I've wrote a script that reads user and password data correctly, to log into a reserved webpage. The problem is that when you press the login button, it doesn't redirect to the target.php (reserved) page. The form is in a file called login.php. It reads and connect to the db, but stays on this login page:
<?php
session_start();
function loginform(){
echo "<form action='' method='POST'>
Username: <input type = 'text' name='username'>
Password: <input type = 'text' name='password'>
<input type = 'submit' name='login' value='Login'>
</form>
";
}
function logoutform(){
echo "<form action='' method='POST'>
<input type = 'submit' name='logout' value='Logout'>
</form>
";
}
function login($username, $password){
$pass = md5($password);
$con= mysqli(whateverwebsite.com, 'Nameofthetable', 'hashedmd5password') or die (mysql_error());
mysql_select_db('whateverdb', $con) or die (mysql_error());
$result = mysql_query(" SELECT * FROM user WHERE username='$username' AND password='$pass' ") or die (mysql_error);
$count= mysql_num_rows($result);
if($count==1) {
$_SESSION['login']=$username;
header('Location:target.php'); /* this does not work */
}
else {
header('Location:index.php'); /* this does not work */
echo "Wrong login";
}
}
function logout(){
session_destroy();
}
if (isset($_SESSION['login'])) {
echo "You've logged in";
logoutform();
}
else{
echo "Enter with Username and password.";
loginform();
}
if ($_POST['login']) {
echo "logging in..."; /* this text "logging in" remains on the screen, instead of going to target.php */
login($_POST['username'], $_POST['password']);
}
elseif($_POST['logout']){
echo "Logging out";
logout();
}
?>
also, Before the html of the target.php page, there is this
<?php
session_start();
echo "Reserved area<br>";
if (!isset($_SESSION['login'])) {
exit("you must login <a href='../login.php'>Login<a>");
}
else {
echo "Do the <a href='../login.php'>Logout</a>";
}
?>
Something like this always worked for me :
This modification is in your login
function . If it works , you can modify else
part in similar manner .
if( $count == 1 )
{
$_SESSION['login'] = $username;
echo
'<!DOCTYPE html>
<html>
<head>
<title>Your website title</title>
<meta http-equiv="refresh" content="3;url=target.php">
<meta charset="UTF-8">
</head>
<body>
Logging in . Please wait ...
</body>
</html>';
}
You can use the header() function to send a new HTTP header, but this must be sent to the browser before any HTML or text (so before the declaration, for example).
alternative:
function Redirect($url, $permanent = false)
{
header('Location: ' . $url, true, $permanent ? 301 : 302);
exit();
}
Redirect('http://www.google.com/', false);
UPDATE: if this does not worked use this:
echo "<meta http-equiv='refresh' content='0;url=index.php' />";
instead of using header
Before using header()
you shouldn't echo anything.
So, check the $_POST['login']
first, and don't use echo before login()
Another method:
<?php
echo "<script type='text/javascript'>window.location='page.php';</script>";
//or
echo "<meta http-equiv='refresh' content='0;url=page.php' />";
?>
//TRY this here
if($count==1) {
$_SESSION['login']=$username;
header('Location:target.php'); /* this will work now*/
//TRY
exit();
}
Note : mysql_* deprecated use mysqli_ your code is highly vulnerable
a logic Flaw - your code is highly vulnerable
$result = mysql_query(" SELECT * FROM user WHERE username='$username' AND password='$pass' ") or die (mysql_error);
$count= mysql_num_rows($result);
let $username="A%"
like some thing its easy to have $count>1 and logged in this
I think this function may be the culprit. It doesn't display anything, why it doesn't get called?
if (isset($_SESSION['login'])) {
echo "You've logged in";
logoutform();
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.