PHP - header('location:profile.php'); not working

Question

when I hit login it keeps saying invalid login information. I want it to go to profile.php I used header('location:profile.php') I wonder whats wrong? may you guys take a look please, and let me know if I'm missing something or had typos. thanks!

    <?php
//database information
$host = "localhost";
$user = "root";
$pass = "";
$db = "test";

//connect to database
mysql_connect($host, $user, $pass);
mysql_select_db($db);

//select table
$sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
    $res = mysql_query($sql);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Login</title>
<link href="../sources/stylesheet.css" rel="stylesheet" type="text/css" />
</head><body>
<div id="content_login">
  <div id="header">
    <p align="center"><u>NJROTC ADMINS</u></p>
    <div id="Quote">
      <p align="center">You cannot be on this page if you weren't given the login information!  </p>
    </div>
  </div>
  <p>&nbsp;</p>
  <p><br />
  </p>
  <form id="form1" name="form1" method="post" action="/njrotc/pages/login.php">
    <table width="331" height="141" border="0">
      <tr>
        <td width="112">Username</td>
        <td width="178"><input type="text" name="username" id="text2" /></td>
      </tr>
      <tr>
        <td>Password</td>
        <td><input type="password" name="password" id="password" /></td>
      </tr>
      <tr>
        <td colspan="2"><div class="php">
          <?php
if (isset($_POST['username'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    if (mysql_num_rows($res) == 1) {
    echo "You have successfully logged in.";
    exit();
    } else {
    echo "Invalid log in information.";
    exit();
        header ('location:profile.php');
    }
}
?>
        </div></td>
      </tr>
      <tr>
        <td><input type="submit" name="submit" id="submit" value="Log In" /></td>
        <td>&nbsp;</td>
      </tr>
    </table>
  </form>
</div>
</body>
</html>

It's because, you have echo and exit(); above header. Use one, not all. `else { header ('location:profile.php'); exit();}` - It's like saying "hello, I'm gone, sorry, store's closed. Ok, now where do I go?" Oh, I can't go anywhere else, I've left the building already. Exit, stage left ;-) — Funk Forty Niner, Jul 05 '14 at 00:15
Also avoid `mysql`. Use `mysqli` or `PDO` And use `htmlspecialchars` for the post. And it doesn't look like you're hashing passwords. — Idris, Jul 05 '14 at 00:17
You're executing your query before you've initialised `$username` and `$password`. When you look at the result, unsurprisingly, it hasn't found anything. — , Jul 05 '14 at 00:18
I've already explained it, *in so many words* ;-) "Including", the solution. Well, "a" partial solution. See what Mike wrote. Plus, add error reporting to the top of your file(s) `error_reporting(E_ALL); ini_set('display_errors', 1);` which would've thrown you a lot of... well, you know (ahem) errors. Oh, and no worms for me tonight, I'm going fishing tomorrow; need them all for the fishies. — Funk Forty Niner, Jul 05 '14 at 00:20
plus im getting wamp errors telling i should use pdo or mysqli ... can any refer me somewhere with mysqli info ? im really new to this guys, ur answers are helping me learn even more. thanks. — MartinNewAtCode, Jul 05 '14 at 00:25
See, another problem. It just keeps getting worse. Now, you have to switch to using [`mysqli_`](http://www.php.net/manual/en/book.mysqli.php) functions. *Oh*, and you're welcome ;-) Use [**`mysqli_*` with prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO**](http://php.net/pdo) with [**prepared statements**](http://php.net/pdo.prepared-statements). — Funk Forty Niner, Jul 05 '14 at 00:26
I dont understand mysqli at all. Do you think you can rewrite the code for my connection to database for me? please? if not ignore this :) — MartinNewAtCode, Jul 05 '14 at 00:35
@Fred-ii- Can you help me translate my code to mysqli ? I'm having problems, please. — MartinNewAtCode, Jul 05 '14 at 00:59
Oh I know you're serious, I'm not pulling your leg. But SO's not about "rewriting" someone's code, it's about dealing with problems and existing code. You're more than welcome to post a new question, just don't go editing this one with your new code that you've shown below in a comment. I suggest you Google PHP/SQL tutorials where they talk about `mysqli_` and PDO using prepared statements, which [`I've already given you links to.`](https://stackoverflow.com/questions/24581881/php-headerlocationprofile-php-not-working#comment38080296_24581881) — Funk Forty Niner, Jul 05 '14 at 01:13

score 1 · Accepted Answer · answered Jul 05 '14 at 00:21

1

Here is your code:

echo "Invalid log in information.";
exit();
    header ('location:profile.php');

First when you execute an echo the server sends headers to the browser, so you can’t have that before a header call. But past any of that you have an exit(); before the header ('location:profile.php'); call. So that will never execute it. Just do this instead:

// echo "Invalid log in information.";
// exit();
header ('location:profile.php');

Commenting out the echo and exit just in case there is a valid reason for you to have those there. Perhaps for debugging? But if this is in production, those are not needed.

answered Jul 05 '14 at 00:21

Giacomo1968

25,759
11
71
103

The plot thickens. Am glad I get to keep the worms for going fishing tomorrow ;-) Now you see why I usually "comment" for questions like these? *Ah,* one cannot buy experience. – Funk Forty Niner Jul 05 '14 at 00:26
Lol, I appreciate it. The exit strategy kind of worked and some errors left but it still does not head to `profile.php` – MartinNewAtCode Jul 05 '14 at 00:33
@user3806765 Happy this helped the specific issue of this question, but the reality is there are tons of other issues with your code. But knowing what I outline in this answer here can at least get you on the right track. – Giacomo1968 Jul 05 '14 at 00:38
I can't thank you enough! Appreciated! – MartinNewAtCode Jul 05 '14 at 00:43
1

@user3806765 Look at what `Idris` comments in your question and deal with that. It’s not our job to hand-hold your issues. Take the advice & do something with it, “Also avoid mysql. Use mysqli or PDO And use htmlspecialchars for the post. And it doesn't look like you're hashing passwords. ” – Giacomo1968 Jul 05 '14 at 01:06
@Jake I don't want to hash my password. I just wanted you to look at the one i rewrote here... `function getConnected() { $host = 'localhost'; $user = 'root'; $pass = ''; $db = 'test'; $mysqli = new mysqli($host, $user, $pass, $db); if($mysqli->connect_error) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());` – MartinNewAtCode Jul 05 '14 at 01:08
1

@user3806765 I'll give you a clue as to what you can't do. You see where it says `mysqli_` and then the other one(s) that reads as `mysql_`? Well, they just don't mix. You MUST choose one OR the other types of MySQL APIs. Call this one of your first lessons in this wonderful world of coding. ;-) – Funk Forty Niner Jul 05 '14 at 01:09
1

@user3806765 “I just wanted you to look at the one i rewrote here...” Let me say this again, “It’s not our job to hand-hold your issues.” Happy to have helped, but that is all I can do for now. Be well, take care & good luck! – Giacomo1968 Jul 05 '14 at 01:09
@MartinNewAtCode “... sorry guys, I wasted your time.” No you did not. The question is “PHP - header('location:profile.php'); not working” and that issue is solved. The rest of the stuff your asking is outside the scope of this question & that info was volunteered to help you now take the code & do something better with it. It’s not our job to do your work for you. – Giacomo1968 Jul 05 '14 at 01:17
1

I understand now. Thanks. Sorry though. – MartinNewAtCode Jul 05 '14 at 01:18

PHP - header('location:profile.php'); not working

1 Answers1