0

I am trying to get my login.php to redirect to my home page in main.php and echo a logged in message when successful, or echo an unsuccessful message if login fails. It is ignoring the fast part of the script and directing me to:

Location: http://localhost/projects/ibill_v3/html/loginformfail.html#home

This doesn't even exist. Is there a way to fix this or am i making it too complicated? Any help would be greatly appreciated!

main.php (home page)

<?php
    session_start();
include "loginform.php";
if (isset($_SESSION['user_session']) and $_SESSION['user_session']!=""){
  echo 'working';
}
else {
  echo 'not working';
}
?>

loginform.php

<?php 
$con=mysqli_connect('localhost','root','cornwall','ibill');
// This code creates a connection to the MySQL database in PHPMyAdmin named 'ibill':

$username="";
$password="";

if (isset ($_POST['username'])){
$username = mysqli_real_escape_string($con, $_POST['username']);
}
if (isset ($_POST['password'])){
$password = mysqli_real_escape_string($con, $_POST['password']);
}
//These are the different PHP variables that store my posted data.

$login="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($con, $login);
$count=mysqli_num_rows($result);
//This is the query that will be sent to the MySQL server.
if($count==1)
{
  $_SESSION["user_session"]=$username;
  header('Location: http://localhost/projects/ibill_v3/html/main.php#home');
  exit();
}
//This checks the 'user_details' database for correct user registration details and if successful, directs to home page.
else {
   header('Location: http://localhost/projects/ibill_v3/html/loginformfail.html');
   exit();
}
//If login details are incorrect

/** Error reporting */
error_reporting(E_ALL);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
?>
Panda
  • 6,955
  • 6
  • 40
  • 55
asharoo85
  • 49
  • 10
  • 3
    I don't see where you are starting the session on `loginform` – yardie Apr 22 '16 at 15:07
  • Is your query *actually* returning a result? Is `$count` *really* equal to `1`? And you should be hashing your passwords. Storing them in plain-text is a really, really bad idea. – mferly Apr 22 '16 at 15:09
  • @andre3wap Do i need to start the session on the 'loginform.php'. Thanks Marcus, yes count is equal to 1 when commenting out and that section of code was working prior to me trying to get the session to work. Will be hashing passwords before completion – asharoo85 Apr 22 '16 at 15:14
  • @asharoo85 "*Do i need to start the session on the 'loginform.php'.*" No. This is not necessary and will throw a NOTICE. You only need to start the session one time as it will fall within scope of the `include`'d file. – mferly Apr 22 '16 at 15:20
  • Try echoing out `$count` to make sure that it's `0` and also echo `$username` to make sure that it's not blank – Panda Apr 22 '16 at 15:25
  • echoed out both and all fine – asharoo85 Apr 22 '16 at 15:29
  • The reason you're being redirected to `loginformfail.html` and *not* `main.php` has nothing to do with your sessions. It is happening because `$count != 1` which has everything to do with your query. `echo $login;` and see what your query looks like. Then paste that into phpMyAdmin or wherever you run your queries to be sure you're getting the result you *think* you're getting. – mferly Apr 22 '16 at 15:29
  • @luweiqi - He doesn't want `$count` to be `0` though. `$count` needs to equal `1` which is a successful login, to which he will be redirected to `main.php` – mferly Apr 22 '16 at 15:32
  • @Marcus Oh, that's a typo ;-) – Panda Apr 22 '16 at 15:32
  • yes i want the count to be 1 for success, 0 for failure. The problem is it redirecting to `loginform.html#home` this isnt even a page in my directory, i only have `loginform.html`, no other pages within that html file. When i comment out the if and else statements for the count query, and print $count and $username, they both show the correct count and username...So confused! – asharoo85 Apr 22 '16 at 15:47
  • 1
    Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Apr 22 '16 at 15:54

1 Answers1

1

step 1: set the action on submit to loginform.php in login.php (action="loginform.php")

step2:in loginform.php start a session and change redirection location to main.php

<?php 
session_start();
$con=mysqli_connect('localhost','root','cornwall','ibill');
// This code creates a connection to the MySQL database in PHPMyAdmin named 'ibill':

$username="";
$password="";

if (isset ($_POST['username'])){
$username = mysqli_real_escape_string($con, $_POST['username']);
}
if (isset ($_POST['password'])){
$password = mysqli_real_escape_string($con, $_POST['password']);
}
//These are the different PHP variables that store my posted data.

$login="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($con, $login);
$count=mysqli_num_rows($result);
//This is the query that will be sent to the MySQL server.
if($count==1)
{
  $_SESSION["user_session"]=$username;
  header('Location:main.php');
  exit();
}
//This checks the 'user_details' database for correct user registration details and if successful, directs to home page.
else {
   header('Location: main.php');
   exit();
}
//If login details are incorrect

/** Error reporting */
error_reporting(E_ALL);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
?>

step 3: In main.php remove include "loginform.php";

<?php
    session_start();
if (isset($_SESSION['user_session']) and $_SESSION['user_session']!=""){
  echo 'working';
}
else {
  echo 'not working';
}
?>