Can't get header location to redirect

Question

I can't seem to get my redirection to work. First is the class:

public function LoginUser($username, $password){
    // Check if user adn password matches an user in database
    if(isset($_POST['username'])){
        $username = mysqli_real_escape_string($this->db, $username);
        $password = mysqli_real_escape_string($this->db, $password);

        $sql = "SELECT * FROM users WHERE name='$username'";
        $result = mysqli_query($this->db, $sql) or die('Fel vid SQL-fråga - inloggning');

        if(mysqli_num_rows($result)){
            $row = mysqli_fetch_array($result);
            $stored_password = $row['password'];
            // check if hash_equals-function exists
            if(function_exists("hash_equals")) {
                //If excists
                if(hash_equals($stored_password, crypt($password, $stored_password))) {
                    // create session
                    header("location: user/loggedin.php");
                    $_SESSION['login'] = $username;
                }else{
                    echo '*WRONG!*';
                }
            }else{
                //if not exists, use alternate method
                if($stored_password == crypt($password, $stored_password)){
                    // create session that tells that we're logged in
                    header("location: ../user/loggedin.php");
                    $_SESSION['name'] = $username;
                }else{
                    echo 'WRONG!';
                }
            }
        }
    }
}

And my call for the class:

<?php
// call class User.php, LoginUser
$users = new User();
if(isset($_POST['loginButton'])){
    if($users->LoginUser($_POST['username'],     $_POST['password'])){
        //header("location: admin/admin.php");
    }else{
        echo 'wrong username or password';
    }
}

of course, you right. That last else had sneeked in somehow:). deleted and edited now, still not working.. — Kalabalik, May 22 '16 at 21:25
the session is created, but somehow the function doesnt seems to go trough, cause i get the "wrong username or password" echo.. — Kalabalik, May 22 '16 at 21:29
Your method doesn't actually return anything, so the if when calling `LoginUser` is probably failing. — Jonnix, May 22 '16 at 21:31
THank you Jon, but i cant understand why the session is created then? shouldnt the header-location executes then as well? — Kalabalik, May 22 '16 at 21:33
Depends on what you mean by "session is created" and what makes you think that it's happening. — Jonnix, May 22 '16 at 21:36
You need to be more specific. What do you echo out, and what is the output. Also, have you cleared your cookies so you get a new session just in case you're just seeing old data? — Jonnix, May 22 '16 at 21:39
when i run echo $_SESSION['name'] its echo´s out the username that i tries to log in with, togeheter with "wrong username or password". It changes when i try to login with a different user, so it should not be cookies, or? — Kalabalik, May 22 '16 at 21:45
Not sure then. I'd suggest adding some basic debugging (var_dump + exit should do for ease) and making sure that what is happening is what you think should be happening. — Jonnix, May 22 '16 at 21:50
Shouldn't you be using ` if(isset($username))` instead of ` if(isset($_POST['username']))` inside your function? — RST, May 22 '16 at 21:54

score 0 · Answer 1 · answered May 22 '16 at 21:34

You can try :

    if(hash_equals($stored_password, crypt($password, $stored_password))) {
        // create session
                    header("location: user/loggedin.php");                  
        $_SESSION['login'] = $username;

    }else if($stored_password == crypt($password, $stored_password)){
        // create session that tells that we're logged in
        header("location: ../user/loggedin.php");
        $_SESSION['name'] = $username;
    }else{
        echo 'WRONG!';
    }

Also Check if it is

location: user/loggedin.php

OR

location: ../user/loggedin.php

Thanks for answer, but badly it doesnt seemed to help. I guess Jon is right that something is wrong with the call.. — Kalabalik, May 22 '16 at 21:46

Can't get header location to redirect

1 Answers1