0


I started PHP recently and I was wondering :
I have a php file which only contains a function called sqlConnect(); which checks that the user isn't yet logged into the MySQL DB, and if so, redirects the user to an html page which is a form for the user to enter the username and password for the DB.
After the user has submitted the form, I want to get back to the point where I left (in the function).
One thing you should know too is that the $_SESSION is started in another file which calls this function.
Here's what I tried, yet it didn't work :
connect.php : 

<?php
  function sqlConnect() {
    $_SESSION['CurrentPage'] = "/php/sql/connect.php";
    if(!array_key_exists('mysql_username', $_SESSION) && !array_key_exists('mysql_passwd', $_SESSION)) {
      echo "<script>window.location='/forms/sql_login.php';</script>";
    }
    $servername = "localhost";
    $username   = $_SESSION['mysql_username'];
    $passwd     = $_SESSION['mysql_passwd'];
    $db_name    = "ToolDB";
    // create connection
    $sql_connection = new mysqli($servername, $username, $passwd, $db_name);
    // check that it was established
    if($sql_connection->connect_error) {
      $msg = $sql_connection->connect_error;
      echo "<script>alert('Impossible de se connecter à la base de données MySQL : $msg.');</script>";
      return NULL;
    }
    else {
      $_SESSION['mysql_username'] = $username;
      $_SESSION['mysql_passwd']   = $passwd;
      return $sql_connection;
    }
  }
?>

sql_connection.php : 

<?php session_start(); $url = $_SESSION['CurrentPage']; ?>
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8" />
    <title>Sound Department - Program Making Tool (form)</title>
    <link rel="stylesheet" type="text/css" href="/style/style.css" />
  </head>
  <body>
    <header>
      <nav>
        <h2 style="margin-left: 10px; font-family: sans-serif;">Sound Department - Program Making Tool (MySQL Login Page)</h2>
      </nav>
    </header>
    <div class="bodyElement">
        <form action="<?php echo $url ?>" method="post">
            <p>Nom d'utilisateur : <input type="text" name="mysql_username" /></p>
            <p>Mot de passe : <input type="password" name="mysql_passwd"/></p>
            <p><input type="submit" name="submit" value="Submit" /></p>
        </form>
    </div>
  </body>
</html>


Does anybody know how to achieve that ?
PS : I know I shouldn't store the password in plain text, but the site is running on my local network for now and I thought I was just gonna modify my code to store the password in a more convenient way later.

Rody Gosset
  • 13
  • 5
  • 1
    **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 16 '17 at 18:22

2 Answers2

1
ob_end_clean();
header("Location: example.com");
exit();

Put this at the end where you want the user to be redirected. Header() doesn't let you redirect after an output is given, but ob_end_clean() allows you to redirect after an output.

Carter
  • 131
  • 7
0

You can use the header() function to redirect clients to another page.

<?php
    header('Location: <your page>');
    exit;
?>
Hapstyx
  • 127
  • 7