-1

I'm creating a website where there's a login page. The user must enter their user and password, and if the info is correct, the web site should open/display a new site with some information. Now I'm stuck in the part where the web site will display another page, here's the form that I'm using (login.php)

    <form method="POST" action="home.php" autocomplete="off">
        <input name="user" id="fields" type="text" placeholder="user" required><br/>
        <input name="password" id="fields" type="password" placeholder="password" required></br>
        <input id="button" type="submit" value="OK"></center>
    </form>
</div>
<?php
    $user=$_POST["user"];
    $password=$_POST["password"];
    if($user=="user"&&$password=="password"){  //dummy user & psswd
        echo "<script type='text/javascript'><!--window.location = 'reports_home.php'//--></script>";
    }
    else{
        echo "<center> <p style='color:red';>".ERROR."</center>";
    }

?>

And when I run login.php, everything's fine, but if enter any name or text into the fields and hit submit, the home.php file will open. But if remove action="reports_home.php (and remove the "<script type= part) , the page will validate the input, but it won't open the new site.

Anyone who can explain to me why this is happening or how should it be coded? If you nee more info, please let me know.

Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
Rosie
  • 94
  • 2
  • 11
  • `header('Location: '.$newURL);` check [this](http://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php) out. – Matt Sep 23 '14 at 00:44
  • I tried, but nothing. I also tried the `die()` and `exit()` but it only clears all the content from the actual site. – Rosie Sep 23 '14 at 00:58
  • Just a warning, this isn't a very secure way to handle passwords. – Wold Sep 23 '14 at 01:06

3 Answers3

1

Remove action to stay on the same page:

<?php
if ( isset($_POST) && !empty($_POST) ) {
    $user = $_POST["user"];
    $password = $_POST["password"];
    if ( $user == "user" && $password == "password" ){  //dummy user & psswd
        header("Location: http://example.com/reports_home.php"); 
    }
    else{
        $message = ERROR;
    }
}
?>
<form method="POST" action="" autocomplete="off">
        <input name="user" id="fields" type="text" placeholder="user" required><br/>
        <input name="password" id="fields" type="password" placeholder="password" required></br>
        <input type="submit" id="button" value="OK"></center>
    </form>
</div>

<?php if ( isset($message) ): ?>
    <center> <p style='color:red';><?php echo $message; ?></center>
<?php endif; ?>

EDIT: I tried it locally, it worked. Check for space before opening

<?php

. If it doesn't work, display all errors to debug this.

Louis XIV
  • 2,224
  • 13
  • 16
1

Here, give this a try and see my footnotes about password storage.

Sidenote: action="home.php" has been changed to action="" since it's being executed inside the same file.

You can use a header() and ob_start() to redirect on success.

Otherwise you will receive a similar warning:

Warning: Cannot modify header information - headers already sent by (output started at /file.php) in...

Code:

<?php

ob_start();

?>

<div>
<form method="POST" action="" autocomplete="off">
        <input name="user" id="fields" type="text" placeholder="user" required><br/>
        <input name="password" id="fields" type="password" placeholder="password" required></br>
        <input id="button" name="submit" type="submit" value="OK"></center>
    </form>
</div>
<?php

if(isset($_POST['submit'])){
    $user=$_POST["user"];
    $password=$_POST["password"];
    if($user=="user" && $password=="password"){  //dummy user & psswd

         // change this to your URL
         header("Location: http://www.example.com/success.php");

    }
    else{
        echo "<center> <p style='color:red';>".ERROR."</center>";
    }

}

?>

Or, you can place the PHP on top of your HTML form, without the need of ob_start().

<?php

if(isset($_POST['submit'])){
    $user=$_POST["user"];
    $password=$_POST["password"];
    if($user=="user" && $password=="password"){  //dummy user & psswd

      header("Location: http://www.example.com/success.php");

    }
    else{
        echo "<center> <p style='color:red';>".ERROR."</center>";
    }

}

?>

<div>
<form method="POST" action="" autocomplete="off">
        <input name="user" id="fields" type="text" placeholder="user" required><br/>
        <input name="password" id="fields" type="password" placeholder="password" required></br>
        <input id="button" name="submit" type="submit" value="OK"></center>
    </form>
</div>

Footnotes

Password storage

I noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

Other links:

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • Still doesnt work TT.TT it just clears the fields and stays in the same page – Rosie Sep 23 '14 at 16:32
  • I've tested this before posting. Copy it exactly as shown. If you added anything else, than that would be it. I never post anything till I know it works. @Rosie – Funk Forty Niner Sep 23 '14 at 16:33
0

remove the home.php bit from action, and replace the script part with a php header call using location, which would be

header('Location: http://example.com/reports_home.php');

http://php.net/manual/en/function.header.php

Ceri Turner
  • 830
  • 2
  • 12
  • 36