Change text upon redirect from certain page...?

Question

As the title suggests I am trying to use the same .php page and have it display something new upon being redirected from a particular location.

In context... I have a login which upon successful login redirects to a home page but if unsuccessful, redirects to the index. Is there a way that I can tell my index page to display an "Error logging in" message when it has been redirected from my login page?

Here is my login code...

<?php
session_start();
include('conn.php');

$query = "SELECT * FROM User";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));

if (isset($_POST["submit"])) {

    $logEmail = $conn->real_escape_string($_POST['logEmail']);
    $logPass = $conn->real_escape_string($_POST['logPass']);

    $checkuser = "SELECT * FROM User WHERE Email='$logEmail' AND UserPassword=AES_ENCRYPT('$logPass', 'MyKey')";
    $userresult = mysqli_query($conn, $checkuser) or die(mysqli_error($conn));
    $loginsucc = (mysqli_num_rows($userresult) > 0);
    if (mysqli_num_rows($userresult) > 0) {

        while ($row = mysqli_fetch_assoc($userresult)) {

            $userPriKey = $row['UserID'];
            $userid = $row['Email'];
            $accounttype = $row['IsAdmin'];
            $firstname = $row['FirstName'];
            $surname = $row['LastName'];

            $_SESSION['userPriKey'] = $userPriKey;
            $_SESSION['name'] = $firstname;
            $_SESSION['surname'] = $surname;
            $_SESSION['Email'] = $userid;
            $_SESSION['IsAdmin'] = $accounttype;

            if($accounttype == '1'){
                header("Location: home.php");
            }else if ($accounttype == '0'||$accounttype == NULL ) {
                header("Location: userhome.php");
            }
        }
    } else {
        header("Location: index.php");
    }
}

?>

**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Apr 07 '20 at 21:00
It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) — Dharman, Apr 07 '20 at 21:01

score 1 · Accepted Answer · answered Apr 07 '20 at 12:28

Before you call header() set a session variable like so

$_SESSION['msg'] = 'success you are logged in';
header('Location: page.php');
exit;

Then in page.php,

session_start();
if (isset($_SESSION['msg'])) {
    echo $_SESSION['msg'];
    unset($_SESSION['msg']);
}

Also FYI, you should be using prepared statements. Your code is not totally safe

Change text upon redirect from certain page...?

1 Answers1