How do I make this login form dynamically redirect?

Question

I have a simple login form that I only want to redirect to 'login.php' if everything is correct. How can I do this? At the moment it redirects you to 'login.php' every time you press the submit button, even though I have used PHP for form validation.

*** All of the HTML is set out correctly, I just felt that there was no need to add it in.

functions.php :

function db_connect() {

    define("DB_SERVER", "localhost");
    define("DB_USER", "user");
    define("DB_PASS", "password");
    define("DB_NAME", "database");

    $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

    mysqli_select_db("database");

}

Start of the document:

<?php

    session_start();    // Starts the session for login
    require_once 'functions.php'; // This has the functions for the login process

?>

Middle of the document:

<?php

        $form = "<form action='login.php' method='post'>
                    <table>

                        <tr>
                            <td>Username:</td>
                            <td><input type='text' name='user' /></td>
                        </tr>
                        <tr>
                            <td>Password:</td>
                            <td><input type='password' name='password' /></td>
                        </tr>
                        <tr>
                            <td></td>
                            <td><input type='submit' name='login_btn' value='Login' /></td>
                        </tr>

                    </table>
                </form>";

        if ($_POST['login_btn']) {

            $user = $_POST['user'];
            $password = $_POST['password'];

            if ($user) {

                if ($password) {

                    db_connect();

                        $password = md5(md5("dF83sDFJ9f8" . $password . "ugj483DAhD2"));

                        $query = mysqli_query("SELECT * FROM user WHERE username='" . $user . "'");
                        $numrows = mysqli_num_rows($query);
                        // Checks to see which form rows have data

                        // If the username is entered (if there is 1 piece of data in $numrows)
                        if ($numrows == 1) {
                            $row = mysqli_fetch_assoc($query);
                            $db_id = $row['id'];
                            $db_user = $row['username'];
                            $db_pass = $row['password'];
                            $db_active = $row['active'];

                            if ($password == $db_pass) {

                                if ($db_active == 1) {

                                    $_SESSION['userid'] = $db_id;
                                    $_SESSION['username'] = $db_user;

                                    echo "You have been logged in as <b>" . $db_user . "</b>";

                                } else {
                                    echo "You must activate your account to login " . $form;
                                }

                            } else {
                                echo "Incorrect password " . $form;
                            }

                        } else {
                            echo "Incorrect username " . $form;
                        }

                    mysqli_close();

                } else {
                    echo "You must enter your password " . $form;
                }

            } else {
                echo "You must enter your username " . $form;
            }

        } else {

            echo $form;

        }

    ?>

What do you want to happen if everything is not correct? You can't stop a submission to the server with server-side code only (PHP); you'd need Javascript to, for example, disable the submit button. — vicvicvic, Jan 09 '15 at 10:56
have a look at this: http://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php — , Jan 09 '15 at 10:56
use javascript to validate your form and let it submit or not — Shaiful Islam, Jan 09 '15 at 10:56
If you look at the code I have used PHP to do form validation. For some reason it isn't working, any help? — Daniel, Jan 09 '15 at 11:11

score 0 · Answer 1 · answered Jan 09 '15 at 11:17

0

I don't get it. Your form will be automatically submitted to login.php because of the action attribute. If you don't want to use javascript for the form validation, change the form action attribute to $_SERVER['PHP_SELF']. It will submit the data for itself and when everything is okay, you give it a header("Location: login.php"); or just echo<meta http-equiv="refresh" content="0; url=login.php">. I hope it helps.

answered Jan 09 '15 at 11:17

Krisztián Dudás

856
10
22

Sorry but I'm new and have no idea how to implement that – Daniel Jan 09 '15 at 11:20
@mightyspaj What is the php file called? It isn't the login.php right? The one where you define the form variable. It it is not, then you just take this: `$form = "
`, change it to this: `$form = "
` and here: `echo "You have been logged in as " . $db_user . "";` you do this: `echo "You have been logged in as " . $db_user . ";` The meta tag redirects you to the login.php after the amount of seconds defined in "content" attribute.
– Krisztián Dudás Jan 09 '15 at 11:28

How do I make this login form dynamically redirect?

1 Answers1