-1

I am working on a project and i want to make a local webpage. It is in PHP made this site. But i have some problems. After you entered you email and password in the login section, the code has to redirect to the main page of the site but it doesn't do that. I mention that each page of the site is organized in a folder. For example, these are some of the folders: Main, Login, Register, etc. I put the code down below to see what is the problem with the redirect function.

Mineral-World/Main/Main.php

<html>
    <link rel="stylesheet" href="designMain.css">
    <head>
        
        <link rel="icon" href="/Mineral-World/Main/More/icon.png" >
        <title>Mineral-World</title>

    </head>

    <body>
    
    <div class="topnav">
        <a href="/Mineral-World/Main/Main.php">Home</a>
        <a href="/Mineral-World/Buy/Buy.php">Buy</a>
        <a href="/Mineral-World/Sell/Sell.php">Sell</a>
        <a href="/Mineral-World/Information/Information.php">Information about minerals</a>
        <a style="margin-left:750px;" href="/Mineral-World/Register/Register.php">Register</a>
        <a href="/Mineral-World/Login/Login.php">Login</a>
    </div>

    

    <div class="stylename"> Welcome </div>

    <div class="stylename3" >
        <div class="card1" style="margin-left: 20px;float:left;">
            <div class="stylename1" style="margin-left: 50px;"> What is Mineral-World?</div>
            <div class="stylename2" style="margin-left:15px;"> We are an online market and here you can buy or sell minerals. You will find the best offers!</div>
        </div>
        <div class="card1" style="float:right;">
            <div class="stylename1" style="margin-left: 50px;"> Are any taxes to be paid?</div>
            <div class="stylename2" style="margin-left:15px;"> You can sell or buy minerals without any cost, including the registering process.</div>
        </div>
    </div>

    </body>

</html>

Mineral-World/Login/sessionLogin.php

<?php

    include("ConnectBD_Login.php");
    session_start();
    if(isset($_POST['email'])&&isset($_POST['password']))
    {
        $email=$_POST['email'];
        $pass=md5($_POST['password']);
        $sel="select user from users where email='$email' and pass='$pass'";
        $que=mysql_query($sel);
        if(mysql_num_rows($que)==1)
        {
            $rez=mysql_fetch_row($que);
            $_SESSION['user']=$rez[0];
            header("Location: D:\EasyPHP-5.3.8.1\www\Mineral-World\Main\Main.php");
            exit();
        }
        else{
            $_SESSION['neconect']="Email or password is incorrect!";
            header();
            exit();
        }
    }else {
        $_SESSION['neconect']="Email or password is incorrect!";
        header();
        exit();
    }
    mysql_close();
?>
Mihai Daian
  • 33
  • 3
  • 3
    The header MUST be to a URL and not a file on your local drive. You also have 2 calls to `header()` with no parameters. – Nigel Ren Apr 25 '21 at 08:42
  • 1
    If you're only starting to learn PHP, I strongly advise you to use an up-to-date version. You're using a version of PHP that has stopped receiving even security updates years ago. – El_Vanja Apr 25 '21 at 08:57
  • 1
    **Warning:** `mysql_*` extension is deprecated as of PHP 5.5.0, and has been removed as of PHP 7.0.0. Instead, either the [mysqli](https://www.php.net/manual/en/book.mysqli.php) or [PDO_MySQL](https://www.php.net/manual/en/book.pdo.php) extension should be used. See also the [MySQL API Overview](https://www.php.net/manual/en/mysqlinfo.api.choosing.php) for further help while choosing a MySQL API. – Dharman Apr 25 '21 at 08:57
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Apr 25 '21 at 08:57
  • 1
    **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Apr 25 '21 at 08:58
  • 1
    When something goes wrong, PHP will try to tell you. So whenever your script isn't behaving the way you expect it to behave, you should first look inside your server's PHP error log. Alternatively, you could [have PHP display the errors](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) while you're developing. – El_Vanja Apr 25 '21 at 08:59
  • I have just started learning at school php and at the same time, i am trying to do this project with what i learned. My teacher gave us the easyphp app with this version and that is why i am using this version. – Mihai Daian Apr 25 '21 at 15:10

1 Answers1

0

Your header location must be an url and not the path to a file, try this:

header("Location: ../../Main/Main.php");
MrFthiz
  • 111
  • 8