I have a basic form, I only want it execute when the users input matches a set one. How can I make it so the user can only get to the add books page if the supply the "Admin" username and the password "password1"?
//Admin Login
echo "<form method='post' action='addBooks.php'>
Username:<br>
<input type='text' name='Username' value='Admin'>
<br>
Password:<br>
<input type='text' name='password' value=''>
<br><br>
<input type='submit' name='sbmt' id='sbmt' value='user_value' class='user_class' onSubmit='return submit();'/>
</form>";
function submit(){
if($_POST['Username'] == 'Admin')&&($_POST['password'] == 'Password1'){
return true;
}
else{
alert("Please check Username and Password")
return false;
}
}
Edit:
To clear up the issue.
I am trying to have a form with a username and password input. When the user clicks submit on this form it currently takes the user to addbooks.php. I want to make this conditional so that the user can only access the addbooks.php page if the username they provide ="Admin" and the password the provide = "Password1". I am currently trying to execute the submit function on the button click and the submit function is supposed to check if username and password match admin and password1. if they do it should let you through to addbooks.php
You could try this (note the header("Location: addBooks.php") part MUST be at the top of your code, before any html is outputed):
if (isset($_POST["Username"]) and isset($_POST["password"]) ) {
if ( ($_POST["Username"] == "Admin") and ($_POST["password"] == "Password1") ) {
header("Location: addBooks.php");
exit;
}
else {echo "Please check Username and Password <br/>";}
}
//Admin Login
echo '<form method="post" action="'.$_SERVER['PHP_SELF'].'">
Username:
<br/>
<input type="text" name="Username" value="Admin">
<br/>
Password:
<br/>
<input type="text" name="password" value="">
<br/>
<br/>
<input type="submit" name="sbmt" id="sbmt" value="Submit" class="user_class"/>
</form>';
Related
its my first time creating a login page.
I want users to login, then the page redirects to the customer account page, if they have a account. I have added echo's so i can see whats happening. I have a "Logged in successfully" alert that works perfectly when i login. The page just does not redirect.
HTML
<section class="container">
<form id="myform " class="Form" method="post" action="login.php" accept-charset="utf-8">
<!-- <div id="first">-->
<input type="email" id="email" name="email" placeholder="Email Address" value='' required>
<input class ="login-field" type="password" id="pass1" name="pass1" value="" placeholder="Password" maxlength="30" required>
<input type="submit" name="login" value="login" class="btn ">
<br>
</form>
PHP
<?php
session_start();
require ('./mysql.inc.php');
?>
<?php
if (isset($_POST['login']))
//database varianbles
$c_email = $_POST['email'];
$c_password = $_POST['pass1'];
// select login details
$sel_c = "SELECT * FROM Cus_Register WHERE Cus_Email='$c_email' AND Cus_Password='$c_password'";
$run_c = mysqli_query($dbc, $sel_c);
//check if customer is on databse
$check_customer = mysqli_num_rows($run_c);
if ($check_customer == 0) {
echo "<script> alert('password or email is incorrect please try again')</script>";
exit();
}
else{
$_SESSION['Cus_Email'] = $c_email;
echo "<script> alert ('Logged in successfully')</script>";
echo "<script>window.open('./customer/Cus_Account.php'.'_self') </script>";
}
?>
You may use header() to redirect
else
{
$_SESSION['Cus_Email'] = $c_email;
header('Location: customer/Cus_Account.php');
exit();
}
hope it helps:)
Do you intend window.open('./customer/Cus_Account.php'.'_self') to be window.open('./customer/Cus_Account.php', '_self')?
window.open takes a location and a target parameter and in JavaScript parameters are separated by a comma, not a full stop. In this case './customer/Cus_Account.php' is the location and '_self' is the target.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I am trying to make a page where a user logs in and they are taken to a personalized page. What I am having problems with is, while the user is still logged in, if they type in the generic url, that they are still logged in and their personalized page is viewable. (Similar to when you are logged into Facebook and it goes straight to your feed if you type in www.facebook.com) I tried using sessions for this, but am having no luck.
<?php
if(isset($_REQUEST['user']) != true) {
?>
<html>
<head>
<title>Welcome</title>
</head>
</html>
<body bgcolor="white">
<h1>Welcome</h1><br>
If you have an existing account, log in here:<br>
<form name="loginForm" action="test.php" method="get">
User name: <input type="text" name="user" /><br>
Password: <input type="password" name="pass" /></br>
<input type="submit" value="Login" />
</form>
<br>
<hr>
<br>
Otherwise, if you'd like to create an account, please fill out the following form:<br>
<form name="createAccountForm" action="test.php" method="get">
User name: <input type="text" name="user" /><br>
Password: <input type="password" name="pass" /><br>
First name: <input type="text" name="fname" /><br>
Last name: <input type="text" name="lname" /><br>
<input type="hidden" name="create" value="true">
<input type="submit" value="Create Account" />
</form>
</body>
</html>
<?php
}
else if(isset($_REQUEST['user']) == true) {
session_start();
if(!isset($_SESSION['uname']))
{
header('location:test.php?redirect='.$_SERVER['REQUEST_URI']);
exit;
}
// personalized page code
}
EDIT:: A solution first for your own existing code. should work fine.
<?php
session_start();
if(isset($_REQUEST['user'])) {
if(isset($_SESSION['uname']))
{
header('location:test.php?redirect='.$_SERVER['REQUEST_URI']);
exit;
}
// personalized page code
} else {
?>
<html>
<head>
<title>Welcome</title>
</head>
</html>
<body bgcolor="white">
<h1>Welcome</h1><br>
If you have an existing account, log in here:<br>
<form name="loginForm" action="test.php" method="get">
User name: <input type="text" name="user" /><br>
Password: <input type="password" name="pass" /></br>
<input type="submit" value="Login" />
</form>
<br>
<hr>
<br>
Otherwise, if you'd like to create an account, please fill out the following form:<br>
<form name="createAccountForm" action="test.php" method="get">
User name: <input type="text" name="user" /><br>
Password: <input type="password" name="pass" /><br>
First name: <input type="text" name="fname" /><br>
Last name: <input type="text" name="lname" /><br>
<input type="hidden" name="create" value="true">
<input type="submit" value="Create Account" />
</form>
</body>
</html>
<?php
}
?>
Here is a login solution of my own (stripped out a bit to be generic) it also includes the code for a PDO query of the database and checking of a password with php's password_hash function. I will point out the code that is specifically relevant to your question:
Assuming that as you are building a login page, and wanting to send users to other parts of the site relevant to their status. I think the whole script is relevant. You can easily swap and change what happens as a result of the session variable values.
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
//start the session before sending any other output
session_start();
require('dbconn.php');
// checks if a session eid has been set, if so, send them to the usercp.
if(isset($_SESSION['eid'])){ header("Location: usercp.php"); } else {
try{
//build a login page
$loginpage ="<html><head><title>Portal Login</title></head><body>";
$loginpage.="<div align=\"center\" id=\"box\">";
$loginpage.="<table><tr><td><img src=\"images/login.jpg\" /></td></tr>";
$loginpage.="<tr><td><div align=\"center\">";
$loginpage.="<font face=\"Courier New, Courier, monospace\">Please enter your email<br /> address and password.</font><br />";
$loginpage.="<br /><form action=\"\" method=\"post\" name=\"login\" ><div align=\"right\">";
$loginpage.="<font face=\"Courier New, Courier, monospace\">Email:</font><input type=\"text\" size=\"40\" name=\"email\" />";
$loginpage.="<br /><br /><font face=\"Courier New, Courier, monospace\">Password:</font><input type=\"password\" size =\"40\" name=\"password\" />";
$loginpage.="<br /></div><br /><input type=\"reset\" value=\"Reset\" /> ";
$loginpage.=" <input name=\"submit\" type=\"submit\" value=\"Login!\" />";
$loginpage.="</form></div></td></tr></table></div></body></html>";
//checks if somebody is trying to login
if(isset($_POST['submit']))
//checks that the username and password have both been filled out if not, show the login page
{ if(!$_POST['email'] || !$_POST['password'])
{
echo $loginpage;
echo "Please enter your login details";
} else { //otherwise search the database for the email address
$db = NEW pdo($dsn, $db_user, $db_pass);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$email = $_POST['email'];
$password = $_POST['password'];
$check = $db->prepare("SELECT * FROM employees WHERE email = :email");
$check->bindParam(":email", $email);
$check->execute();
//unset the session variables
unset($_SESSION['eid']);
unset($_SESSION['email']);
unset($_SESSION['userlevel']);
unset($_SESSION['fname']);
//check if the password hash matches php's hash of the password
if(($row = $check->fetch()) && (password_verify($password,$row['password']))) {
// set the session variables
$_SESSION['eid'] = $row['eid'];
$_SESSION['email'] = $row['email'];
$_SESSION['userlevel'] = $row['userlevel'];
$_SESSION['fname'] = $row['fname'];
// if the user's userlevel is higher than 1 give them the option of the admin page
if($row['userlevel'] > "1") {
echo "<center><a href='usercp.php'><h1>User Panel</h1></a><br><br><a href='admin/admincp.php'><h1>Admin Panel</h1></a></center>";
} else { //otherwise send them straight to the usercp
header("Location: usercp.php");
}
} else { //if the email is not found or password is incorrect, show the loginpage again
echo $loginpage;
echo "Login details incorrect, please contact your manager.";
}
}
} else { //if nobody has logged in already, or tried to log in just now, show the login page
echo $loginpage;
}
//pdo error reporting code
} catch (PDOException $e) {
throw $e;
}
}
?>
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
Hi I made this very simple registration page I have 3 files: welcome.php, registration_form.php, and register.php
This is my code for welcome.php
<html>
<body>
<h1>WELCOME!</h1>
<form action="login.php" method="POST">
<p>Username: <input type="text" name="login_username" value=""> </p>
<p>Password: <input type="password" name="login_password" value=""></p>
<p><input type="submit" value="LOGIN" name="login" size="20"></p>
Register for new account
</body>
<html>
This is my code in registration_form.php
<html>
<body>
<h1>Register here</h1>
<form action="register.php" method="POST">
<p>Username: <input type="text" name="register_username" value=""></p>
<p>Password: <input type="password" name="register_password" value=""></p>
<p>Re-type Password: <input type="password" name="register_repassword" value=""></p>
<p>E-mail Address: <input type="text" name="register_email" value=""></p>
<p>Re-type E-mail Address: <input type="text" name="register_reemail" value=""></p>
<p><input type="submit" value="Register" name="register"></p>
</form>
</body>
<html>
This is my register.php
<html>
<body>
<?php
ob_start();
//=======================database variables
$host="localhost";
$db_username="root";
$db_password="";
$db="forum_members";
$db_table="members";
//=======================connect to database
mysql_connect("$host","$db_username","$db_password") or die("Could not connect to the database!");
mysql_select_db("$db") or die("database not found!");
//form variables
$register_user=$_POST['register_username'];
$register_pass=$_POST['register_password'];
$register_repass = $_POST['register_repassword'];
$register_email=$_POST['register_email'];
$register_reemail=$_POST['register_reemail'];
//protect database from MySQL database
$register_user=stripslashes($register_user);
$register_pass=stripslashes($register_pass);
$register_repass=stripslashes($register_repass);
$register_email=stripslashes($register_email);
$register_reemail=stripslashes($register_reemail);
$register_user=mysql_real_escape_string($register_user);
$register_pass=mysql_real_escape_string($register_pass);
$register_repass=mysql_real_escape_string($register_repass);
$register_email=mysql_real_escape_string($register_email);
$register_reemail=mysql_real_escape_string($register_reemail);
//check required fields
if (empty($register_user) || empty($register_pass)) {
echo "Please fill the required fields";
die();
}
if (empty($register_repass) || empty($register_email)) {
echo "Please fill the required fields";
die();
}
if (empty($register_reemail)) {
echo "Please fill the required fields";
die();
}
//check if username has alphanumeric characters only
if (!preg_match("/^[a-zA-Z0-9_]+$/", $register_user) || !preg_match("/^[a-zA-Z0-9_]+$/", $register_pass)) {
echo "Username and Password can only contain alphanumeric characters";
die();
}
//check username and password minimum length
if (strlen($register_user) < 4) {
echo "Username must be more than 4 characters!";
die();
}
if (strlen($register_pass) < 8) {
echo "Password must be at least 8 characters!";
die();
}
if ($register_pass !== $register_repass) {
echo "Your password did not match";
die();
}
if ($register_email !== $register_reemail) {
echo "Your E-mail address did not match";
die();
}
//check duplicate username
$duplicate_user="SELECT * FROM $db_table WHERE username='$register_user'";
$execute_duplicate=mysql_query($duplicate_user);
$duplicate_result = mysql_num_rows($execute_duplicate);
if ($duplicate_result == 1) {
echo "This username is already used";
die();
}
//create MySQL Query
$query_insert="INSERT INTO $db_table(username, password, email) VALUES ('$register_user', '$register_pass', '$register_email')";
//execute MySQL query
$execute_insert=mysql_query($query_insert);
//$execute_insert=mysql_query($query_insert);
//check inserted data
$check_insert="SELECT * FROM $db_table WHERE username='$register_user'";
$execute_insert1=mysql_query($check_insert);
$verify_insert=mysql_num_rows($execute_insert1);
if ($verify_insert==1) {
echo "Registration Successful! You may now login";
}
else {
echo "Registration Failed!";
}
ob_end_flush();
?>
</body>
</html>
My question is how can I use $_SERVER['PHP_SELF'] so that I can merge registration_form.php and register.php? So that I won't be working on multiple files. My goal is to display "Registration successful! You may now login" or "Registration failed" at the same page(preferably at the top) and when a guest didn't enter any information and clicked the 'register' button' it will go back to the registration form as if nothing happens. I tried to look for an answer in google, but it doesn't work.
P.S. I know there are a lot of flaws in my code, please be good. I'm just starting in studying php.
$_SERVER['PHP_SELF'] is for calling form action on same page. so you should give it in form action.
Now what you have done on register.php, simply put on same page with condition if data posted..like if(isset)
put this code in your registration_form.php
<?php
ob_start();
//=======================database variables
$host="localhost";
$db_username="root";
$db_password="";
$db="forum_members";
$db_table="members";
//=======================connect to database
mysql_connect("$host","$db_username","$db_password") or die("Could not connect to the database!");
mysql_select_db("$db") or die("database not found!");
?>
<h1>Register here</h1>
<?php
// To confirm form is submitted
if(isset($_POST['register']))
{
//form variables
$register_user=$_POST['register_username'];
$register_pass=$_POST['register_password'];
$register_repass = $_POST['register_repassword'];
$register_email=$_POST['register_email'];
$register_reemail=$_POST['register_reemail'];
//protect database from MySQL database
$register_user=stripslashes($register_user);
$register_pass=stripslashes($register_pass);
$register_repass=stripslashes($register_repass);
$register_email=stripslashes($register_email);
$register_reemail=stripslashes($register_reemail);
$register_user=mysql_real_escape_string($register_user);
$register_pass=mysql_real_escape_string($register_pass);
$register_repass=mysql_real_escape_string($register_repass);
$register_email=mysql_real_escape_string($register_email);
$register_reemail=mysql_real_escape_string($register_reemail);
//check required fields
if (empty($register_user) || empty($register_pass)) {
echo "Please fill the required fields";
die();
}
if (empty($register_repass) || empty($register_email)) {
echo "Please fill the required fields";
die();
}
if (empty($register_reemail)) {
echo "Please fill the required fields";
die();
}
//check if username has alphanumeric characters only
if (!preg_match("/^[a-zA-Z0-9_]+$/", $register_user) || !preg_match("/^[a-zA-Z0-9_]+$/", $register_pass)) {
echo "Username and Password can only contain alphanumeric characters";
die();
}
//check username and password minimum length
if (strlen($register_user) < 4) {
echo "Username must be more than 4 characters!";
die();
}
if (strlen($register_pass) < 8) {
echo "Password must be at least 8 characters!";
die();
}
if ($register_pass !== $register_repass) {
echo "Your password did not match";
die();
}
if ($register_email !== $register_reemail) {
echo "Your E-mail address did not match";
die();
}
//check duplicate username
$duplicate_user="SELECT * FROM $db_table WHERE username='$register_user'";
$execute_duplicate=mysql_query($duplicate_user);
$duplicate_result = mysql_num_rows($execute_duplicate);
if ($duplicate_result == 1) {
echo "This username is already used";
die();
}
//create MySQL Query
$query_insert="INSERT INTO $db_table(username, password, email) VALUES ('$register_user', '$register_pass', '$register_email')";
//execute MySQL query
$execute_insert=mysql_query($query_insert);
//$execute_insert=mysql_query($query_insert);
//check inserted data
$check_insert="SELECT * FROM $db_table WHERE username='$register_user'";
$execute_insert1=mysql_query($check_insert);
$verify_insert=mysql_num_rows($execute_insert1);
if ($verify_insert==1) {
echo "Registration Successful! You may now login";
}
else {
echo "Registration Failed!";
}
ob_end_flush();
}
?>
<?php // To call form on same page ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<p>Username: <input type="text" name="register_username" value=""></p>
<p>Password: <input type="password" name="register_password" value=""></p>
<p>Re-type Password: <input type="password" name="register_repassword" value=""></p>
<p>E-mail Address: <input type="text" name="register_email" value=""></p>
<p>Re-type E-mail Address: <input type="text" name="register_reemail" value=""></p>
<p><input type="submit" value="Register" name="register"></p>
</form>
</body>
<html>
What is it ?
$_SERVER['PHP_SELF'] is not for calling form action on same page but you can use it this way.
$_SERVER['PHP_SELF'] contains the filename of the currently executing script, relative to the document root. this means if you are in http://domain.com/path/to/file.php then
$_SERVER['PHP_SELF'] would be /path/to/file.php.
How to use it?
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
How to merge then ?
$_SERVER['REQUEST_METHOD'] contains the current request method. i.e. GET, POST, PUT
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
// handle your form submition here
}
?>
<html>
...
<!-- show register form -->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
How to avoid the submit due to a refresh of the page ?
redirect user to somewhere else.
header("Location: /path/to/somewhere");
but you don't like files, so redirect user to current url.
header("Location: {$_SERVER['PHP_SELF']}");
All in one:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
// handle your form submition here
// everything is ok.
header("Location: {$_SERVER['PHP_SELF']}");
}
?>
<html>
...
<!-- show register form -->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
I have a sign up process which involves two forms being submitted. The problem is with the first form not being submitted. Also, I need a way to relate the two forms as information from both is inserted into the same table row, I think this can be done by taking the previous table row id.
It is supposed to work like this: First a user must search for an item in the search bar. Matches are then displayed with radio buttons next to each one and a submit button at the bottom. When submitted, the form data (which is the result of the search that they checked with the radio) goes into the database table 'users'. The 'users' table contains a row for id, username, password and radio.
The radio option is submitted into radio. This also creates an id, which is auto incremented. That is the first form. Once the radio option is picked and the data is in a table row, the user must fill out the second form which asks for an email and a password, which is submitted into the same row that the radio option is in.
When I go through this process, the email (referred to as username in table) and password appear in the table along with the id, but the radio is always blank. Not sure why the radio option is not being submitted. Also not sure if i need a way to relate the forms. I am a beginner at this so, please try to make answers understandable. Thanks in advance, heres the code:
<?php
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('The email '.$_POST['username'].' is already in use.');
}
// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO users (username, password, radio)
VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['radio']."')";
$add_member = mysql_query($insert);
?>
<h2><font color="red">Registered</font></h2>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>
<font color = #000000><h1>Sign Up</h1></font>
<?php
// Search Engine
// Only execute when button is pressed
if (isset($_POST['keyword'])) {
// Filter
$keyword = trim ($_POST['keyword']);
// Select statement
$search = "SELECT * FROM tbl_name WHERE cause_name LIKE '%$keyword%'";
// Display
$result = mysql_query($search) or die('That query returned no results');
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<?php
while($result_arr = mysql_fetch_array( $result ))
{
?>
// Radio button
<input type="radio" name="radio">
<?php
echo $result_arr['cause_name'];
echo " ";
echo "<br>";
}
?>
<input type="submit" name="radio_submit" value="Select Item">
</form>
<?php
$anymatches=mysql_num_rows($result);
if ($anymatches == 0)
{
echo "We don't seem to have that cause. You may add a cause by filling out a short <a href='add.php'>form</a>.<br><br>";
}
}
?>
<!--Sign Up Form-->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="sign_up_form">
<input type="text" name="keyword" placeholder="Search" onFocus="this.select();" onMouseUp="return false;">
<input type="submit" name="search" value="Search">
<br />
<br />
<input type="email" name="username" maxlength="250" placeholder="Your email" onFocus="this.select();" onMouseUp="return false;">
<input type="password" name="pass" maxlength="50" placeholder="Password" onFocus="this.select();" onMouseUp="return false;">
<input type="password" name="pass2" maxlength="50" placeholder="Re-type Password" onFocus="this.select();" onMouseUp="return false;">
<br />
<input type="submit" name="submit" value="Sign Up">
</form>
<?php
}
?>
Modify your code like this
<input type="radio" name="radio" value="<?php echo $result_arr['cause_name']; ?>" >
and then submit it you should get the value
update the below query as well
<?php
echo $insert = "INSERT INTO users (username, password, radio) VALUES ('$_POST[username]', '$_POST[pass]', '$_REQUEST[radio]')";
$add_member = mysql_query($insert);
?>
change the below code
//This code runs if the form has been submitted
if (isset($_POST['radio_submit'])) {
/////
<?php
if (isset($_REQUEST['submit']))
{
$radio = $_REQUEST['radio'];
$insert = mysql_query("INSERT INTO users (radio) VALUE ('$radio')");
if (!$insert)
{
echo mysql_error();
}
}
?>
<form action="" method="get">
<input type="radio" name="radio" value="red">red
<input type="radio" name="radio" value="blue">blue
<input type="submit" name="submit" />
</form>
I am trying to make a simple PHP MySQL login page. I keep reading over the code and can't see what I'm doing wrong. I'm testing with an e-mail and password that I've just looked at in the database as a test so I know it exists. When I click submit on the previous form, it just redirects me back to the same page and doesn't log in (I know this because my header changes with the $_SESSION variables when it works; I know this because my registration page works but not the login once you register). Be aware too that upon registration they enter their first and last name which is why I've included it on the $_SESSION variables on session_start. Here's the code (first the form and the then the checklogin.php page):
<!--THIS IS THE FORM FROM THE PAGE SIGN_IN.PHP-->
<form method="post" target="checklogin.php">
<label for="email">EMAIL/USERNAME:</label>
<input type="text" name="email" id="email">
<label for="password">PASSWORD:</label>
<input type="password" name="password" id="password">
<br />
<input type="submit" value="Let's Play!">
</form>
And this is the checklogin.php script that the form posts to:
<?php
$mysqli = mysqli_connect("mysql_name","login_id","password", "db_name");
if (!$mysqli)
{
die('Could not connect: ' . mysqli_error($mysqli));
}
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$email=$mysqli->real_escape_string($_POST['email']);
$password=$mysqli->real_escape_string($_POST['password']);
$sql="SELECT * FROM tbl_name WHERE email='$email' and password='$password'";
$result = $mysqli->query($sql);
if(is_object($result) && $result->num_rows == 1){
// Register variables and redirect to file "profile.php"
session_start();
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['email']=$_POST['email'];
$_SESSION['password']=$_POST['password'];
redirect('profile.php');
} else {
echo "Wrong Username or Password";
}
?>
I've also tried this with header('location:profile.php') but with the same results.
<form method="post" action="checklogin.php">
The action attribute is for specifying the URL where you form will be posted. While the target attribute is for specifying where the URL should be loaded.
If the action property is missing, it defaults to the current URL, this is why you are navigating to the same page when you submit the form.
Change Your Form As:
<form method="post" action="checklogin.php">
<label for="email">EMAIL/USERNAME:</label>
<input type="text" name="email" id="email">
<label for="password">PASSWORD:</label>
<input type="password" name="password" id="password">
<br />
<input type="submit" value="Let's Play!">
</form>
Checklogin.php as
<?php
$mysqli = mysqli_connect("mysql_name","login_id","password", "db_name");
if (!$mysqli)
{
die('Could not connect: ' . mysqli_error($mysqli));
}
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$email=$mysqli->real_escape_string($_POST['email']);
$password=$mysqli->real_escape_string($_POST['password']);
$sql="SELECT * FROM tbl_name WHERE email='$email' and password='$password'";
$result = $mysqli->query($sql);
if(is_object($result) && $result->num_rows == 1){
// Register variables and redirect to file "profile.php"
session_start();
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['email']=$_POST['email'];
$_SESSION['password']=$_POST['password'];
//redirect('profile.php');
header('location:profile.php');
} else {
echo "Wrong Username or Password";
}
?>