0

I have a simple form calling a PHP script upon submit but it does not work as expected. It just takes me back to 'localhost:8080' without any error messages which is not even there in the PHP script. Please have a look at the code below and tell me how do I correct this. Also I had the below form as POST initially but it was not working at all, i.e., the php file was not getting the post data. I switched to GET, it worked for some time and now even this is not working. It may very well be some settings problem. I am using WAMP x64 on Windows 7 x64 and have not modified any setting.

This is my form -

<form role="form" action="/login.php" method="GET">
                    <div class="form-group">
                      <label for="email">Email:</label>
                      <input type="text" class="form-control" placeholder="username@xyz.com" name="email">
                    </div>
                    <div class="form-group">
                      <label for="password">Password:</label>
                      <input type="password" class="form-control" placeholder="password" name="password">
                    </div>
                    <div class="form-group">
                      <label><a href="/forgot-password">Forgot Password?</a></label>
                      <label><a href="/new-user"> New User?</a></label>
                    </div>
                    <button type="submit" class="btn btn-lg btn-primary center-block">Submit</button>
                </form>

This is the PHP file -

<?php
if (isset($_SESSION)) {
    header("location: http://localhost:8080/home");
} else {
    if (isset($_GET['email']) and isset($_GET['password'])) {

        $email = $_GET['email'];
        $pass = $_GET['password'];

        $con = mysqli_connect('localhost','read','*****','sheet_db');

        if(mysqli_connect_errno()) {
            header("location: http://localhost:8080/?message=internal%20error");
        } else {
            $check = mysqli_query($con, "SELECT COUNT(emp_id) as cnt FROM d_emp WHERE emp_email = '".$email."' AND password = '".$pass."'");
            if(mysqli_fetch_array($check)['cnt'] == 1) {
                session_start();
                $_SESSION['email']=$email;
                header("location: http://localhost:8080/home");
            } else {
                header("location: http://localhost:8080/?message=wrong%20username%20or%20password");
            }
        }
    } else {
        header("location: http://localhost:8080/?message=invalid%20parameters");
    }
}

?>
AdityaGoel
  • 53
  • 1
  • 6
  • did you check the process gets as far as the else part of the if-loop? Did you check the values? – RST Aug 18 '14 at 17:27
  • Yes if I add echo statements and remove location headers, it does run as expected. Just the headers are not doing their job. – AdityaGoel Aug 18 '14 at 17:31
  • @user3162834 does it redirects to `http://localhost:8080/?message=internal%20error`??? – Faiz Ahmed Aug 18 '14 at 17:33
  • It redirects to 'http://localhost:8000' – AdityaGoel Aug 18 '14 at 17:39
  • Related; You will want to check out [this question about SQL Injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) It's an extremely dangerous problem, and your code is vulnerable to it. – Andrew Barber Aug 18 '14 at 18:06
  • Okay so I replaced all location headers with echo statements and now everything works as expected. Getting the right echo output for every case. What do you think is wrong with the headers above? – AdityaGoel Aug 18 '14 at 19:50

1 Answers1

1

Change action="/login.php" to action="./login.php" then let me know if it solves your problem.

Faiz Ahmed
  • 1,083
  • 8
  • 16