0

When I am working on my local server it doesn't raise any issues but online it somehow doesn't redirect the user after login,

I am a beginner and searched for any possible reason for it not to be working, and probably someone has already answered this in a correct manner...

login.php

<?php
  require_once 'header.php';


  $error = $user = $pass = "";

  if (isset($_POST['user']))
 {
   $user = sanitizeString($_POST['user']);
   $pass = sanitizeString($_POST['pass']);

     if ($user == "" || $pass == "")
     $error = "<span class='melding'>Iets vergeten?</span><br>";
     else
   {
    $result = queryMySQL("SELECT user,pass FROM members
    WHERE user='$user' AND pass='$pass'");

  if ($result->num_rows == 0)
  {
    $error = "<span class='melding'>Gebruikersnaam/Wachtwoord
              is niet correct.</span><br><br>";
  }
     else
     {
       $_SESSION['user'] = $user;
       $_SESSION['pass'] = $pass;

        header ('Location: /index.php');

      }
   }
  }

and as for the header.php

<?php
session_start();

  echo "<!DOCTYPE html><html><head>";


 require_once 'functions.php';


 if (isset($_SESSION['user']))
{
 $user     = $_SESSION['user'];

$loggedin = TRUE;
$userstr  = " ($user)";
 }
else $loggedin = FALSE;

 echo "<title>$appname</title><link rel='stylesheet' " .
   "href='css/styles.css' type='text/css'>"  .
   "<link rel='shortcut icon' type='image/png' href='img/favicon.png' 
sizes='110x100'>"  .

   "<link href='photouploadjquery/fileinput.css' media='all' 
rel='stylesheet' type='text/css' />"      .
   "<script 
src='http://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js'>
</script>"     .
   "<script src='photouploadjquery/fileinput.js' type='text/javascript'>
</script>"    .
   "<script 
src='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js' 
type='text/javascript'></script>"    .

     "<script src='javascript.js'></script>" .

     "</head><body>"      ;




if ($loggedin)
{
echo  showUserSmall($user);
 }

  else
{
    echo

    file_get_contents ("includes/header.php" );


}

Thanks for any suggestions and help in advance,

NewInThisWorld
  • 13
  • 7
  • It is not redirecting means.. any error you see on page.. check view source if nothing is visible on page – Suresh Kamrushi Jun 30 '17 at 09:05
  • Step 1: Enable proper PHP error reporting, so that PHP can tell you what is wrong. – CBroe Jun 30 '17 at 09:06
  • When you do redirect with PHP, no any previous output (echo, print) can be executed. – unalignedmemoryaccess Jun 30 '17 at 09:07
  • what does `queryMySQL()` do underneath? The way you're concatenating those strings together is almost certainly vulnerable to SQL Injection attacks, unless that function can somehow work out which bits were the parameters and generate a correctly parameterised query to send to the database. As it stands, it looks like your code is horribly vulnerable to hacking. – ADyson Jun 30 '17 at 09:09
  • When you get problems in PHP, please first look at your `php error log` – RiggsFolly Jun 30 '17 at 09:13

1 Answers1

3

apart from the "vergeten in te vullen" messages, you start already outputting a lot of html in header.php.

you should not do that, as it forces your server to send the header (contenttype=html etc) to the browser.

a headers-already sent error is eminent

So move the include line to the last line of login.php

Session_start() may have to go to login.php Or better differ between a header.php file for php and a header.php for starting a html-page.

-- you may be suppressing the actual error message, but here: How to fix "Headers already sent" error in PHP it is explained.

After sending a "content-type header" it is no longer possible to send an other header. Redirecting the browser to any page IS a header so there you go..

Ivo P
  • 1,722
  • 1
  • 7
  • 18