Using php to validate an html form and navigate appropriately

[RPhilbin83]

Hi all,

Right now I have a "log in" page that displays a simple form.  This form has two text boxes for input ("user name" and "password"), as well as a "submit" button. 

My desired functionality is that once the user enters their username and password into the appropriate fields and clicks "submit", some php code will connect to my mysql database (which has a table full of user names and passwords), to validate the user input.  If the information the user entered is found in the database, they would be re-directed to another page.  If not, they would be stuck at this "log in" page. 

I'm sure this is a silly, or common question, but does anybody know how I might be able to do this? 

Thanks very much,
Phil

[Ch0cu3r]

Have the form submit to itself and then only redirect (using header) when you have confirmed the username/password matches.

Edited January 22, 2014 by Ch0cu3r

[RPhilbin83]

I've actually tried just that.  Within my html code, I have a section of php that will connect to the database and do the validation correctly.  The if/else I have within it is as follows:

 

$array_check = mysqli_fetch_array( mysqli_query($connection, "SELECT * FROM [TABLE] WHERE user_name = '" . $u_name . "'");

 

if(empty($array_check))

{ echo "sorry.  name not found.";}

else

{ header( "Location: next.html" ); }

 

 

Below this, is the html form.  What ends up happening here is, navigating to the page with the form actually shows the "sorry.  name not found." error before I even click the "submit" button.  Then, once I enter a valid user name and password, the user name goes away, and the page just refreshes, instead of going to "next.html". 

 

To me, this means that the database connection is good, the if/else is working correctly, the correct data can be found, but I'm doing something wrong with php that's doing two things incorrectly:

 

1.) Showing the error of incorrect user entry before I even click "submit"

2.) Not navigating to the correct page once the correct user input IS entered.

 

What could I be doing wrong?

 

Thanks again,

Phil

[Ch0cu3r]

 

1.) Showing the error of incorrect user entry before I even click "submit"

You only want to run the login code when a POST request has been made, example

<?php
if(isset($_POST['submit'))
{
   // perform login
}
?>

// display login for
<form action="" method="post">
...
<input type="submit" name="submit" value="Login" />
</form>

 

2.) Not navigating to the correct page once the correct user input IS entered.

Make sure you do not have any output before you use header(). 

Edited January 22, 2014 by Ch0cu3r

[RPhilbin83]

Thank you for your feedback.  

 

As for #1, I'm going to look into putting that connection code into a $_POST request.  

 

When it comes to #2, what exactly do you mean by "output"?  this php code is buried in an html page that shows a form, so if by "output" you mean anything that displays in HTML, then I have tons of it before this "header" line.  If "output" means my echo that I make within the if/else block, then no - the first time there is an echo is in the if block (where the statement essentially tells the user their input is invalid).

[Ch0cu3r]

 

When it comes to #2, what exactly do you mean by "output"?

Output is anything (whitespace, text etc) that is outside of the <?php ?> tags, and what you echo out.

 

You should process any input before you start to output anything, So move your PHP code before your html.

Edited January 22, 2014 by Ch0cu3r

[RPhilbin83]

Thanks very much.  That did the trick.