-1

this is the login form....it says that it cannot modify header information and I tried everything to fix but I cant...can someone help me with my codes..thanks in advance

<?php


       $loginpopup = 'Login Success';
       $failpopup = 'Wrong Username or Password';
          if(!$con)
          {
            die("Error connection" . mysqli_connect_error());

          }
    if (isset($_POST['submitlogin']))
    {

       $login = "SELECT * from admin where username  = '$_POST[user]' AND password ='$_POST[pass]'";

            $getuser = mysqli_query($con,$login) or die(mysql_error());
              while($row = mysqli_fetch_array($getuser))
              {
                if($row==0)
                {
                     echo "<SCRIPT>alert('$failpopup');</SCRIPT>";
                     header("location:index.php");
                }
                else
                {
                  echo "<SCRIPT>alert('$loginpopup');</SCRIPT>";
                  header("location:home.php");
                }
              }
    }
    ?>
Dan Vincent
  • 3
  • 3
  • display error error_reporting(E_ALL);ini_set('display_errors', 1); – Dave Jul 18 '16 at 05:07
  • can you please past full error here? – Dhaval Bhavsar Jul 18 '16 at 05:08
  • 3
    **WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. This has many dangerous [SQL injection vulnerabilities](http://bobby-tables.com/) since you didn’t [properly escape values](http://bobby-tables.com/php). This code allows *anyone* to get *anything* from your site. **DO NOT** write your own authentication system. Any [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with an [authentication system](https://laravel.com/docs/5.2/authentication) built-in. – tadman Jul 18 '16 at 05:08
  • 1
    **WARNING**: At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and never store passwords as plain-text. People who give you their password are trusting that you will store it securely. – tadman Jul 18 '16 at 05:09
  • In WARNING notice have answer xD. – Quynh Nguyen Jul 18 '16 at 05:10
  • Warning: mysqli_query(): Couldn't fetch mysqli in C:\wamp\www\eserver\index.php on line 200 Call Stack # Time Memory Function Location 1 0.0010 147016 {main}( ) ..\index.php:0 2 0.0730 148464 mysqli_query ( ) ..\index.php:200 – Dan Vincent Jul 18 '16 at 05:12
  • can you please print your query? – Dhaval Bhavsar Jul 18 '16 at 05:15
  • what do you mean by query sir..sry beginner here :) – Dan Vincent Jul 18 '16 at 05:22
  • he means echo $login; – Ahmad ghoneim Jul 18 '16 at 05:46
  • try to add config file at the top – Pardeep Pathania Jul 18 '16 at 05:49
  • SELECT * from admin where username = dan AND password = dan...this is the result of the query($login) sir..can someone fix it thanks.. – Dan Vincent Jul 18 '16 at 05:57
  • I already tried the config sir still didn't work – Dan Vincent Jul 18 '16 at 06:02

2 Answers2

0

if the query failed to run your script will Die because of or die(mysql_error); which won't output anything after $getuser

modify your code to this

 include('movieshub/includes/config.php');
    if ($getuser = mysqli_query($con,$login)) { // check if the query succeeded running
      $count = mysqli_num_rows($getuser);
      if ($count == 0 ) {

             echo "<SCRIPT>alert('$failpopup');</SCRIPT>";
             header("location:index.php");

      } else  {

        while($row = mysqli_fetch_array($getuser)) 
        { //output data }
          echo "<SCRIPT>alert('$loginpopup');</SCRIPT>";
          header("location:home.php");
        }
    }
 } else {
echo "query failed to run";
 }
Ahmad ghoneim
  • 844
  • 7
  • 13
0

Try the code below: 

 <?php

        //if your are using wamp then let $servername,$username and $password be same as below otherwise change them.

        $servername = "localhost"; //insert your severname at the place of localhost
        $username = "root"; //insert your username at the place of root
        $password = "";  //insert your password at the place of ""

        // Create connection
        $con = mysqli_connect($servername, $username, $password); 

        //select database
        mysqli_select_db($con,"test"); //here enter your database name at the place of test

        // Check connection
        if (!$con) {
            die("Connection failed: " . mysqli_connect_error());
        }

       $loginpopup = 'Login Success';
       $failpopup = 'Wrong Username or Password';




    if (isset($_POST['submitlogin']))
    {
        $user=$_POST["user"];
        $pass=$_POST["pass"];

       $login = "SELECT * from admin where username=$user AND password=$pass";

            $getuser = mysqli_query($con,$login);

            $row=mysqli_affected_rows($con);
              if($row>1)
              {
                echo "<SCRIPT>alert('$loginpopup');</SCRIPT>";
                  header("location:home.php");


               }

             else
                {
                  echo "<SCRIPT>alert('$failpopup');</SCRIPT>";
                     header("location:index.php");
                }

    }
    ?>
Pang
  • 9,564
  • 146
  • 81
  • 122
lazyCoder
  • 2,544
  • 3
  • 22
  • 41