I'm currently working on a log-in page, but after I insert the correct username and password it went to the checkLogin.php and says You are not allowed to execute this file directly instead of redirect. I can't find where did I make the mistake.
<?php
// checkLogin.php
session_start(); // Start a new session
require('connect.php'); // Holds all of our database connection information
// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$sql = "Select
supplier_id as id,
supplier_lastname as lastname,
supplier_firstname as firstname,
supplier_email as email ,
supplier_phone as phone,
'Supplier' as entity_name
FROM suppliers
WHERE suppliers.supplier_id = '$username' AND suppliers.supplier_pw = '$password'
union all
SELECT
customer_id as id,
customer_lastname as lastname,
customer_firstname as firstname,
customer_email as email,
customer_phone as phone,
'Customer' as entity_name
FROM customers
WHERE customers.customer_id = '$username' AND customers.customer_pw = '$password';
";
$result = mysqli_query($sql) or die ( mysqli_error() );
$count = 0;
$line= mysqli_fetch_assoc($result);
while ($line) {
$count++;
$info = $line[5];
}
if ($count == 1 && $info='Supplier') {
$_SESSION['loggedIn'] = "true";
$_SESSION['username'] = $line['id'];
header("Location: application/view_orders.php");
}
elseif ($count == 1 && $info='Customer') {
$_SESSION['loggedIn'] = "true";
$_SESSION['username'] = $line['id'];
header("Location: application/orderForm.php");
}
else {
$_SESSION['loggedIn'] = "false";
echo "<script type='text/javascript'>alert('Log-In failed! Please check your username or password again.'); window.location.href='http://oncommercetrend.com/'</script>";
}
?>
And here is my form:
<form class="login active" action="checkLogin.php">
<h3>Login</h3>
<div>
<label>Username:</label>
<input name="user"type="text" />
<span class="error">This is an error</span>
</div>
<div>
<label>Password: <!--<a href="forgot_password.html" rel="forgot_password" class="forgot linkform">Forgot your password?</a>--></label>
<input name="password" type="password" />
<span class="error">This is an error</span>
</div>
<div class="bottom">
<div class="remember"><input type="checkbox" /><span>Keep me logged in</span></div>
<input type="submit" value="Login"></input>
<a href="register.html" rel="register" class="linkform">You don't have an account yet? Register here</a>
<div class="clear"></div>
</div>
</form>
Here is DB connection:
$link = mysqli_connect($db_host,$db_user,$db_pass) or die('Unable to establish a DB connection');
mysqli_select_db($db_database,$link);
It will be easier to show you in graphic form, rather than commenting back and forth.
Your form doesn't have a post method.
Modify to
<form class="login active" action="checkLogin.php" method="post">
Form defaults to a GET method if omitted.
You should add exit;
after all your headers.
You need to change your DB code to this and change to your actual settings/credentials:
$db_host = "yourhost";
$db_user = "user";
$db_pass = "password";
$db_database = "database_name";
$link = mysqli_connect($db_host,$db_user,$db_pass,$db_database)
or die("Error " . mysqli_error($link));
change this:
$result = mysqli_query($sql) or die ( mysqli_error() );
to this (passing DB connection parameter first)
$result = mysqli_query($link, $sql) or die ( mysqli_error($link) );
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.