Header PHP wrong redirection

Question

I'm trying to do a login page. This file (login.php) is inside a folder, the other pages where this one should redirect are in the parent folder. If i open directly the file login.php the redirection works. On the website the redirection page is opened but the path is still http://mywebsite.com/login.php and i can't move anymore from there.

<?php

include("dbconnection");

 $email = mysql_real_escape_string($_POST['email']);
 $password = mysql_real_escape_string($_POST['password']);

 $ris_news= mysql_query("SELECT * FROM user,contact_info WHERE contact_info.data = '$email' AND user.password = '$password'");


    if (mysql_num_rows($ris_news) == 1) {
    // Set username session variable
    $_SESSION['email'] = $email;

    // Jump to secured page
     header('Location: ../logsucc.html');
    }
    else {
    // Jump to login page
    header('Location: ../logwr.html');
    }
    mysqli_close($db);
    ?>

you're mixing apis here and we don't know what the connection api is neither. — Funk Forty Niner, Jan 18 '18 at 17:51
and lord only knows if that session array has value. This is unsafe btw. You're asking for trouble with that code if you plan on taking this live. — Funk Forty Niner, Jan 18 '18 at 17:51
mysql_* functions are deprecated as of PHP 5.5.0, and removed as of PHP 7.0.0. Switch your code to use [PDO](https://secure.php.net/manual/en/pdo.prepared-statements.php) or [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. — aynber, Jan 18 '18 at 17:53
**Never** store plain text passwords. Instead use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php). If you're using a version of PHP prior to 5.5, do **not** use MD5 or SHA1 to hash passwords. Instead you can use [this compatibility pack](https://github.com/ircmaxell/password_compat). — Alex Howansky, Jan 18 '18 at 17:56
Don't rely on the `real_escape_string()` functions to prevent SQL injection, [they alone are not sufficient](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string). You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) driver. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Jan 18 '18 at 17:56
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/master/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text**. — tadman, Jan 18 '18 at 18:10
Everything about this `login.php` file is dangerously wrong. I hope you have time to re-evaluate how to do this as there's a lot of mistakes being made here that can have steep consequences. — tadman, Jan 18 '18 at 18:10

Header PHP wrong redirection

0 Answers0