I have an echo after each header redirect. But it does not pop up. So when the user enters an invalid login detail no message pops up. What am I doing wrong?
I tried a JavaScript method as well but did not manage to fix the issue.
Is it something to do with my nested ifs maybe?
<?php
session_start();
#first if
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string( $conn , $_POST['uid'] );
$pwd = mysqli_real_escape_string( $conn , $_POST['pwd'] );
//Error handlers
//Check if this input are empty
#second if
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
}/*second else*/ else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn,$sql);
$resultCheck = mysqli_num_rows($result);
#third if
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
echo "Login error";
exit();
}/*third else*/ else {
#forth if
if ($row = mysqli_fetch_assoc($result)) {
//de-hashing the password
$hashedPwdCheck = password_verify($pwd , $row['user_pwd']);
#fifth if
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
echo "Login error";
exit();
} /*fifth else*/ elseif ($hashedPwdCheck == true) {
//Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
$uid = $_SESSION['u_id'];
header("Location: ../index.php?login=success");
echo "Login error";
exit();
}
}
}
}
}/*first else*/ else {
header("Location: ../index.php?login=error");
echo "Login error";
exit();
}
?>
If you use location headers you can never display messages - the browser ignores the rest of the request and does the redirect immediately, because the HTTP code is changed to 302.
Even if you could show a message, it would not be a good experience for the user, as it would only display for a fraction of a second and then the redirect would happen and the page would be overwritten. You should show the error message on the landing page (index.php?login=error).
Related
i am currently new to php and only know the basics and am trying to develop a website for my project. I am able to create a login system but i can't seem to redirect users to different page based on the role that they have. What i'm trying to do is when they log in, a script will pop showing a message saying 'welcome "user"' and then it redirects them to different pages according to their role.
This is my current code:
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpwd");
exit();
}
elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
$_SESSION['userRole'] = $row['roleUsers'];
}
if ($_SESSION['userRole']==="1") {
header("Location: ../index.php?login=success");
exit();
}
elseif ($_SESSION['userRole']==="0") {
header("Location: ../adminhomepage.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?error=nouser");
exit();
}
for checking true or false, you don't need to use elseif statement
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ( !$pwdCheck ) {
header("Location: ../index.php?error=wrongpwd");
exit();
}
else {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
$_SESSION['userRole'] = $row['roleUsers'];
}
My login page is going to error page after i hit the login button, all of my informations such as Username and Password are correct.
} else {
$sql = "SELECT * FROM users WHERE user_uid='uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = msqli_num_rows($result);
if($resultCheck < 1){
header("Location: ../login.php?login=error");
exit();
} else {
if($row = mysqli_fetch_assoc($result)){
//Dehash pass
$hashedPwdCheck = password_verify($pwd,
$row['user_pwd']);
if($hashedPwdCheck == false){
header("Location: ../login.php?login=error");
exit();
} elseif ($hashedPwdCheck == true){
//Log in
$_SESSION[u_id] = $row['user_id'];
$_SESSION[u_first] = $row['user_first'];
$_SESSION[u_last] = $row['user_last'];
$_SESSION[u_email] = $row['user_email'];
$_SESSION[u_uid] = $row['user_uid'];
header("Location: ../home.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../login.php?login=error");
exit();
}
I think the issue is probably the double else. Pulling from your comment I'm guessing you code looks like this:
if (empty($uid)|| empty($pwd) {
\\ redirect
} else {
\\ login logic
} else {
\\ redirect
}
So what you have is either redirect, or redirect. What you probably want to do is lose the last else so you code is just:
if (empty($uid)|| empty($pwd) {
\\ redirect
} else {
\\ login logic
}
As others have pointed out there's a lot of other errors within your code, but this will at least get you out of your redirect problem.
I want to check a user if they have permission to view the site during the login process via a manual set value in MySQL.
How would I insert that check into this code:
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error handlers
//check if inputs are empty
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//de-hash pass
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
//log in user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
You have pretty much everything done already. But your question not clear enough. Do you want to block the user from login or only allow limited access to certain pages for the user ?
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
if($row['user_can_login']){
//log in user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}else{
header("Location: ../index.php?login=error");
exit();
}
}
This is to block existing user from login.
I need to echo or to show an alert box when the user entered a incorrect user name and password. I used the url for the mean time to show the status if the user entered the incorrect username or the incorrect password.
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string ($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string ($conn, $_POST['pwd']);
//ERROR HANDLERS
//Check for empty fields
if (empty($uid) || empty($pwd)) {
header("Location: ../login.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../login.php?username_not_found");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//De-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../login.php?password_not_match");
exit();
} elseif ($hashedPwdCheck == true) {
//Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../apptableremarks.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
first change this line
header("Location: ../login.php?login=notFound");
then on the top the page in index.php file write this code
if(isset($_GET['login']))
{
echo "user name not found";
}
i think you should pass header variable like this :**
header("Location: ../login.php?user=not_found");
and then you can grab it using $_GET[] variable.
Like this: if(isset($_GET["user"] && $_GET["user"]==="not_fount")) echo "your alert message";
How can I redirect two users according to their roles? I have database user type 1 and type 0. My log-in code is like this. Type 1 is suppose to be an admin and type 0 is a regular user.
<?php
session_start();
if(isset($_POST['submit'])){
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
if (empty($uid) || empty($pwd)){
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)){
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if($hashedPwdCheck == false){
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../main.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
you can do this easily by if()..else... but at all don't use directly header to redirect, I suggest you use this function to redirect:
function redirect($url){
if (headers_sent()){
die('<script type="text/javascript">window.location.href=\'' . $url . '\';</script>');
}else{
header('Location: ' . $url);
die();
}
}
this is what you need to do:
if($type == 1)
redirect($admin_url);
else
redirect($user_url);