1

I am learning pHp. I have made a login page. The problem i am facing here is that, when user clicks on signin button & if record is found then he is taken to other page which displays redirect link, the user has to click on that to go to the next page. Now what i want that when a user click on signin button, then the details should be cross checked in the database, if the record is found then user should be directly redirected to next page else error should be displayed. This is my html page:

<!DOCTYPE html>
<html>
    <head>
        <title>OpenMoz</title>
        <meta charset="utf-8"/>
         <meta name="viewport" content="width=device-width, initial-scale=1">
        <link rel="stylesheet" type="text/css" href="index.css"/>
        </head>
    <body  style="height:650px;">
    <h1 align="center" ><b><i>City Login</i></b></h1>
        <div class="login">
        <form action="login.php" method="post">
            <input type="text" placeholder="Username" name="username" autocorrect=off autocapitalize=words required> <br> 
            <input type="password" placeholder="password" name="password" autocorrect=off autocapitalize=words required> <br>
            <a href="home.php"><input type="submit" name="submit" value="Sign In"></a>
        </form>

        <a href="signup.php"><input type="submit" name="submit" value="Sign Up"></a>
        <div>  
    </body>
</html>

This is the login.php script to verify details :

<?php
$username = $_POST["username"];
$password = $_POST["password"];

if($username && $password)
{
    $connect = mysql_connect("localhost","root","password") or die("Couldn't connect");
    mysql_select_db("phplogin")or die("Couldn't connect");
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    $numrows = mysql_num_rows($query);
    if($numrows!=0)
    {
        while($row = mysql_fetch_assoc($query))
        {
            $dbusername = $row['username'];
            $dbpassword = $row['password'];
        }
        if($username==$dbusername && $password==$dbpassword)
        {
            echo ("<center><a href='home.php'>Redirect</a></center>");
            $_SESSION['username'] = $username;
        }
        else
        {
            echo ("Incorrect Password !");
        }   
    }
    else
        die("The user doesn't exist");

}
else
    echo ("Please enter username & password");

?>

I would be really thankful if my problem gets solved.

Community
  • 1
  • 1
Harshit
  • 50
  • 7

4 Answers4

2

As long as you have not outputted anything to the browser, you can do a header redirect. This will achieve your aim.

Change this:

echo ("<center><a href='home.php'>Redirect</a></center>");
$_SESSION['username'] = $username;

To this:

$_SESSION['username'] = $username;
header("Location: /some-new-page.php");
exit;

Always exit; after a location redirect.

Oh yeah, and CLEAN your inputs.. ..you are wide open to SQL Injection.

$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);

Oh yeah .. and mysql_* is deprecated. Use mysqli_*

MaggsWeb
  • 3,018
  • 1
  • 13
  • 23
0

use header("Location:home.php"); its best way to redirect page in php

Senthilkumar
  • 100
  • 3
  • 16
0
header("Location:whaeverpage.php");
exit();

Do it before sending any data to the browser or you will get a header allready sen error

or by javascript :

If($connected ==='yes'){//your connection statement
   ?>
       <script>window.location.replace("whatever_page");</script>
   <?
}
Jayo2k
  • 251
  • 3
  • 14
0

WOWOW NONONO HALT! DO NOT LEARN mysql_ API FOR NEW DEVELOPMENT. It's deprecated/unsupported, ancient, error-prone. learn to use mysqli_ or better yet, PDO , and here is a great tutorial http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

also here: $query = mysql_query("SELECT * FROM users WHERE username='$username'");

code is vulnerable to SQL injection attack by hackers. must use mysql_real_escape_string.

also, you should not use * , for most cases, be specific. Also, you should not store passwords in plaintext (as your login system is doing), you should hash it.. other than that, check Chris Magg's already said what i would'ev https://stackoverflow.com/a/31355969/1067003

Community
  • 1
  • 1
hanshenrik
  • 19,904
  • 4
  • 43
  • 89