WilliamNova Posted May 19, 2013 Share Posted May 19, 2013 (edited) I'm creating a login form that, when log in is clicked, should take you to my home.php page. However, if I put in the correct username and password and click login, it just refreshes the page and does not go to home.php I'm thinking the error could be in any one of these bits of code or form. This is from index.php <?php // Login Script if (isset($_POST["user_login"]) && isset($_POST["password_login"])) { $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $POST["user_login"]); // filter all characters but numbers and letters $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $POST["password_login"]); //filter all characters but numbers and letters $sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the user // check for their existance $userCount = mysql_num_rows($sql); // count the number of rows if ($userCount == 1) { while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"]= $id; $_SESSION["user_login"] = $user_login; $_SESSION["password_login"] = $password_login; header("location: index.php"); exit(); } else { echo 'The username or password is incorrect - Try again.'; exit(); } } ?> <form action="index.php" method="post" name="form1" id="form1"> <input type="text" size="25" name="user_login" placeholder="Username" /><br /> <input type="password" size="25" name="user_password" placeholder="Password" /><br /> <input type="submit" name="button" id="button" value="Login" /> </form> And this, so far, is my entire home.php <?php session_start(); $user = $_SESSION["user_login"]; // If the user is not logged in if (!isset($_SESSION["user_login"])) { header("Location: index.php"); exit(); } else { // If the user is logged in echo "Hello, $user! Welcome to your homepage! <a href=\"logout.php\">Sign out</a> "; } ?> Edited May 19, 2013 by WilliamNova Quote Link to comment Share on other sites More sharing options...
requinix Posted May 19, 2013 Share Posted May 19, 2013 You're missing a couple underscores $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $POST["user_login"]); // filter all characters but numbers and letters $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $POST["password_login"]); //filter all characters but numbers and lettersand you haven't shown the code that comes before so I don't know if you're missing a session_start() too. Quote Link to comment Share on other sites More sharing options...
WilliamNova Posted May 20, 2013 Author Share Posted May 20, 2013 Well, the missing underscores were kinda embarrassing. However, I fixed it and still nothing. Even added session_start(); right above // Login Script and nothing. Quote Link to comment Share on other sites More sharing options...
Eiseth Posted May 20, 2013 Share Posted May 20, 2013 Put session_start() at the top of your index.php then ... // login user if ($userCount == 1) { while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"]= $id; $_SESSION["user_login"] = $user_login; $_SESSION["password_login"] = $password_login; header("location: home.php"); // redirect to home.php instead of index.php } ... Quote Link to comment Share on other sites More sharing options...
WilliamNova Posted May 20, 2013 Author Share Posted May 20, 2013 (edited) I have that in my headerinc file. This is my headerinc.php file <? include ("inc/scripts/mysql_connect.inc.php"); session_start(); // Check whether user is logged in or not $user = $_SESSION["user_login"]; if (!isset($_SESSION["user_login"])) { header("Location: index.php"); exit(); } else { header("location: home.php"); } ?> Edited May 20, 2013 by WilliamNova Quote Link to comment Share on other sites More sharing options...
Eiseth Posted May 20, 2013 Share Posted May 20, 2013 In index.php file, did you try to change your header location to home.php when the user logged in? Change this header("location: index.php"); exit(); to this header("location: home.php"); exit; Quote Link to comment Share on other sites More sharing options...
WilliamNova Posted May 20, 2013 Author Share Posted May 20, 2013 Yes, I changed it to home.php from index.php in my index.php file. I'm still not getting to home.php Quote Link to comment Share on other sites More sharing options...
Eiseth Posted May 20, 2013 Share Posted May 20, 2013 Did you include headerinc.php on your index.php? Are you sure you have session_start() at your index.php? Quote Link to comment Share on other sites More sharing options...
WilliamNova Posted May 21, 2013 Author Share Posted May 21, 2013 headerinc is included on index.php, in fact it's line 1. Unless I typed it out wrong, which I don't think so. <?php include "inc/incfiles/headerinc.php";?> Quote Link to comment Share on other sites More sharing options...
WilliamNova Posted May 21, 2013 Author Share Posted May 21, 2013 I've also just noticed even when I intentionally type the corrent username, but enter an incorrect password, it doesn't tell me, which it should. "The username or password is incorrect - Try again." Quote Link to comment Share on other sites More sharing options...
Solution DaveyK Posted May 21, 2013 Solution Share Posted May 21, 2013 (edited) The issue is very basic, really. <input type="password" size="25" name="user_password" placeholder="Password" /><br /> if (isset($_POST["user_login"]) && isset($_POST["password_login"])) { Find the difference. Some other fundamental notes: 1. The variables you are using are not escaped. Look in mysql_real_escape_string() and prevent mysql injection. 2. You dont have to run a while loop if you only return a single row. 3. Do you really want to store the password in a session? 4. Do you really want to store the password instead of a HASH of the password? 5. You echo something and then you kill the page, without a link. Not a great user experience. 6. I dont know if you are missing it, but make sure you have turned on error_reporting by writing error_reporting(-1); after session_start(). A good way to prevent this in the future is to do something like <?php // Login Script if (isset($_POST["user_login"]) && isset($_POST["password_login"])) { var_dump($_POST); die(); This basically just checks if the variables you enter are correct, without actually doing anything else. Simplify everything as much as possible when debugging, at least you wont be confused. The issue requinix () pointed out was valid too, though. Edited May 21, 2013 by DaveyK Quote Link to comment Share on other sites More sharing options...
WilliamNova Posted May 21, 2013 Author Share Posted May 21, 2013 That fixed it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.