I cannot seem to login and redirect with my code! I have tried for a while now but I cannot see to find the mistake as I am sure I have used this code before.
Please could you help me with telling me where I went wrong?
index.php:
<?php
//includes login script
include( 'login.php' );
?>
<!doctype html>
<html>
<head>
<title>Home Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="css/template.css" rel="stylesheet" type="text/css">
<script src="respond.min.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
</head>
<body>
<div id="login">
<h2>- Login -</h2>
<hr/>
<form action="" method="post">
<label>UserName :</label>
<input type="text" name="username" id="name" placeholder="username"/><br /><br />
<label>Password :</label>
<input type="password" name="password" id="password" placeholder="**********"/><br><br>
<br><br>
<input type="submit" value=" Login " name="submit"/><br />
<span><?php echo $error; ?></span>
</form>
</div>
</body>
</html>
Login.php
<?php
//starting session
session_start();
//variable to store error message
$error='';
if ( isset( $_POST[ 'submit' ] ) )
{
if ( empty( $_POST[ 'username' ] ) || empty( $_POST[ 'password' ] ) )
{
$error = "Information is invalid";
} else {
// Define $username and $password
$username = $_POST[ 'username' ];
$password = $_POST[ 'password' ];
// To protect MySQL injection for Security purpose
$username = stripslashes( $username );
$password = stripslashes( $password );
$username = mysql_escape_string( $username );
$password = mysql_escape_string( $password );
//encrypt the password
$password = md5 ( $password );
//Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect( "localhost", "user", "pass");
//Selecting Database
$db = mysql_select_db( "database", $connection );
//SQL query to fetch information of registerd users and finds user match.
$query = mysql_query( "SELECT * FROM users2 WHERE password='$password' AND username='$username'", $connection );
//perform query
$num_rows = mysql_num_rows($query);
if ($num_rows > 0) {
header("location: profile.php"); // Redirecting To Other Page
}
else{
$error = "nope";
}
//if ($rows == 1) {
// $_SESSION['username']=$username; // Initializing Session
//} else {
//}
//Closing Connection
mysql_close( $connection );
}
}
?>