0

I am having an issue having the page redirect to MyJournal.php. I hope that you guys can understand what the issue is because I am hitting a stump. Thanks in advance! 

<?php
session_start();
//Connect to Database
include('mysqli.php');
//If Login Button is pressed, check credentials
if (isset($_POST['btnLogin']))
{
$email = mysqli_real_escape_string($connect,$_POST['email']);
$password = mysqli_real_escape_string($connect,$_POST['password']);

//$sql = 'SELECT * FROM User WHERE Email='.'$email';
$sql = "SELECT * FROM User WHERE Email = '$email' and Password = '$password'";
$result = mysqli_query($connect,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);

      // If result matched $myusername and $mypassword, table row must be 1 row
      if($count == 1)
      {
         $_SESSION['login_user'] = $email;
         //echo 'reached redirect';
         header("Location: MyJournal.php");
         exit();

      }
      else {
          echo '<div class="alert alert-danger fade in">
        <a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
        <strong>Error!</strong> Invalid Username and Password Combination.
        </div>';
      }
    mysqli_close($connect);
?>
numinousx
  • 1
  • 4
    **Never store plain text passwords!** Please use [PHP's built-in functions](http://php.net/manual/en/function.password-hash.php) to handle password security. If you're using a PHP version less than 5.5 you can use the password_hash() **[compatibility pack](https://github.com/ircmaxell/password_compat)**. Make sure you **[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)** or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. – John Conde Mar 20 '17 at 17:24
  • Maybe the other php page have a redirect that sends u to this page? Or u can add ob_start() at the top of ur code – Masivuye Cokile Mar 20 '17 at 17:26
  • Check the value of $count, it should be exactly 1 – Omi Mar 20 '17 at 17:27
  • This line is searching for the strings $email and $password instead of what the variable represent. $sql = "SELECT * FROM User WHERE Email = '$email' and Password = '$password'"; Try: $sql = "SELECT * FROM User WHERE Email = '" . $email . "' and Password = '" . $password . "'"; This is still not the ideal way but should work. – FD3 Mar 20 '17 at 17:35
  • question's unclear and if those POST arrays contain value and the platform this is running under; windows/linux - filenames are case-sensitive on a \*NIX system. – Funk Forty Niner Mar 20 '17 at 17:37
  • @FrankDennis what difference could `$sql = "SELECT * FROM User WHERE Email = '" . $email . "' and Password = '" . $password . "'";` possibly make? they both do the same thing. `'$pohtaytoe'` - `'".$pohtahtoe."'` – Funk Forty Niner Mar 20 '17 at 17:38
  • @johnConde I know that. However this is just a simple question to figure out the redirect issue. – numinousx Mar 20 '17 at 17:39
  • That doesn't matter. Bad coding practices will always be called out here as we will not facilitate security breaches and the lives that are ruined as a result of them. – John Conde Mar 20 '17 at 17:41

0 Answers0