php how to redirect user to index.html when sucessfully logging in

Question

hi i am having problems with a login script for my website i need the script to redrect the user to index.html if the login details are correct. if you could help me at all it would be greatly appreciated.. thank you...

here is my script for checking the details ==>

<?php
include('config.php');
?>

$ousername = '';
    //We check if the form has been sent
    if(isset($_POST['username'], $_POST['password']))
    {
        //We remove slashes depending on the configuration
        if(get_magic_quotes_gpc())
        {
            $ousername = stripslashes($_POST['username']);
            $username = mysql_real_escape_string(stripslashes($_POST['username']));
            $password = stripslashes($_POST['password']);
        }
        else
        {
            $username = mysql_real_escape_string($_POST['username']);
            $password = $_POST['password'];
        }
        //We get the password of the user
        $req = mysql_query('select password,id from users where username="'.$username.'"');
        $dn = mysql_fetch_array($req);
        //We compare the submited password and the real one, and we check if the user exists
        if($dn['password']==$password and mysql_num_rows($req)>0)
        {
            //If the password is good, we dont show the form
            $form = false;
            //We save the user name in the session username and the user Id in the session userid
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['userid'] = $dn['id'];
?>

<?php
        }
        else
        {
            //Otherwise, we say the password is incorrect.
            $form = true;
            $message = 'The username or password is incorrect.';
        }
    }
    else
    {
        $form = true;
    }
    if($form)
    {
        //We display a message if necessary
    if(isset($message))
    {
        echo '<div class="message">'.$message.'</div>';
    }
    //We display the form
?>

any help would be greatly appreciated.. thank you.

You shouldn't use mysql_* extensions anymore. Please look into `mysqli` or `PDO`. — muttley91, Jan 22 '15 at 21:05
**[DANGER! You need to prevent SQL Injection!](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)** **Please, [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).** They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). **Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement)** instead, and **use [PDO](http://us1.php.net/pdo).** — Jay Blanchard, Jan 22 '15 at 21:05
i beginning to the ink the S.O mysql comment warnings are more a problem than the use of mysql. — , Jan 22 '15 at 21:06
Just as an FYI, storing a user's password in plain text is ***extremely discouraged*** as it poses a massive security risk (in addition to the above mentioned `mysql_*` extension security risks). — War10ck, Jan 22 '15 at 21:07

Goro · Answer 1 · 2015-01-22T21:10:12.573

1

UPDATE: As @Dagon corrected me..

To redirect user back to index.html, you can use the following:

header('Location: http://example.com/index.html');
exit;

after successful login.

edited Jan 22 '15 at 21:10

answered Jan 22 '15 at 21:04

Goro

499
1
13
31

2

full URI for location. – Jan 22 '15 at 21:05
I've using it like this and don't have problems so far. Can you explain a little why? – Goro Jan 22 '15 at 21:06
Nice thing about the answer given is that it will work on localhost during testing. – Scott C Wilson Jan 22 '15 at 21:07
2

i can: **HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but *some* clients accept relative URIs.** – Jan 22 '15 at 21:08
1

To extend on what @Dagon said, it's part of the official [HTTP/1.1 Spec](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30) as defined in the link. Most browsers will still execute the above statement as most browsers attempt to correct some errors and make some assumptions. However, officially without the full _absolute url_, it technically goes against the specification. – War10ck Jan 22 '15 at 21:11
Thank's is good to know! I guess I from this `some` clients since I don't have need to use full URI. – Goro Jan 22 '15 at 21:11
one day some browser will actully follow the spec, and half the php sits on the planet will fall over :) – Jan 22 '15 at 21:12

Yolo · Answer 2 · 2017-07-24T19:50:19.090

0

Use the header() function after setting the user information in $_SESSION.

// If the password is good, we don't show the form
$form = false;
// We save the user name in the session username and the user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
header('Location: http://example.com/index.html');

edited Jul 24 '17 at 19:50

answered Jan 22 '15 at 21:07

Yolo

1,569
1
11
16

[See the above discussion](http://stackoverflow.com/questions/28098621/php-how-to-redirect-user-to-index-html-when-sucessfully-logging-in#comment-44573199). When using the HTTP Location header, you should use the full ***absolute url*** in order to align your code properly with the defined specification. – War10ck Jan 22 '15 at 21:14

score 0 · Answer 3 · answered Jan 22 '15 at 21:21

So your source code is not preferly the best to this way of login, but even in this way you should make a redirection after login.

It you can do with JavaScript, exactly i recomend you tu use jQuery API, which will help you to improve many things on your site.

So in your situation i recomend you this way of solution:

 if($dn['password']==$password and mysql_num_rows($req)>0)
        {
            //If the password is good, we dont show the form
            $form = false;

            echo "<script>$('#idofelement2reload').load('php.php?login=1');</script>";

            $_SESSION['username'] = $_POST['username'];
            $_SESSION['userid'] = $dn['id'];

        }

So if you noticed, this line

echo "<script>$('#idofelement2reload').load('php.php?login=1');</script>";

writes a line into html document which call a function to load through jQuery a file with parameter that the user is logged in.

Don`t forget to include jQueries source code in head

score 0 · Answer 4 · answered Jul 24 '17 at 19:56

if($dn['password']==$password and mysql_num_rows($req)>0)
        {
            //If the password is good, we dont show the form
            $form = false;
//We save the user name in the session username and the user Id in the session userid
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['userid'] = $dn['id'];
       header('Location:http://sitename.com/index.php');
?>

php how to redirect user to index.html when sucessfully logging in

4 Answers4