php login can't redirect

Question

I'm currently working on a log-in page, but after I insert the correct username and password it went to the checkLogin.php and says You are not allowed to execute this file directly instead of redirect. I can't find where did I make the mistake.

<?php
// checkLogin.php
session_start(); // Start a new session
require('connect.php'); // Holds all of our database connection information
// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$sql = "Select 
supplier_id as id,
supplier_lastname as lastname,
supplier_firstname as firstname,
supplier_email as email ,
supplier_phone as phone,
'Supplier' as entity_name
FROM suppliers 
WHERE suppliers.supplier_id = '$username' AND suppliers.supplier_pw = '$password'
union all
SELECT
customer_id as id,
customer_lastname as lastname,
customer_firstname as firstname,
customer_email as email,
customer_phone as phone,
'Customer' as entity_name 
FROM customers
WHERE customers.customer_id = '$username' AND customers.customer_pw = '$password';
";
$result = mysqli_query($sql) or die ( mysqli_error() );
$count = 0;
$line= mysqli_fetch_assoc($result);
while ($line) {
     $count++;
     $info = $line[5];
}
if ($count == 1 && $info='Supplier') {
    $_SESSION['loggedIn'] = "true";
    $_SESSION['username'] = $line['id'];
    header("Location: application/view_orders.php"); 
}
elseif ($count == 1 && $info='Customer') {
    $_SESSION['loggedIn'] = "true";
    $_SESSION['username'] = $line['id'];
    header("Location: application/orderForm.php");
}
else {
    $_SESSION['loggedIn'] = "false";
    echo "<script type='text/javascript'>alert('Log-In failed! Please check your username or password again.'); window.location.href='http://oncommercetrend.com/'</script>";
}
?>

And here is my form:

<form class="login active" action="checkLogin.php">
                    <h3>Login</h3>
                    <div>
                        <label>Username:</label>
                        <input name="user"type="text" />
                        <span class="error">This is an error</span>
                    </div>
                    <div>
                        <label>Password: <!--<a href="forgot_password.html" rel="forgot_password" class="forgot linkform">Forgot your password?</a>--></label>
                        <input name="password" type="password" />
                        <span class="error">This is an error</span>
                    </div>
                    <div class="bottom">
                        <div class="remember"><input type="checkbox" /><span>Keep me logged in</span></div>
                        <input type="submit" value="Login"></input>
                        <a href="register.html" rel="register" class="linkform">You don't have an account yet? Register here</a>
                        <div class="clear"></div>
                    </div>
                </form>

Here is DB connection:

$link = mysqli_connect($db_host,$db_user,$db_pass) or die('Unable to establish a DB connection');
mysqli_select_db($db_database,$link);

Answer 1

It will be easier to show you in graphic form, rather than commenting back and forth.

Your form doesn't have a post method.

Modify to

<form class="login active" action="checkLogin.php" method="post"> 

Form defaults to a GET method if omitted.

You should add exit; after all your headers.

You need to change your DB code to this and change to your actual settings/credentials:

$db_host = "yourhost";
$db_user = "user";
$db_pass = "password";
$db_database = "database_name";

$link = mysqli_connect($db_host,$db_user,$db_pass,$db_database) 
        or die("Error " . mysqli_error($link));

change this:

$result = mysqli_query($sql) or die ( mysqli_error() );

to this (passing DB connection parameter first)

$result = mysqli_query($link, $sql) or die ( mysqli_error($link) );