i have script login.php, it works when login with a true username and password, but when it comes login with wrong username and password it redirect to a blank page, when it should be redirect back to index.php here my script, may be some one can help me, what wrong with my script. thanks before.
<?php
session_start();
include 'dbconfig.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$username = stripslashes ($username);
$password = stripslashes ($password);
$query = mysql_query("SELECT username, namalengkap, nik, level FROM users WHERE username= '$username' and password='$password'");
while($row = mysql_fetch_array($query)) {
$level= $row['level'];
$user = $row['namalengkap'];
$nik = $row['nik'];
if ($level == 'admin')
{
$_SESSION['level'] = $level;
$_SESSION ['user']= $user;
$_SESSION ['nik'] = $nik;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=homeadmin.php">';
exit;
}
elseif ($level == 'pengguna')
{
$_SESSION['level'] = $level;
$_SESSION ['user'] = $user;
$_SESSION ['nik'] = $nik;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=home.php">';
exit;
}
else {
header("location:index.php");
}
}
?>
Don't use mysql_query it has been depreciated Don't use while loop
<?php
session_start();
include 'dbconfig.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$username = stripslashes ($username);
$password = stripslashes ($password);
$query = mysql_query("SELECT username, namalengkap, nik, level FROM users WHERE username= '$username' and password='$password'");
$row = mysql_fetch_array($query);
$level= $row['level'];
$user = $row['namalengkap'];
$nik = $row['nik'];
if ($level == 'admin')
{
$_SESSION['level'] = $level;
$_SESSION ['user']= $user;
$_SESSION ['nik'] = $nik;
header('Location:homeadmin.php');
exit;
}
elseif ($level == 'pengguna')
{
$_SESSION['level'] = $level;
$_SESSION ['user'] = $user;
$_SESSION ['nik'] = $nik;
header('Location:home.php');
exit;
}
else {
header("location:index.php");
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.