I am a complete beginner at php so please only constructive criticism please.

My PHP code:

<?php
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
$session = "0";
$db = mysql_connect("X.HOST.X", "User_name", "Password");
mysql_select_db("User_name", $db);
$result = mysql_query("SELECT * FROM members WHERE usr = '$myusername'");
while ($row = mysql_fetch_assoc($result)) {
    ob_start();
    echo $row["usr"];
    $usr = ob_get_contents();
    ob_end_clean();
    ob_start();
    echo $row["regIP"];
    $regIP = ob_get_contents();
    ob_end_clean();

    ob_start();
    echo $row["pass"];
    $pass = ob_get_contents();
    ob_end_clean();
    ob_start();
    echo $usr . $regIP . $pass;
    $salted_DataBase = ob_get_contents();
    ob_end_clean();
    ob_start();
    echo $myusername . $regIP . $mypassword;
    $salted_User = ob_get_contents();
    ob_end_clean();
    $session = "0";
    if ($salted_User == $salted_DataBase) {
        mysql_query("INSERT INTO online (id, usr, online, dt) VALUES( '', '$myusername.IN', '1', NOW() )");
        header("location:Secured_Page.php");
    } elseif ($session = "0") {
        header("location:google.com");
    }
}
?>

What strikes me as odd is that the fist "Header Location" part of the if else statement works properly and will redirect you to the proper location. This issue is killing me because all of my log error folders are empty and I have no error out put on the screen.

Answer 1

Vivek is right. Your if statement isn't right.

But another thing is that you should use mysqli_* functions instead of mysql_* functions. This is because mysql_* functions are deprecated and will be removed in the future. mysqli_* functions are an improved version of the mysql_* functions... PHP.net page about mysqli_*

Also, when your in your while statement, you use ob_* to get and set variables. That can be done much more simple:

This code:

    ob_start();
    echo $row["usr"];
    $usr = ob_get_contents();
    ob_end_clean();
    ob_start();
    echo $row["regIP"];
    $regIP = ob_get_contents();
    ob_end_clean();

Will then be this code:

    $usr = $row["usr"];
    $regIP = $row["regIP"];

UPDATE 1: Here's you're code with some improvements. Hope that it works:

<?php
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
$session = 0;

$db = @new mysqli("X.HOST.X", "User_name", "Password", "User_name( db select here )");
// Works as of PHP 5.2.9 and 5.3.0.
if ($mysqli -> connect_error) {
    die('Connect Error: ' . $mysqli -> connect_error);
}

if ($result = mysqli_query($db, "SELECT * FROM members WHERE usr = '$myusername'")) {
    while ($row = mysqli_fetch_assoc($result)) {
        $usr = $row["usr"];
        $regIP = $row["regIP"];
        $pass = $row["pass"];
        $salted_DataBase = $usr . $regIP . $pass;
        $salted_User = $myusername . $regIP . $mypassword;

        if ($salted_User == $salted_DataBase) {
            mysqli_query($db, "INSERT INTO online (id, usr, online, dt) VALUES( '', '$myusername', '1', NOW() )");
            header("Location: Secured_Page.php");
        } elseif ($session == 0) {
            header("Location: http://www.google.com");
        }
    }
} else {
    echo "No User found with the given name";
}
?>

I've updated your code to mysqli_* functions, made an integer of the session variable ( better fault control ), removed the ob_* functions, fixed the elseif statement ( added an = ) and fixed the header link ( without http://www. you will have the chance that it will search the page on the original domain where you are. So it's better to always use http://www. when your redirecting to an different domain ).

Answer 2

You are using assignment operator. Change this:-

elseif ($session = "0")

to

elseif ($session == "0")