0

I am trying to create a home page. Once the user comes to the site and inputs username and password the data will get posted to a checklogin.php file where it will verify the data the user entered. Is there a way that after it checks the data and it is all good then it redirects the user to another page that is the home page? I want to do this so that my entire checklogin script is not on the home page. then also if the user is in a different part of the site, and they click home, the check login script will run again and it will fail. I understand i can use session variables to see if they have already logged in and then somehow bypass the checklogin script on the home page if they have already logged in, but is this the correct way to do this?

<?php
include'vive_fns.php';

 $v_username = trim($_POST['viveuser']);
 $v_password = trim($_POST['vivepass']);

 if(!isset($_POST['viveuser'])|| empty($v_username)){
     echo"Please enter a username"; //should change to redirect
     die();
 }

 elseif(!isset ($v_username) || empty($v_username)) {
     echo "Please enter a password"; //should change to redirect
     die();
 }

//if all data is entered we want to check the password
     $mysqli = connect_db();

//set database query     
     $sql1 = "SELECT password FROM vive_user WHERE username = "."'$v_username'";

 //check to make sure a result is returned    
if(!$result1 = $mysqli->query($sql1)){
    echo 'Could not query database. Please try again later.';//should change to redirect
    die();
    }

    else {
     $data = $result1->fetch_array(MYSQLI_NUM);
     $db_pass = $data[0];
    }


   if($db_pass !== $v_password){
       $title = 'Incorrect Login Info';
       //do_html_header($title); this sets the page title
       echo"Incorrect Password";//should change to redirect
       die();
   }

//if everything checks out need to establish user info
       $title = 'Home';
       do_html_header($title);


       //echo"Logged In";
       session_start();
       $_SESSION['valid_user']=$v_username;

// at this point i want to redirect
       header("Location: home.php");
       exit();
ratrace123
  • 976
  • 4
  • 12
  • 24
  • Instead of reinventing the wheel, perhaps look into a framework like laravel. If you choose to do this on your own, first understand how other major frameworks accomplish this. – Raphael Rafatpanah Jan 29 '16 at 04:17
  • Yes you can. You can redirect a request with header(). Please see http://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php – Zamrony P. Juhara Jan 29 '16 at 04:19
  • @ Raphael I am not trying to reinvent the wheel, i am just not familiar with any frameworks as of yet. i saw the header function and thought about using it. – ratrace123 Jan 29 '16 at 04:26
  • agree with Raphael. use framework for this basic hygiene function. it will be probably better and faster than login function that is implemented by 99.9% of php developer in SO – Aditya Jan 29 '16 at 04:27
  • looking at laravel it looks like it probably just uses the header function that raphael described. I am new to php and would like to understand it more before i just start using frameworks. – ratrace123 Jan 29 '16 at 04:33
  • As stated here http://php.net/manual/en/function.header.php: Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file. --- So yes, try by deleting echo lines, but i'm not sure, i will let more experienced user answer to you. Also look at Ankur Kushwaha solution :) – Math Jan 29 '16 at 05:02
  • wow you are right, I had an empty line at the beginning of all the files that i was trying this on and it was not working. removed the line and now it works, i would have never thought of the blank lines being outputs. thanks for the help. I tested it out to see if the echo lines cause there to be an issue but they do not seem to matter unless they are actually executed. Also the includes seem to mess this up where i have all my functions stored so i need to figure out a way around that – ratrace123 Jan 29 '16 at 05:28

4 Answers4

1
header("Location:http://localhost/form2.php");
exit();

Just change the url as you want.

Amit Verma
  • 40,709
  • 21
  • 93
  • 115
Mohammad Tbeishat
  • 961
  • 6
  • 15
1

check this out i think it would help you to under stand the logic here is first login page where user can put login info 

 <form action="reg_auth.php" method="post" accept-charset="utf-8">
        <div id="inrlog" style="display:none;">
        <div class="form-group required">
         <label for="UserFirstname">Email</label>
            <input name="firstname" class="form-control" maxlength="255" type="text" id="UserFirstname" required="required"/>
        </div>
        <div class="form-group required">
         <label for="UserLastname">Password</label>
            <input name="lastname" class="form-control" maxlength="255" type="password" id="UserLastname" required="required"/>
        </div>
        </div>
            
   </div>
    <div class="modal-footer">           
            <p style="text-align:left;"></p><div class="submit"><input  class="btn btn-primary" title="Login" name="login" type="submit" value="Login"/></div><div style="display:none;"></div></form>

here is authenticate page code where user info get authenticate 

<?php
 if($_POST['login']){
  $email = $_POST['email']; 
  $pwd   = $_POST['pwd'];

  $m = mysql_fetch_assoc(mysql_query("select * from `register` where `email`='$email' and `pwd`='$pwd'"));
  if(!empty($m['email'])){

   if($m['status'] == 1){
    $_SESSION['login']     = $m['id'];
    $_SESSION['displayaname'] = $m['fname'].' '.$m['lname'];
    header("Location: myaccount.php");
   }else{
    header("Location: reg_auth.php?msg=4");
   }
   exit();
  }else{
   unset($_SESSION['login']);
   unset($_SESSION['displayaname']);

   header("Location: reg_auth.php?msg=3");
   exit();
  }
 } 
 
    if($_GET['msg'] == 2){
  $msg = "Email Already Exists! Please Try Some Different Email."; 
 }
 if($_GET['msg'] == 3){
  $msg = "Invalid Username or Password! Please Try Again.";
 }
?>
Ankur Kushwaha
  • 51
  • 1
  • 10
  • great thanks this makes sense, i am trying to get the header function to work but having problems. I made dummy pages with no html but it will still not redirect. I am trying to post my code but its not letting me for some reason – ratrace123 Jan 29 '16 at 05:12
0

Yes,

You need to use Session to store the information related to user once the user is successfully authenticated with the username and password field.

  • once the user is authenticated you can redirect to successful page, i mean allow them to access pages.
  • if user is not authenticated redirect them to login page again.
  • if session is expire redirect them to login page again.

Thanks Amit

Amit Shah
  • 1,380
  • 1
  • 10
  • 19
0

Yes this sounds correct. So you'll have a script on your homepage with login&passw, posting infos to your checklogin.php.

There, you check if datas are correct, if they are correct you use sessions to set him as logged in. After, you redirect him on to homepage with header() function.

Note that header() function will not work if set after html content but in your case, no html in checklogin.php right ? ;)

Math
  • 666
  • 8
  • 26
  • i am having a problem trying to get it to redirect to the home page. I am thinking it is because if the login info is incorrect then it will echo"incorrect login". Will this stop the redirect even the login info is correct and the nothing is output? – ratrace123 Jan 29 '16 at 04:42
  • I dont think so. But i suggest that, in place of outputting "incorrect login" on a blank page, you also use redirect here, but with a _GET variable like header("homepage.php?bad_login") Can you post some code so we can look what's wrong ? – Math Jan 29 '16 at 04:45
  • ok i added my code, i can take out all of the echo commands if that is considered output and redirect instead – ratrace123 Jan 29 '16 at 04:57