Login Page doesnt direct - shows a blank page PHP

Question

So i have a login script and not too sure why it won't work. In my User table I have these fields:

Table: User

Field 1) ID
Field 2) Password (it is stored with crypt)
Field 3) Status (ranges from 0-2)

index.php

<?php
session_start();
unset($_SESSION['Status']);
?>
<head> 

  <title>Login Form</title>
  <link rel="stylesheet" type="text/css" href="login.css">
  <img src="logo1.jpg" style="float:left; width:490px; height:130px; margin-top: -70px;">
  <!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
</head>
<body>

<section class="container">
    <div class="login">
      <h1>Login</h1>
      <form action="process_login.php" method="POST"/>
        <div class="help-tip">
         <p>Enter the User ID and Password that you were given, in order to login. If you have forgotten your ID or Password, contact Admin</p>
</div>
          <p><input type="number"     name="ID"   value="" placeholder="ID*"       required autofocus></p>
        <p><input type="password" name="Password" value="" placeholder="Password*" required></p>
        <p class="submit"><input type="submit" name="commit" value="Login"></p>
    </form>
</div>

process_login.php

<?php
session_start();
?>
<?php
//Connect to host site and databse
include("functions.php");
// Fetching variables
$id = $_POST['ID'];
$pw = crypt($_POST['Password']);

//Find user details from User table using the username entered and comparing the entered password with the one retrieved form the user table

$UserValidate = mysqli_query ("SELECT * FROM User WHERE ID = '$id'") or die (mysqli_error());
$row = mysqli_fetch_array($UserValidate);
$CorrectId = $row['ID'];
$CorrectPw = $row['Password'];
$UserType = $row['Status'];

//check if ID in database
if ($id == $CorrectId) {
//check if password is assigned to that username and is correct
if ($pw == $CorrectPw) {
//check if user is standard user
if ($UserType == 0) {
    $_SESSION['CadetUser'] = $id;
header('http://****/calendar.php:'.$url);die();
if ($UserType == 1) {
$_SESSION['StaffUser'] = $id;
header('http://****/calendar_staff.php:'.$url);die();
if ($UserType == 2) {
$_SESSION['AdminUser'] = $id;
header('http://****/calendar_admin.php:'.$url);die();
}
}
else { 
  echo "Either your ID or Password is wrong";
  header('http://******/index.php:'.$url);die();
}
}
}
}
?>

UPDATE My problem is that i am getting a blank screen when I log in with the correct details. It just stops at process_login.php Also i changed the redirect to "header.........." like suggested

Answer 1

For redirect you could try

header('location:'.$url);die();

Note : remove all echo or print before header and make sure you don't have white spaces before your php opening tags

Answer 2

As an aside, your SQL statement is vulnerable to SQL injection because you put the $id straight into the statement. It would be far safer to use parameters and mysqli

Answer 3

This is your code - indented, as entered in your post:

//check if ID in database
if ($id == $CorrectId) {
    //check if password is assigned to that username and is correct
    if ($pw == $CorrectPw) {
        //check if user is standard user
        if ($UserType == 0) {
            $_SESSION['CadetUser'] = $id;
            header('http://****/calendar.php:'.$url);
            die();
            if ($UserType == 1) {
                $_SESSION['StaffUser'] = $id;
                header('http://****/calendar_staff.php:'.$url);
                die();
            // <----- missing a closing brace
            if ($UserType == 2) {
                $_SESSION['AdminUser'] = $id;
                header('http://****/calendar_admin.php:'.$url);
                die();
            }
        }
        else { 
            echo "Either your ID or Password is wrong"; // you need to remove this; outputting HTML prior to sending headers will result in a PHP error
            header('http://******/index.php:'.$url);
            die();
        }
    }
}
} // <----- remove this

As you can see the only condition that stands a chance is if ($UserType == 0) . Not to mention there's an erroneous } in there which could cause a syntax error.

You're also missing Location in your header, eg. header('Location: url/goes/here.php');

I've reformatted your code below, and fixed the syntax errors:

//check if ID in database
if ($id == $CorrectId && $pw == $CorrectPw) {
    //check if user is standard user
    if ($UserType == 0) {
        $_SESSION['CadetUser'] = $id;
        header('Location: http://****/calendar.php:'.$url);
        die();
    }
    elseif ($UserType == 1) {
        $_SESSION['StaffUser'] = $id;
        header('Location: http://****/calendar_staff.php:'.$url);
        die();
    }
    elseif ($UserType == 2) {
        $_SESSION['AdminUser'] = $id;
        header('Location: http://****/calendar_admin.php:'.$url);
        die();
    }
    else { 
        header('Location: http://******/index.php:'.$url);
        die();
    }
}

And since if ($id == $CorrectId) and if ($pw == $CorrectPw) are required conditions that must be met in order to proceed, it makes sense to just include them in a single condition.. for readability. You should avoid nesting conditions too deep whenever possible. Makes things messy, and code hard to read/follow. You can see I've added them into a single condition.

Answer 4

Change header function

header('http://****/calendar.php:'.$url);

To

header('location : http://****/calendar.php:');

Add location in header as shown above