I have a simple login form that I only want to redirect to 'login.php' if everything is correct. How can I do this? At the moment it redirects you to 'login.php' every time you press the submit button, even though I have used PHP for form validation.
*** All of the HTML is set out correctly, I just felt that there was no need to add it in.
functions.php :
function db_connect() {
define("DB_SERVER", "localhost");
define("DB_USER", "user");
define("DB_PASS", "password");
define("DB_NAME", "database");
$connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
mysqli_select_db("database");
}
Start of the document:
<?php
session_start(); // Starts the session for login
require_once 'functions.php'; // This has the functions for the login process
?>
Middle of the document:
<?php
$form = "<form action='login.php' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='user' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='login_btn' value='Login' /></td>
</tr>
</table>
</form>";
if ($_POST['login_btn']) {
$user = $_POST['user'];
$password = $_POST['password'];
if ($user) {
if ($password) {
db_connect();
$password = md5(md5("dF83sDFJ9f8" . $password . "ugj483DAhD2"));
$query = mysqli_query("SELECT * FROM user WHERE username='" . $user . "'");
$numrows = mysqli_num_rows($query);
// Checks to see which form rows have data
// If the username is entered (if there is 1 piece of data in $numrows)
if ($numrows == 1) {
$row = mysqli_fetch_assoc($query);
$db_id = $row['id'];
$db_user = $row['username'];
$db_pass = $row['password'];
$db_active = $row['active'];
if ($password == $db_pass) {
if ($db_active == 1) {
$_SESSION['userid'] = $db_id;
$_SESSION['username'] = $db_user;
echo "You have been logged in as <b>" . $db_user . "</b>";
} else {
echo "You must activate your account to login " . $form;
}
} else {
echo "Incorrect password " . $form;
}
} else {
echo "Incorrect username " . $form;
}
mysqli_close();
} else {
echo "You must enter your password " . $form;
}
} else {
echo "You must enter your username " . $form;
}
} else {
echo $form;
}
?>