0

So I have a form 

<form id="login_form" method="post" action="login.php">
    <input type="text" name="email">
    <input type="password" name="pass">
    <input type="submit" name="submit" value="Log in" onclick="submitFunction()">
</form>

When the form is submitted I am checking if the username and password are correct 

if(isset($_POST['submit'])) {
    $email = $_POST['email'];
    $pass = $_POST['pass'];

    $sql = "SELECT email,password FROM user_details WHERE email='$email' AND password='$pass'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        $_SESSION["email"] = $_POST['email'];
    }
    else {
        echo "Incorrect username or password. Please try again!";
    }
}

But I also want to load a new page, which I am trying to do via javascript

function submitFunction()
{
    window.location.href = "new url";
}

I tried replacing the submit button with just a button however then I can not get my php to execute because I can't use if(isset($_POST['submit'])), but if I use a submit button then I do not know how to call my javascript function because I can't use onclick can I? Any help would be appreciated :)

Also I know I should not just store the password in my database and sql injection and all that but I just want to try and get this to work

Dfarrelly
  • 695
  • 2
  • 7
  • 24
  • 1
    Start learning `ajax`? – u_mulder Aug 02 '16 at 18:44
  • Can you not use php to output the JavaScript code which will then be executed when the page has loaded? – Nunchy Aug 02 '16 at 18:44
  • 2
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Aug 02 '16 at 18:48
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Aug 02 '16 at 18:48
  • @Don'tPanic do you mean using header('Location: newpage.html')? I feel stupid now I just tried that and it worked fine, I tried that before and couldn't get it to work, must have had an error elsewhere, thank you – Dfarrelly Aug 02 '16 at 18:54
  • No need to feel stupid. Keep in mind when redirecting using `header` you _must_ send the header and exit before outputting _anything_ else in your PHP script. That may have been why it didn't work before. – Don't Panic Aug 02 '16 at 19:22
  • You can see [this question](http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php) for a lot more info on that. – Don't Panic Aug 02 '16 at 19:23

3 Answers3

2

You can just load the new page with PHP after you check the login. Unless you have some other reason you need to do it with JavaScript, I think it makes more sense to do it in PHP anyway, because you'll want to do different things depending on whether or not the login was successful.

if ($result->num_rows > 0) {
    $_SESSION["email"] = $_POST['email'];
    header('Location: new url');
    exit;
}
else {      
    echo "Incorrect username or password. Please try again!";
}
Don't Panic
  • 41,125
  • 10
  • 61
  • 80
0

Not really sure where you want to execute the JS code, something like this:

if(isset($_POST['submit'])) {
    $email = $_POST['email'];
    $pass = $_POST['pass'];

    $sql = "SELECT email,password FROM user_details WHERE email='$email' AND password='$pass'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        $_SESSION["email"] = $_POST['email'];

        // Output JsvaScript code here?
        echo "
        <script>
        function submitFunction()
        {
            window.location.href = \"new url\";
        }
        </script>
        ";
    }
    else {
        echo "Incorrect username or password. Please try again!";
    }
}

Something like that should work but there are a few security issues with your code. I'll assume you're just messing about and learning.

Nunchy
  • 948
  • 5
  • 11
0

This is where Ajax comes in. I would perform this using AJAX and Jquery Do not forget to include Jquery. 

$("#check").click(function(){

    $.ajax({
        type: "POST",
        url: "file.php",
        data: {email: $("#email").val(), pass: $("#pass").val()},
         beforeSend: function()
        { 
            $('#check').attr('disabled',true);
        },
        success :  function(response)
        {      
           if(response=="correct"){
             setTimeout('window.location.href = "new url"',1000);
           }else{
setTimeout('window.location.href = "bad login url"',1000);
            
           }
        }


    });
    return false;

});

In your Php code file.php Use this

if(isset($_POST['submit'])) {
    $email = $_POST['email'];
    $pass = $_POST['pass'];

    $sql = "SELECT email,password FROM user_details WHERE email='$email' AND password='$pass'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        $_SESSION["email"] = $_POST['email'];

       echo "correct";
    }
    else {
        echo "Incorrect username or password. Please try again!";
    }
}

For Html 

<form id="login_form" method="post">
    <input type="text" id="email" name="email">
    <input type="password" id="pass" name="pass">
    <input type="submit" name="submit" value="Log in" id="check">
</form>

Hope this information will help Please learn Ajax, It is very helpful in such problems. Thank you

muya.dev
  • 966
  • 1
  • 13
  • 34