How can I redirect to another page in php

Question

guys I'm pretty new for php i'm trying to make a login page.

How can I redirect page if statement is true?

I tried iwth header("location: nextpage.php"); but it doesn't work

<html>
    <head>
        <title>Uploader</title>
    </head>
    <body>

        <form action="index.php" method="POST" enctype="application/x-www-form-urlencoded"> 
        <input id="login" class="username" type="text" name="username" autofocus placeholder="Username" maxlength="30"/>
        <input id="login" class="password" type="password" name="password" placeholder="Password" maxlength="15"/>
        <input id="login" class="submit" type="submit" value="Login" />
        <p>Last update <span id="lastupdate"><?php echo date('d-m-Y');?></span></p>

        <?php
        mysql_connect("localhost", "root","******") or die(mysql_error());
        mysql_select_db("login") or die(mysql_error());

        if(isset($_POST['username']) && isset($_POST['password'])){
            $db_user = mysql_query("SELECT username FROM login_tb");
            $db_pass = mysql_query("SELECT password FROM login_tb");
            $ctrl_user = mysql_result($db_user,0);
            $ctrl_pass = mysql_result($db_pass,0);

            $username = $_POST['username'];
            $password = $_POST['password'];
            echo $username . $password;

            if(($username || $password) == NULL){
                echo "you have entered wrong username or password! <br/> please contact site admin.";
            }else{
                if($username == $ctrl_user && $password == $ctrl_pass){
                header("location: ./nextpage.php");
                }
            }
        }
        ?>
    </body>
</html>

please anyone can help me? thanks

Update header("location: ./nextpage.php"); to header("Location: ./nextpage.php"); — Hüseyin BABAL, Apr 29 '12 at 12:05
**Don't store the passwords in plain text**. See [this link](http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely) for more information. — DCoder, Apr 29 '12 at 12:11
You should be testing the username and the password at the same time. So, something like `SELECT COUNT(*) FROM login_tb WHERE username = 'x' AND password = 'y'`. Where `x` and `y` are untainted values taken from the user - and watch out for _SQL injection_ (look it up). — halfer, Apr 29 '12 at 12:12
if you don't wanna be a professional coder, why you are learning at all? — Your Common Sense, Apr 29 '12 at 12:12
@YourCommonSense: that's a matter of opinion. But even so, it's still an issue that wasn't mentioned by anyone else and I felt it should be. — DCoder, Apr 29 '12 at 12:15
@DCoder "a matter of opinion", my foot :) Complete nonsense code against just a silly warning (which will do not good anyway with usual lame passwords:) — Your Common Sense, Apr 29 '12 at 12:19
I am just commenting your question as well. I am not your personal servant whom you can command. I will do what I find useful and ask questions I find necessary, thanks. And watch your language, please. — Your Common Sense, Apr 29 '12 at 12:28
You have but a little choice. Either be calm and polite or find another site for your questions. — Your Common Sense, Apr 29 '12 at 12:34

score 1 · Answer 1 · answered Apr 29 '12 at 12:11

A header is just that, something which appears at the beginning of the data transfer. You are sending data (most of the web page) before trying to send the header.

Move your php code to the top of the file, and then just echo the "wrong user/pass" in another php block in the correct location

<?php
    mysql_connect("localhost", "root","******") or die(mysql_error());
    mysql_select_db("login") or die(mysql_error());

    if(isset($_POST['username']) && isset($_POST['password'])){
        $db_user = mysql_query("SELECT username FROM login_tb");
        $db_pass = mysql_query("SELECT password FROM login_tb");
        $ctrl_user = mysql_result($db_user,0);
        $ctrl_pass = mysql_result($db_pass,0);

        $username = $_POST['username'];
        $password = $_POST['password'];

        if(($username || $password) != NULL && $username == $ctrl_user && $password == $ctrl_pass){
            header("location: ./nextpage.php");
        }
    }
?>
<html>
    <head>
        <title>Uploader</title>
    </head>
    <body>

        <form action="index.php" method="POST" enctype="application/x-www-form-urlencoded"> 
        <input id="login" class="username" type="text" name="username" autofocus placeholder="Username" maxlength="30"/>
        <input id="login" class="password" type="password" name="password" placeholder="Password" maxlength="15"/>
        <input id="login" class="submit" type="submit" value="Login" />
        <p>Last update <span id="lastupdate"><?php echo date('d-m-Y');?></span></p>
        <?php
            echo $username . $password;
            if(($username || $password) == NULL){
                echo "you have entered wrong username or password! <br/> please contact site admin.";
            }
        ?>
    </body>
</html>

@YourCommonSense He is trying to learn, and while I agree that his code is not the highest of quality, and has security holes bigger than the Chicxulub crater, I gave the solution to his issue without going into a lecture on security or good coding practices. — Andrew Brock, Apr 29 '12 at 12:34
OMG, it is not "not the highest of quality"! It just doesn't make any sense and will never work. It is not the matter of "security" or "practices". This code will never work. I can't believe you can't see thwt. — Your Common Sense, Apr 29 '12 at 12:37

mjsa · Accepted Answer · 2012-04-29T13:54:56.957

There are multiple ways to redirect pages, I like to do it as follows:

<?php
header('Location: /blah.php');
die('<meta http-equiv="refresh" content="0; url=http:/blah.php" />\n
<p>Please visit <a href="/blah.php">Blah.php</a>.</p>');
?>

That way you have a fallback if the header fails.

Also please allow me to point out that you should sanitise your data inputs to prevent SQL injection/XSS. Here:

$user = htmlspecialchars(mysql_real_escape_string($_POST['user']));

score -1 · Answer 3 · answered Apr 29 '12 at 12:11

It seems output buffering problem, you can use ob_start() and ob_end_fluh()

And following;

<? ob_start(); ?>
<html>
    <head>
        <title>Uploader</title>
    </head>
    <body>

        <form action="index.php" method="POST" enctype="application/x-www-form-urlencoded"> 
        <input id="login" class="username" type="text" name="username" autofocus placeholder="Username" maxlength="30"/>
        <input id="login" class="password" type="password" name="password" placeholder="Password" maxlength="15"/>
        <input id="login" class="submit" type="submit" value="Login" />
        <p>Last update <span id="lastupdate"><?php echo date('d-m-Y');?></span></p>

        <?php
        mysql_connect("localhost", "root","******") or die(mysql_error());
        mysql_select_db("login") or die(mysql_error());

        if(isset($_POST['username']) && isset($_POST['password'])){
            $db_user = mysql_query("SELECT username FROM login_tb");
            $db_pass = mysql_query("SELECT password FROM login_tb");
            $ctrl_user = mysql_result($db_user,0);
            $ctrl_pass = mysql_result($db_pass,0);

            $username = $_POST['username'];
            $password = $_POST['password'];
            echo $username . $password;

            if(($username || $password) == NULL){
                echo "you have entered wrong username or password! <br/> please contact site admin.";
            }else{
                if($username == $ctrl_user && $password == $ctrl_pass){
                header("Location: ./nextpage.php");
                }
            }
        }
        ?>
    </body>
</html>
<? ob_end_flush(); ?>

I actually didnt checked fully user code if it is meanungfully coded or not, i just wanted to emphasise output buffering for redirection.Thanks — Hüseyin BABAL, Apr 29 '12 at 12:14
That's the point. You shouldn't emphasise output buffering for redirection. — Your Common Sense, Apr 29 '12 at 12:15

How can I redirect to another page in php

3 Answers3