Jump to content

Form isn't redirecting


Go to solution Solved by DaveyK,

Recommended Posts

I'm creating a login form that, when log in is clicked, should take you to my home.php page. However, if I put in the correct username and password and click login, it just refreshes the page and does not go to home.php

 

I'm thinking the error could be in any one of these bits of code or form.

 

This is from index.php

<?php
// Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
	$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $POST["user_login"]); // filter all characters but numbers and letters
	$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $POST["password_login"]); //filter all characters but numbers and letters
	$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login' LIMIT 1"); // query the user
	// check for their existance
	$userCount = mysql_num_rows($sql); // count the number of rows
	if ($userCount == 1) {
		while($row = mysql_fetch_array($sql)){
			$id = $row["id"];
	}
	$_SESSION["id"]= $id;
		$_SESSION["user_login"] = $user_login;
		$_SESSION["password_login"] = $password_login;
		header("location: index.php");
		exit();
		} else {
		echo 'The username or password is incorrect - Try again.';
		exit();
	}
}
?>
		<form action="index.php" method="post" name="form1" id="form1">
			<input type="text" size="25" name="user_login" placeholder="Username" /><br />
			<input type="password" size="25" name="user_password" placeholder="Password" /><br />
			<input type="submit" name="button" id="button" value="Login" />
		</form>

And this, so far, is my entire home.php

<?php
session_start();
$user = $_SESSION["user_login"];
// If the user is not logged in
if (!isset($_SESSION["user_login"])) {
	header("Location: index.php");
	exit();
}
else
{
// If the user is logged in
echo "Hello, $user! Welcome to your homepage!
<a href=\"logout.php\">Sign out</a>
";
}
?>
Edited by WilliamNova
Link to comment
https://forums.phpfreaks.com/topic/278162-form-isnt-redirecting/
Share on other sites

You're missing a couple underscores

$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $POST["user_login"]); // filter all characters but numbers and letters
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $POST["password_login"]); //filter all characters but numbers and letters
and you haven't shown the code that comes before so I don't know if you're missing a session_start() too.

Put session_start() at the top of your index.php

 

then 

...

// login user
if ($userCount == 1) {
    while($row = mysql_fetch_array($sql)){
        $id = $row["id"];
    }

    $_SESSION["id"]= $id;
    $_SESSION["user_login"] = $user_login;
    $_SESSION["password_login"] = $password_login;
    header("location: home.php"); // redirect to home.php instead of index.php
}

...

I have that in my headerinc file.

 

This is my headerinc.php file

<?
include ("inc/scripts/mysql_connect.inc.php");
session_start();
// Check whether user is logged in or not
$user = $_SESSION["user_login"];
if (!isset($_SESSION["user_login"])) {
	header("Location: index.php");
	exit();
}
else
{
header("location: home.php");
}
?>
Edited by WilliamNova
  • Solution

The issue is very basic, really.

<input type="password" size="25" name="user_password" placeholder="Password" /><br />
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {

Find the difference.

 

Some other fundamental notes:

 

1. The variables you are using are not escaped. Look in mysql_real_escape_string() and prevent mysql injection.

2. You dont have to run a while loop if you only return a single row.

3. Do you really want to store the password in a session?

4. Do you really want to store the password instead of a HASH of the password?

5. You echo something and then you kill the page, without a link. Not a great user experience.

6. I dont know if you are missing it, but make sure you have turned on error_reporting by writing

error_reporting(-1);

after session_start().

 

A good way to prevent this in the future is to do something like

<?php
// Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
  var_dump($_POST);
    die();

This basically just checks if the variables you enter are correct, without actually doing anything else. Simplify everything as much as possible when debugging, at least you wont be confused. The issue requinix (:D) pointed out was valid too, though.

Edited by DaveyK
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.