getting data from a log in form checked,redirects into white page if i press refresh it goes to the pages it has to direct to

Question

I am getting some information from the login page form.

When I press submit, it goes to a check-login.php page where there it checks from the database if the credentials are correct or wrong.
Then it redirects to a track page.

My problem is that when I press submit on the log in page with the correct credentials.
It redirects to a white page.
And then, if I press refresh, it redirects to the correct page.

<div>
  <h1>Login Form</h1>
  <form action="check-login.php">
    <input type="text" name="user" placeholder="user">
    <input type="password" name="password" placeholder="password">
    <input type="submit" value="log in">
  </form>
</div>

This is the check-login php page

<?php
session_start();
$user=$_GET['user'];
$pass=$_GET['password'];
include("dblogin.php");
$sql="SELECT * FROM login";
$result=mysql_query($sql);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
    if($user==$row["username"] && $pass==$row["password"]){
        $_SESSION["userid"]=$row["id"];
        header ("Location: tracks.php");
  }
}
if ($_SESSION["userid"]==""){
  header ('Location: login.html?message=Wrong Username or Password');
}
?>

Check for an "error_log" file on your server, usually in the same directory where the error source is. — Louys Patrice Bessette, Mar 28 '17 at 18:12
Take a look at this answer to see if any of these help http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php — imtheman, Mar 28 '17 at 18:13
I don't think it is an "header already sent" problem, if we have the exact and complete `check-login.php` here... — Louys Patrice Bessette, Mar 28 '17 at 18:14
And you SHOULD change the deprecated because unsecure `mysql_query()` to `mysqli_query()` or prepared statements (PDO). — Louys Patrice Bessette, Mar 28 '17 at 18:16

Егор Банин · Answer 1 · 2017-03-28T18:22:59.730

0

Try the following code to make a redirect:

http_response_code(302); // send redirect code
header('Location: /tracks.php'); // send Location header
exit(0); // don't send anything else

edited Mar 28 '17 at 18:22

answered Mar 28 '17 at 18:17

Егор Банин

101
2

if i put the correct credentials its white screen and if i refresh it goes to tracks php.the problem is there – Achilleas Mar 28 '17 at 18:32

score 0 · Answer 2 · edited Mar 28 '17 at 18:30

0

Try this,

If (!isset($_SESSION['userid'])
{
echo "script type='text/javascript'>window.location.href='login.html?message=Wrong Username or Password'/script";
}

There can be issue due to header function as sometime it doesn't work on some servers.

Note: complete script tag as I'm not able to add code from phone and script tags getting parsed.

edited Mar 28 '17 at 18:30

Louys Patrice Bessette

33,375
6
36
64

answered Mar 28 '17 at 18:27

Sonal Khunt

1,876
12
20

if i put the correct credentials its white screen and if i refresh it goes to tracks php.the problem is there – Achilleas Mar 28 '17 at 18:32
Ok I have just concentrated on your redirection but whole code snippet need to update. – Sonal Khunt Mar 28 '17 at 18:39

Louys Patrice Bessette · Answer 3 · 2017-03-28T20:30:57.430

0

I'm not sure this is the issue...
But even if it is not the fix, it can't be a bad thing to do.

Change your form tag like this:

<form action="check-login.php" method="post">

Then in you PHP change it to $_POST variables like this:

$user=$_POST['user'];
$pass=$_POST['password'];

And I strongly suggest again to ugrade your code from mysql to mysqli or prepared statements. There is plenty answers on SO about this.

EDIT
Previous changes I suggested are good.
But wasn't the issue.

An old memory came to me, as I already had a similar problem in the past.

The issue is that your $_SESSION["userid"]=$row["id"]; doesn't have the time to be written before the tracks.php gets accessed.

So do it like this:

while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
    if($user==$row["username"] && $pass==$row["password"]){
        //$_SESSION["userid"]=$row["id"];
        header ("Location: tracks.php?id=" . $row["id"]);
  }
}

And in your tracks.php, set it to session.

$_SESSION["userid"]=$_REQUEST["id"];

$_REQUEST will catch $_POST and $_GET.

EDIT: Switch to mysqli

Try this... Even if it is not the fix we're after, it will be a good thing done.
You should apply this modification to all your PHP files.

I know mysql_query has security issues (but not exactly what)... And there may be performance issues too. So it's a good improvement to have at this point.
We'll then be sure the problem source isn't due to this.

<?php
session_start();
$user=$_REQUEST['user'];
$pass=$_REQUEST['password'];
//include("dblogin.php");


$conn = mysqli_connect("localhost","my_user","my_password","my_db");
if (mysqli_connect_error()) {
  echo "<p>Connection failed:".mysqli_connect_error()."</p>\n";
}

$sql="SELECT * FROM login";
$result = mysqli_query($conn, $sql) or die(mysqli_error($conn));

$idFound=false;

while ($row = mysqli_fetch_array($result)) {
    if($user==$row["username"] && $pass==$row["password"]){
        //$_SESSION["userid"]=$row["id"];
        $idFound=true;
        $idFoundis = $row["id"];
        break;
  }
}
if ($idFound){
  header ("Location: tracks.php?id=" . $idFoundis);
}else{
  header ('Location: login.html?message=Wrong Username or Password');
}
?>

edited Mar 28 '17 at 20:30

answered Mar 28 '17 at 18:52

Louys Patrice Bessette

33,375
6
36
64

okay... mmm Try adding `break;` after this line `header ("Location: tracks.php");`... Maybe... – Louys Patrice Bessette Mar 28 '17 at 19:03
Okay... Something else came to my mind... Let me edit. – Louys Patrice Bessette Mar 28 '17 at 19:06
Done... Try it ;) – Louys Patrice Bessette Mar 28 '17 at 19:11
is there a way like to make the link execute by itself because if i press login button the url is http://localhost:8080/check-login.php?user=root&password=root.if i press refresh then it redirects – Achilleas Mar 28 '17 at 19:12
That is why I suggest to use `post`... To hide it from user view in the address bar... Have a look at my edit, I think I got your issue this time. – Louys Patrice Bessette Mar 28 '17 at 19:13
changed it put post white page again if i refresh it doesnt redirect it gives this error code – Achilleas Mar 28 '17 at 19:26
Notice: Undefined index: user in C:\Users\Xaimer\Desktop\Interactive\USBWebserver v8.6\root\check-login.php on line 3 Notice: Undefined index: password in C:\Users\Xaimer\Desktop\Interactive\USBWebserver v8.6\root\check-login.php on line 4 – Achilleas Mar 28 '17 at 19:26
line 3 and 4 is $user=$_GET['user']; $pass=$_GET['password']; – Achilleas Mar 28 '17 at 19:27
Change lines 3 and 4 to `$_REQUEST` (it takes `$_POST` and `$_GET`, so you won't have to bother to change it again.) – Louys Patrice Bessette Mar 28 '17 at 19:29
still same thing but without the errors that i sent you.white page if i press refresh it goes to the tracks.php page – Achilleas Mar 28 '17 at 19:45
it is like i need to refresh to execute check-login – Achilleas Mar 28 '17 at 19:46
Do you pass the `id` to 'track.php' as I suggest? – Louys Patrice Bessette Mar 28 '17 at 19:55
yeap this is the first think i do in tracks alert("Please Login");'; } ?> – Achilleas Mar 28 '17 at 19:59
Seems to be working... About the id beeing passed. So I don't know. That is strange. What about to upgrade from `mysql_query` to `mysqli_query`... To see if it improves the thing ? I will write it for you hold on. – Louys Patrice Bessette Mar 28 '17 at 20:07
it improves the code but it doesnt fix my problem.Thanks anyway – Achilleas Mar 28 '17 at 20:29
I does the same thing? I just made another edit to have the `header` out of the loop. – Louys Patrice Bessette Mar 28 '17 at 20:31
yeap white page i have to press refresh to redirect to the correct page .This is the link i get http://localhost:8080/check-login.php?user=root&password=root.Its like it doesn't excecute as i press submit.i have to refresh . – Achilleas Mar 28 '17 at 20:36
mmm... And what about to `include` the `tracks.php` instead of redirecting? Since, `check-login.php` outputs nothing... It may be a fix! – Louys Patrice Bessette Mar 28 '17 at 20:41
tracks is an another page doing other staff but i will try – Achilleas Mar 28 '17 at 20:45
In fact, I would include `check-login.php` into `tracks.php`, so it would be executed each time if no user id in session... And may be simplier to implement. ;) Just add a conditionnal `if(!isset($_SESSION['userid'])){ include('check-login.php'); }` And it would be faster for the end user. ;) – Louys Patrice Bessette Mar 28 '17 at 20:49
check-login is like itchecks the cretentials if there correct.track.php is a list of offers and 2 urls that quide you to other pages..i dont think that put it them together will to the work.also i am using jquery that may affect the whole thing – Achilleas Mar 28 '17 at 22:48
jQuery runs on client-side... And your PHP is server-side. There is not supposed to have interference since they don't execute at the same time. – Louys Patrice Bessette Mar 28 '17 at 22:59

getting data from a log in form checked,redirects into white page if i press refresh it goes to the pages it has to direct to

3 Answers3