0

So what I'm trying to do here is have my users login in. This is the script I am using to do that.

I have just used an converter found here: https://wikis.oracle.com/display/mysql/Converting+to+MySQLi to convert my Mysql to mysqli because I am a beginner and had no idea how to do that.

Now when the users puts in an correct password and username. It goed exactly how I want it and the user gets redirected to 'dashboard.php' However, when user enters incorrect data, the users ends up on a black 'login.php' (which is the code I am showing here) instead of 'loginerror.php' which is what I want.

I hope some people here can help me out because I am pretty lost.

PS: Yes I know the passwords are in plain text right now but don't worry about that because I will fix that later.

<?php

  session_start(); 

  if(!$_SERVER['REQUEST_METHOD'] == 'POST') { 
      echo "Please leave.<br /><br />"; 
      echo "<a href='index'>Click to go back</a>"; 
      exit();     
  } 


  if(($GLOBALS["___mysqli_ston"] = mysqli_connect('localhost',  'root',  ''))) { 
      if(((bool)mysqli_query($GLOBALS["___mysqli_ston"], "USE users"))) {  
          $username = $_POST['username']; 
          $password = $_POST['password']; 

          $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'"; 
          $zoekresultaat = mysqli_query($GLOBALS["___mysqli_ston"], $query); 

          if($zoekresultaat = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) > 0) { 
              $record = mysqli_fetch_assoc($zoekresultaat);  

              $zoekresultaat = mysqli_query($GLOBALS["___mysqli_ston"], $query); 

              if($zoekresultaat = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) > 0) { 
                  $record = mysqli_fetch_assoc($zoekresultaat); 

                  $_SESSION['login'] = true; 
                  $_SESSION['username'] = $record['username']; 

                  header('location: dashboard.php'); 
              } else { 
                  header('location: loginerror.php'); 
              } 

              exit(); 
          } else { 
              echo "<br /><br />Could not find Database"; 
          } 
      } else { 
          echo "<br /><br />Could not connect to Database"; 
      } 
  } 
?>
Lorin
  • 137
  • 1
  • 7
Jordy Dragt
  • 1
  • 1
  • 1
  • 2
  • 1
    DEbug & check if is it actually coming in else condition. – Rikesh Jul 09 '13 at 14:06
  • Before you write any more SQL code, you **must** read up on [proper SQL escaping](http://bobby-tables.com/php) to avoid [SQL injection bugs](http://bobby-tables.com/). With `mysqli` you need to supply values used by your query using the [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) method and should never, ever put user-supplied data from `$_POST` directly into your query. – tadman Jul 09 '13 at 14:19

1 Answers1

0

You cannot redirect using the header method after anything has been outputted. In this case, you use Echo before your header redirection, so it will not work.

See this thread for reference : How to fix "Headers already sent" error in PHP

What you should do define redirection before outputting anything in your application, if it seems difficult, your application might need to be restructured.

Here are some alternatives if you don't want to do that, but they are bad practice :

HTML

<meta http-equiv="Location" content="http://example.com/">

Javascript

<script> location.replace("target.html"); </script>

Also as usual, defend yourself against MySQL injections : How can I prevent SQL injection in PHP?.

Community
  • 1
  • 1
Dany Caissy
  • 3,176
  • 15
  • 21
  • That's odd because it worked perfectly fine before coverting to mysqli, I'm going to test it right now, and how come the 'header('location: dashboard.php'); ' does work but the other one doesnt? – Jordy Dragt Jul 09 '13 at 14:17
  • Something else must have changed. If anything is outputted before using header(), even if it's a trailing space in a PHP file, it will not work. – Dany Caissy Jul 09 '13 at 14:18