I want to create login page for admin and worker, and each of them will have different content table in their page once they logged in.
I've installed insert php plugin to write code in page directly.
I am using session for login and I want to use record set to create custom table in each page.
I created a code in dreamweaver then post it in page text.
I have created this code but it didn't work as php and didn't logged in and shows code in the page.
[insert_php]
error_reporting(E_ALL);
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
} else {
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "lujcarwa", "lcarwash2015");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = mysqli_real_escape_string($password);
// Selecting Database
$db = mysqli_select_db("login", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query("select * from login where password='$password' AND username='$username'", $connection);
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection); // Closing Connection
}
}
error_reporting(E_ALL ^ E_DEPRECATED);
include('login.php'); // Includes Login Script
if(isset($_SESSION['login'])){
header("location: profile.php");
}
error_reporting(E_ALL ^ E_DEPRECATED);
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "lujcarwa_washer", "dj0P7]w4S]");
// Selecting Database
$db = mysqli_select_db("lujcarwa_washer", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysqli_query("select username from login where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
[insert_php/]
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div id="main">
<h1> Login </h1>
<div id="login">
<form action="" method="post">
<p>
<label>UserName :</label>
</p>
<p>
<br />
<input id="name" name="username" placeholder="username" type="text">
<br />
<label>
<br>Password</label>
<br />
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
</p>
</form>
</div>
</div>
</body>
I'm not known with the [insert_php] plugin but it looks like it's a issue with not closing you [insert_php] tag like this [/insert_php] at the end of your php.
Edit:
You are closing it like:
[insert_php/] //While it should be: [/insert_php]
Hope this helps you out.
Edit:
I just took a look at the plugin description and saw this in the FAQ:
Why can't I set cookies or do a browser redirect?
With PHP, cookies are set in the web page header lines, before any page content is processed. Redirects, too, are done in the header lines. When PHP code is within a post or a page, all the header lines have already been sent, along with part of the content. At that point, it is too late to set cookies or redirect with PHP
So it looks like you can't use this plugin to redirect the user at login.
I would suggest just to write the php in your template folder in a custom page template or header file.
Hope this helped!
Related
This question already has answers here:
How do I make a redirect in PHP?
(34 answers)
Closed 7 years ago.
I am learning pHp. I have made a login page.
The problem i am facing here is that, when user clicks on signin button & if record is found then he is taken to other page which displays redirect link, the user has to click on that to go to the next page.
Now what i want that when a user click on signin button, then the details should be cross checked in the database, if the record is found then user should be directly redirected to next page else error should be displayed.
This is my html page:
<!DOCTYPE html>
<html>
<head>
<title>OpenMoz</title>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="index.css"/>
</head>
<body style="height:650px;">
<h1 align="center" ><b><i>City Login</i></b></h1>
<div class="login">
<form action="login.php" method="post">
<input type="text" placeholder="Username" name="username" autocorrect=off autocapitalize=words required> <br>
<input type="password" placeholder="password" name="password" autocorrect=off autocapitalize=words required> <br>
<input type="submit" name="submit" value="Sign In">
</form>
<input type="submit" name="submit" value="Sign Up">
<div>
</body>
</html>
This is the login.php script to verify details :
<?php
$username = $_POST["username"];
$password = $_POST["password"];
if($username && $password)
{
$connect = mysql_connect("localhost","root","password") or die("Couldn't connect");
mysql_select_db("phplogin")or die("Couldn't connect");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!=0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername && $password==$dbpassword)
{
echo ("<center><a href='home.php'>Redirect</a></center>");
$_SESSION['username'] = $username;
}
else
{
echo ("Incorrect Password !");
}
}
else
die("The user doesn't exist");
}
else
echo ("Please enter username & password");
?>
I would be really thankful if my problem gets solved.
As long as you have not outputted anything to the browser, you can do a header redirect. This will achieve your aim.
Change this:
echo ("<center><a href='home.php'>Redirect</a></center>");
$_SESSION['username'] = $username;
To this:
$_SESSION['username'] = $username;
header("Location: /some-new-page.php");
exit;
Always exit; after a location redirect.
Oh yeah, and CLEAN your inputs.. ..you are wide open to SQL Injection.
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);
Oh yeah .. and mysql_* is deprecated. Use mysqli_*
use header("Location:home.php"); its best way to redirect page in php
header("Location:whaeverpage.php");
exit();
Do it before sending any data to the browser or you will get a header allready sen error
or by javascript :
If($connected ==='yes'){//your connection statement
?>
<script>window.location.replace("whatever_page");</script>
<?
}
WOWOW NONONO HALT! DO NOT LEARN mysql_ API FOR NEW DEVELOPMENT. It's deprecated/unsupported, ancient, error-prone. learn to use mysqli_ or better yet, PDO , and here is a great tutorial http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
also here: $query = mysql_query("SELECT * FROM users WHERE username='$username'");
code is vulnerable to SQL injection attack by hackers. must use mysql_real_escape_string.
also, you should not use * , for most cases, be specific. Also, you should not store passwords in plaintext (as your login system is doing), you should hash it..
other than that, check Chris Magg's already said what i would'ev https://stackoverflow.com/a/31355969/1067003
Hello Stackoverflowers
Im new to PHP and im trying to make a members area for my testpage. I have made a successful register and login page, but now when I changed the code so if I log in correctly it redirects my to a page, and if I log in with wrong information it send me to a different page. However the members area is accessible if you type the location in the address-bar. Now, here's what I need help with, When someone tries to access that location without being logged in it should say "Access denied" but when you log in, it should redirect you to the members area and all it content is shown.
Here is my code:
login.php
<?php
session_start();
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'Data';
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if(isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM Project WHERE username='$username' AND password='$password' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res) == 1){
header("Location: loggedin.php");
exit();
} else {
echo 'Användarnamn eller lösenord stämmer ej med informationen i databasen, var snäll försök igen <br>';
echo 'Gå tillbaka Eller Registrera dig';
exit();
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Logga in</title>
<script src="js/prefixfree.min.js"></script>
</head>
<body>
<div class="body"></div>
<div class="grad"></div>
<div class="wrapper">
<div class="header">
<div>bababa<span>bababa</span></div>
</div>
<br>
<div class="login">
<form method="post" action="login.php">
<input type="text" placeholder="Användarnamn" name="username" required><br>
<input type="password" placeholder="Lösenord" name="password" required><br>
<input type="submit" value="Logga in">
</form>
</div>
</div>
<script src='http://codepen.io/assets/libs/fullpage/jquery.js'></script>
</body>
</html>
signup.php
<!DOCTYPE HTML>
<html lang="sv">
<head>
<link href='http://fonts.googleapis.com/css?family=Oswald' rel='stylesheet' type='text/css'>
<link href='http://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>
<script src="http://code.jquery.com/jquery-1.11.2.min.js"></script>
<script type="text/javascript" >
$(".name").focus(function(){
$(".name-help").slideDown(500);
}).blur(function(){
$(".name-help").slideUp(500);
});
$(".email").focus(function(){
$(".email-help").slideDown(500);
}).blur(function(){
$(".email-help").slideUp(500);
});
</script>
</head>
<div class="wrapper">
<h1>Registrera er här</h1>
<p>Detta är ett test-formulär för Webbutvecklingsprojektet. Skriv ditt namn här
under och om allt funkar rätt skall systemet lagra ditt namn i en MySQL databas.</p>
<form class="form" name="form" method="post" action="add.php">
<input type="text" id="username" name="username" placeholder="Användarnamn" required>
<input type="password" id="password" name="password" placeholder="Lösenord" required>
<input type="email" id="email" name="email" placeholder="E-mail" required>
<input type="submit" class="submit" value="Registrera dig">
</form>
<h3>
Allmänt & regler:
</h3>
<ul>
<li>Maximalt 2GB Lagring</li>
<li>Du måste skriva för- och efternamn</li>
<li>Databasen lagrar bara upp till 60 användare</li>
</ul>
</div>
<p class="optimize">
</p>
</html>
And last: loggedin.php
<?php
session_start();
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'Data';
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if(!isset($_SESSION['username'])) {
die("Please login");
} else {
echo 'Du är inloggad';
}
?>
FTR: I tried the if isset but even when I logged in correctly the same message shows up: Please log in, how should I fix this?
Im a newbie at this so help me a bit extra
Thank you!
You can use Cookies or SESSION to do this.
When a user is authenticated, before redirecting to homeS page you should set a session variable like this: $_SESSION['id']=$user_id;. And if you want to set COOKIES so that user can access his account directly even after closing browser, you can set it like this setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // for 1 day.
So, now at the start of every page you need to start session session_start() to get the session value you set during login.
If a user_id of any user info exists in the session it will automatically use that info to access the page.
Now considering you want that the user is automatically redirected to login page/ACCESS DENIED if he tries to access home page.. You can do this by checking if the session user_info or cookie exist or not...if it doesn't redirect him to the login page or any error page as per you need...
In your code, before header("Location: loggedin.php"); create a session $_SESSION['username'] = $username;. And keep in mind to session_start() on every page, where $_SESSION value is going to be used..
What you would do is to redirect to a login page if user is not logged in.
if(!isset($_SESSION['username'])){
header('location: login.php');
}
I tried the if isset but even when I logged in correctly the same message shows up: Please log in, how should I fix this?
OK, when you log in succesfully, just before you redirect the user to the other page:
header("Location: loggedin.php");
you've to assign a session variable to the user, like this (for example. It depends how you want to identify them).
$_SESSION['ID'] = $row['ID'];
I think this is enought
By the way, please, don't use mysql_query
Use instead: mysqli extension.
(for more information)
Hope it helps
You have started the session session_start, but you haven't actually set the $_SESSION['username']. You need to set the session variable in between these two line.
if (mysql_num_rows($res) == 1){
// set session variable here
header("Location: loggedin.php");
exit();
}
Make sure you use the session_start() on the top of every page so that your able to check if the person who is viewing the page is logged in.
Also just another tip mysql_connect has been deprecated see here, you can use mysqli or PDO which escapes things automatically for you.
i have a form file with name form1.php
<?PHP
//form.php
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
<title>form</title>
</head>
<body>
<?PHP if (isset ($_SESSION["notfound"])) { ?>
<h2 style="text-align:center">Wrong user name or password</h2>
<?PHP unset($_SESSION["notfound"]);}
if (isset ($_SESSION["empty"])) {?>
<h2 style="text-align:center">Empty</h2>
<?PHP unset($_SESSION["empty"]); }?>
<form name="signin" action="http://localhost/M1.php" method="post">
<table>
<tr>
<td>
<label>
Username<input type="text" name="name" size="32"/>
</label>
</td>
<td>
<label>
Password <input type="password" name="pass" size="32"/>
</label>
</td>
<td>
<input type="submit" value="Login" />
</td>
</tr>
</table>
</form>
and controll file M1.php
<?php
$name=$_POST["name"];
$pass=$_POST["pass"];
if((!empty($name)) && (!empty($pass)))
{
session_start();
if($conection=mysql_connect("localhost","","")===false)
die("not connect to data base");
if(mysql_select_db('login',$conection) ===false)
die("data base not found");
$sql =sprintf("SELECT `password` FROM `signin` WHERE `username`= '%s' ",mysql_real_escape_string($name));
$dbpass=mysql_query($sql);
if ($dbpass==$pass)
{
$_SESSION["authenticated"]=true;
header("Location: http://localhost/home.php");
exit;
}
else //if ($dbpass===false)
{
$_SESSION["notfound"]=true;
header("Location: http://localhost/form1.php");
exit;
}
}
else
{
$_SESSION["empty"]=true;
header("Location: http://localhost/form1.php");
exit;
}
?>
*i am useing xampp for runing them
i have data base loging which contain a table signin
when i fill the form with same user name and password which i save in signin table and click submit it return me on form1.php with session 'notfoun'
and when i submit empty form it return me without seting empty session *
You are not fetching data from database and you make a condition based on execute query = $pass which will be always false, so change to
$dbpass=mysql_query($sql);
$result = mysql_fetch_array($dbpass);
$passw = $result['password'];
if ($passw==$pass)
{
//logged
As side note i would say a couple of thing. First I notice you sanitized your input which is a good pratice, but you really should switch to prepared statments with either PDO or mysqli so you will avoid any risk of mysql injection, also because mysql_* functions are deprecated. Second saving a password in plain text in database is a very bad pratice, you should really encrypt it and save an hash of the password in database, there is anice post about that here. Further more I think that session_start(); should be placed at the top of your file to work correctly.
It's firstly good time to make use of PDO or mysqli rather then using mysql which is deprecated in latest PHP version.
While passing db connection values, I feel you missed out the username & password, which should help you connect the database.
Later, mysql_query("SELECT_QUERY"); returns result object, whose values should be read by mysql_fetch_assoc() which returns the db row into associative array form.
Finally your code should look like,
$sql =sprintf("SELECT `password` FROM `signin` WHERE `username`= '%s' ",mysql_real_escape_string($name));
$result = mysql_query($sql);
$dbpass = mysql_fetch_assoc($result);
$dbpass = $dbpass['password'];
if ($dbpass==$pass)
{
$_SESSION["authenticated"]=true;
header("Location: http://localhost/home.php");
exit;
}
else //if ($dbpass===false)
{
$_SESSION["notfound"]=true;
header("Location: http://localhost/form1.php");
exit;
}
What's the error you're getting?
Anyway, how do you connect through your database? I see you have put the username and password as an empty string. You should try to put in a user/pass of an existing user:
mysql_connect syntax:
mysql_connect(host,username,password,newlink,clientflag)
example:
mysql_connect("localhost","root","")
or
mysql_connect("localhost","root","password")
EDIT: ASSIGNMENT WORK. Please don't mention External Libraries or complicated procedures that deal with security issues.
I want to implement a very basic login page that compares the users username and password with ones stored in a database (using MySql) and then redirect to another webpage that is only available to logged in users. I have looked at these two tutorials:
http://frozenade.wordpress.com/2007/11/24/how-to-create-login-page-in-php-and-mysql-with-session/
http://www.phpro.org/tutorials/Basic-Login-Authentication-with-PHP-and-MySQL.html
and I've attempted to use both techniques. The second one kept giving me server errors, and the first one gives me the login page, and doesn't return any errors, but then when pressing the submit button, it just doesn't do anything. I've followed it practically word for word, only changing the file names and some database column names to fit with my pre-existing stuff, but to no avail. This login page has given me an almighty headache and I would really like to get this out of the way and done with now.
LOGIN PAGE
<?php
// Inialize session
session_start();
// Check, if user is already login, then jump to secured page
if (isset($_SESSION['username'])) {
header('Location: RecordEvents.php');
}
?>
... skip all the unnecessary parts
<h1>Login</h1>
<?php
if(!empty($errorMessage))
{
echo("<p>There was a problem with your login:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
}
?>
<form action="loginscript.php" method="post">
Username:
<input type="text" name="username" /> </br>
Password:
<input type="password" name="password" /> </br>
<p>
<!--the submit button with an altered value. once selected the validation script will run-->
<input type="submit" name="login" value="Allons-y!" />
</p>
</form>
CONFIG.INC (I tried at first naming the file .php but that made no difference.)
<?php
$hostname = 'localhost';
$dbname = 'clubresults';
$username = 'newuser';
$password = 'password';
// Let's connect to host
mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!');
// Select the database
mysql_select_db($dbname) or DIE('Database name is not available!');
?>
LOGINSCRIPT.PHP
<?php
// Inialize session
session_start();
// Include database connection settings
include('Inlcude\config.inc');
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM admin_passwords WHERE (Username = '" . mysql_real_escape_string($_POST['username']) . "') and (Password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");
// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: RecordEvents.php');
}
else {
// Jump to login page
header('Location: Login.php');
}
?>
RECORDEVENTS.PHP
<?php
// Inialize session
session_start();
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: Login.php');
}
Include ('Include\eventscript.php');
?>
... blah blah
<?php
if(!empty($errorMessage))
{
echo("<p>There was an error with your form:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
}
?>
<form action="RecordEvents.php" method="post">
Name: <input type="text" name="EventName" value="<?php print $varEventname;?>" /> </br>
Date: <input type="text" name="EventDate" placeholder="yyyy-mm-dd hh:mm:ss" value="<?php print $varEventdate;?>" /> </br>
Location: <input type="text" name="Location" value="<?php print $varLocation;?>" /> </br>
<p>
<!--the submit button with an altered value. once selected the validation script will run-->
<input type="submit" name="formSubmit" value="Allons-y!" />
<!--the reset button to empty the form and start again-->
<input type="reset" name="formReset" value="Try Again" />
</p>
</form>
the db is called clubresults, the table i'm using is admin_passwords and the column names are: Username, Password.
Can anyone spot the error I am obviously making?
Check your spelling.
include('Inlcude\config.inc');
Please see this.
$login = mysql_query("SELECT * FROM admin_passwords WHERE username = '" .mysql_real_escape_string($_POST['username']) . "' and password = '" .mysql_real_escape_string($_POST['password']) . "'");
I removed the md5() function.
http://php.net/manual/en/function.md5.php
This is what really happens when there is an md5 in your query.
Lets say that you input the ff.
username = username
password = password
Your query will be like this, with md5() in your $_POST['password'].
SELECT * FROM admin_passwords WHERE username = 'username' and password = '5f4dcc3b5aa765d61d8327deb882cf99'
Please see the link above for more info!
First thing I see is
include('Inlcude\config.inc');
Obviously, the path is wrong. Further, sanitize your code. E.g. include doesn't require parentheses and should be written in lower case always, like
include 'Include\config.inc';
Next, are you sure, there is only one entry in your database? As it is defined to only load the recordevents script on
mysql_num_rows($login) == 1
Sometimes while developing, you may have two equal rows.
This question already has answers here:
How do I make a redirect in PHP?
(34 answers)
Closed 6 months ago.
I'm building a website which includes a login page. I need to redirect the user to their profile page once they've logged in successfully, but I don't know how to do that in PHP (It's my first site).
I've searched the internet and have been told that the header() function should do the trick, but it will only work if I haven't outputted any information before using it.
That's the problem. I've outputted a bunch of information (Including the HTML to build the login page itself).
So how do I redirect the user from one page to the next?
What options do I have? Also, what is the best practice in these instances?
EDIT: Here's my entire login.php page:
<?php
session_start();
echo "<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<title>Sprout</title>
<link rel='stylesheet' href='stylesheet.css' type='text/css'>
</head>
<body>
<div class='box'>
<form action='login.php' method='post'>
Name<br /> <input type='text' name='username' class='form'/><br />
Password<br /> <input type='password' name='password' class='form'/>
<input type='submit' value='Login' class='button' />
</form>
</div>
</body>
</html>";
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "root";
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ("Error connecting to database");
$dbname = "database";
mysql_select_db($dbname);
$query = "SELECT username FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query) or die ("Failed Query of " . $query);
while($row = mysql_fetch_assoc($result))
{
$_SESSION["user"] = $username;
}
}
?>
You could use a function similar to:
function redirect($url) {
header('Location: '.$url);
die();
}
Worth noting, you should them with a die() or exit() function to prevent further code execution.
Note that it just makes no sense to output large chunks of HTML if you are going to redirect. Therefore you have to move the form handling code above all HTML. As a side effect it will mitigate the notorious "Headers already sent" error.
Here's a more detailed guide than any of the other answers have mentioned: http://www.exchangecore.com/blog/how-redirect-using-php/
This guide includes reasons for using die() / exit() functions in your redirects, as well as when to use ob_flush() vs ob_start(), and some potential errors that the others answers have left out at this point.
You can conditionally redirect to some page within a php file....
if (ConditionToRedirect){
//You need to redirect
header("Location: http://www.yourwebsite.com/user.php");
exit();
}
else{
// do something
}
That's the problem. I've outputted a bunch of information (including the HTML to build the login page itself). So how do I redirect the user from one page to the next?
This means your application design is pretty broken. You shouldn't be doing output while your business logic is running. Go an use a template engine (like Smarty) or quickfix it by using output buffering).
Another option (not a good one though!) would be outputting JavaScript to redirect:
<script type="text/javascript">location.href = 'newurl';</script>
header won't work for all
Use below simple code
<?php
echo "<script> location.href='new_url'; </script>";
exit;
?>
Assuming you're using cookies for login, just call it after your setcookie call -- after all, you must be calling that one before any output too.
Anyway in general you could check for the presence of your form's submit button name at the beginning of the script, do your logic, and then output stuff:
if(isset($_POST['mySubmit'])) {
// the form was submitted
// ...
// perform your logic
// redirect if login was successful
header('Location: /somewhere');
}
// output your stuff here
You could use ob_start(); before you send any output. This will tell to PHP to keep all the output in a buffer until the script execution ends, so you still can change the header.
Usually I don't use output buffering, for simple projects I keep all the logic on the first part of my script, then I output all HTML.
The simplest approach is that your script validates the form-posted login data "on top" of the script before any output.
If the login is valid you'll redirect using the "header" function.
Even if you use "ob_start()" it sometimes happens that you miss a single whitespace which results in output. But you will see a statement in your error logs then.
<?php
ob_start();
if (FORMPOST) {
if (POSTED_DATA_VALID) {
header("Location: https://www.yoursite.com/profile/");
ob_end_flush();
exit;
}
}
/** YOUR LOGINBOX OUTPUT, ERROR MESSAGES ... **/
ob_end_flush();
?>
firstly create index.php page and just copy paste below code :-
<form name="frmUser" class="well login-form" id="form" method="post" action="login_check.php" onSubmit="return FormValidation()">
<legend>
<icon class="icon-circles"></icon>Restricted Area<icon class="icon-circles-reverse"></icon>
</legend>
<div class="control-group">
<label class="control-label" for="inputPassword">Username</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on"><icon class="icon-user icon-cream"></icon> </span>
<input class="input" type="text" name="username" id="username" placeholder="Username" />
</div>
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on"><icon class="icon-password icon-cream"></icon>
</span> <input class="input" type="password" name="password" id="password" value="" placeholder="Password" />
</div>
</div>
</div>
<div class="control-group signin">
<div class="controls ">
<input type="submit" class="btn btn-block" value="Submit" />
<div class="clearfix">
<span class="icon-forgot"></span>forgot password
</div>
</div>
</div>
</form>
/*------------------after that ----------------------*/
create a login_check.php and just copy paste this below code :-
<?php
session_start();
include('conn.php');
<?php
/* Redirect browser */
header("location:index.php");
/* Make sure that code below does not get executed when we redirect. */
exit;
?>
<?php
if(count($_POST)>0)
{
$result = mysql_query("SELECT * FROM admin WHERE username='".$_POST["username"]."' and password = '".$_POST["password"]."'");
$row = mysql_fetch_array($result);
if(is_array($row))
{
$_SESSION["user_id"] = $row[user_id];
$_SESSION["username"] = $row[username];
$session_register["user_id"] = $row[user_id];
$session_register["username"] = $row[username];
}
else
{
$_SESSION['msg']="Invalid Username or Password";
header("location:index.php");
}
}
if(isset($_SESSION["user_id"]))
{
header("Location:dashboard.php");
}
?>
/*-----------------------after that ----------------------*/
create a dashboard.php and copy paste this code in starting of dashboard.php
<?php
session_start();
include('conn.php');
include('check_session.php');
?>
/*-----------------------after that-----------------*/
create a check_session.php which check your session and copy paste this code :-
<?php
if($_SESSION["user_name"])
{
?>
Welcome <?php echo $_SESSION["user_name"]; ?>. Click here to Logout.
<?php
}
else
{
header("location:index.php");
}
?>
if you have any query so let me know on my mail id farjicompany#gmail.com
Although not secure, (no offense or anything), just stick the header function after you set the session variable
while($row = mysql_fetch_assoc($result))
{
$_SESSION["user"] = $username;
}
header('Location: /profile.php');
On click BUTTON action
if(isset($_POST['save_btn']))
{
//write some of your code here, if necessary
echo'<script> window.location="B.php"; </script> ';
}
----------
<?php
echo '<div style="text-align:center;padding-top:200px;">Go New Page</div>';
$gourl='http://stackoverflow.com';
echo '<META HTTP-EQUIV="Refresh" Content="2; URL='.$gourl.'">';
exit;
?>
----------
Just like you used echo to print a webpage. You could use also do the same with redirecting.
print("<script type=\"text/javascript\">location.href=\"urlHere\"</script>")
<?php
include("config.php");
$id=$_GET['id'];
include("config.php");
if($insert = mysqli_query($con,"update consumer_closeconnection set close_status='Pending' where id="$id" "))
{
?>
<script>
window.location.href='ConsumerCloseConnection.php';
</script>
<?php
}
else
{
?>
<script>
window.location.href='ConsumerCloseConnection.php';
</script>
<?php
}
?>