-1

I have created a login page in PHP where the user inputs their details and they are then posted to another PHP file that then checks the username entered by the user and sees if it registered in the MySQL accounts table, if so it then checks the password and if it's a match I want it to open up the profile page and if not, I want it to return to the login page. How can I get the PHP code to load in a new html/php file to be displayed on the screen. Heres my PHP code so far:

<html>

<?php
include_once "mysql_connect.php";

$usersName = $_POST['usersname'];
$passWord = $_POST['passsword'];

$result = mysql_query("SELECT * FROM allaccounts");
$num_rows = mysql_num_rows($result);

$username = "";
$password = "";

for ($i = 1; $i <= $num_rows; $i++) {
    $currentname = mysql_query("SELECT * FROM allaccounts WHERE id=$i");

    while ($row = mysql_fetch_array($currentname)) {
        $username = $row[0];
        $password = $row[1];
    }
    if (($username === $usersName) && ($password === $passWord)) {
        echo "We got you";
        break;
    } else {
        echo "nothing";
    }
}
?>
</html>
Chris Forrence
  • 10,042
  • 11
  • 48
  • 64
user6801758
  • 3
  • 1
  • 1
    Redirect to login page or profile page: http://stackoverflow.com/questions/7467330/php-headerlocation-force-url-change-in-address-bar – Naresh Teli Sep 06 '16 at 19:14
  • 1
    Why are you running your query across every DB row then comparing in PHP for a match? `$result = mysql_query("SELECT password FROM allaccounts where username = ?");` You should update your driver so you can use parameterized queries as well; and passwords should be hashed. – chris85 Sep 06 '16 at 19:18
  • 3
    As an aside, there are two _critical_ problems with the code as written. The first is that mysql_* functions are deprecated in PHP 5 and removed in PHP 7; it's highly recommended that you use PDO ([quick tutorial](https://phpdelusions.net/pdo)). Secondly, you seem to be comparing the password in the database to the input password. It looks like you're storing the password in plaintext in the password, and that is absolutely bad security practice. Instead, use the [password_hash](http://stackoverflow.com/questions/30279321/how-to-use-password-hash) function and its related methods. – Chris Forrence Sep 06 '16 at 19:19

2 Answers2

0

use header() function. This will redirect to the page specified. 

if (($username === $usersName) && ($password === $passWord)) {
           header("Location: profile.php");
    } else {
           header("Location: fail.php");
    }

Also - get rid of <html> at the top. It is of no use and means headers are already sent.

Chris Forrence
  • 10,042
  • 11
  • 48
  • 64
Caspar Wylie
  • 2,818
  • 3
  • 18
  • 32
0

You can use ajax call to do the magic. The ajax call can be made using an inline or external script.

This helps you to display the error message in the same window/page by reducing the complexity of loading another page.

It looks something like this...

            // add the code inside a function which should be 
            // invoked on submitting the login details

              $.ajax({

                    type    : "POST",
                    url     : "your_login_check.php",
                    data    : anyVariable,
                    dataType: "HTML",

                    success : function(data){


                        if( data === "We got you"){

                           // Display an error message in a div or simply an alert
                        }

                        else if( data === "nothing"){
                           // Redirect to a specific page

                           window.location = "//Your_another_page.php//";
                        }
              )};
It Assistors
  • 998
  • 2
  • 14
  • 29