php - redirect does not work

Question

I have created a site with a login and register.It was working, but when I finished it something was very wrong, I can't login to the site.

I can register a new user and that is added in the mysql db but when I try to login the redirect does not work it will not goto the page index.php.

Can anyone look at this source because and see if you can find anything wrong.

<?php


session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{

$connect = mysql_connect("localhost","root","") or DIE ("Could not connect");
mysql_select_db("case") or die ("could not find db");

$query = mysql_query("SELECT * FROM users WHERE username='$username'");

$numrows = mysql_num_rows($query);

if($numrows !=0)

{

while ($row = mysql_fetch_assoc($query))    

{

$dbusername = $row['username'];
$dbpassword = $row['password'];

}

if ($username==$dbusername&&$password==$dbpassword)
{

header('location: index.php'); 


/*echo "Login successful. <a href='membersarea.php'>click her to enter members erea<a/>"; */
/*$_SESSION['username']=$dbusername; */

}
else
    echo "Incorrect password";
}
else echo ("That username dows not exist");
}
else
    die ("Please enter a username and password");



?>

Your code is vulnerable to SQL injection. Also `mysql_*` functions are dangerous and you should not use them. http://stackoverflow.com/questions/13944956/the-mysql-extension-is-deprecated-and-will-be-removed-in-the-future-use-mysqli — Cfreak, Apr 27 '14 at 22:15
You can't login to your site? What errors do you get? How do you know that "something was very wrong?" — esqew, Apr 27 '14 at 22:16
Please use indentation, brackets around if/else branches (to help readability and maintainability), `mysqli` instead of `mysql` (as `mysql` is deprecated), prepared statements (to avoid `sql injection` that your code is vulnerable now to). Also it might makes sense to check your inputs with `isset()` or `empty()` not to generate notice level errors but that's the smallest issue I guess — fejese, Apr 27 '14 at 22:19

potashin · Answer 1 · 2014-04-27T22:20:30.807

4

Get rid of php closing tag ?> and whitespaces, html, blank lines before php opening tag <?php. Also check if there is no output before :

header("Location:");

Like print,var_dump, echo and so on. Also check your if condition, maybe you are just skipping it.

edited Apr 27 '14 at 22:20

answered Apr 27 '14 at 22:14

potashin

44,205
11
83
107

The problem is the script does not redirect, why. ? – alphadec Apr 27 '14 at 22:28
@alphadec : Have you got something in your error_log? The script does not redirect because there is an error `Headers already send` and/or script skips your `if` statements (you can check which of them it skips by echoing something after each). – potashin Apr 27 '14 at 22:30

score 0 · Answer 2 · answered Apr 27 '14 at 22:17

0

WARNING! you have an SQL injection ERROR. Try with:

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

Now, simplify your life:

$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

Is it right?

if( mysql_num_rows($query) > 0 ) {
 header('location: index.php');
}

answered Apr 27 '14 at 22:17

Zerquix18

769
6
19

Yes I know this will be open for sql injection but this is more a case for me. But what I dont understand this has worked but now it does not. – alphadec Apr 27 '14 at 22:30

score 0 · Answer 3 · answered Apr 16 '15 at 11:38

At first sight, I notice this:

while ($row = mysql_fetch_assoc($query)) {
    $dbusername = $row['username'];
    $dbpassword = $row['password'];
}

if ($username == $dbusername && $password == $dbpassword) {

The if is outside the loop. It will only be used against the last row.

If you only have one user, it should be working.

php - redirect does not work

3 Answers3