PHP login algorithm not redirecting to next page (unsure on connection to database)

Question

I am setting up a login page to take a users username and password then check that against a local database, however nothing is echoing form the database connection and there is no redirecting to the next page 'welcome.php' happening.

I have already tried many different ways of connecting to the local database and redirecting to different pages with different methods, none of which gave any error message or worked. using XAMPP Apache and mySQL modules to provide the local server.

<?php

if (isset($_POST['Login']))
{

$link = mysql_connect('localhost','root','password','budget');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';

session_start();

$username= $_POST['username'];
$password= sha1($_POST['password']);

$_SESSION['login_user']=$username;

$query = mysql_query("SELECT accounts.username, passwords.password_hash
FROM accounts
INNER JOIN passwords ON accounts.account_id = passwords.account_id
WHERE accounts.username = '$username' AND password_hash = '$password';");

if (mysql_num_rows($query) != 0){
 ?>
<script type="text/javascript">window.location.replace(welcome.php); 
</script>;
<?php
mysql_close($link); 
}
}

?>

I expect it to redirect to 'welcome.php' but instead it just refreshes the same page and nothing is echoed or given as an error

Answer 1

What isn't working?
Your JavaScript location.replace method needs a string as an input, you're not giving it that (as the input value is not quoted). It would be window.location.replace('welcome.php'); instead.

How to solve it?
The better solution is to redirect in PHP instead of in JavaScript, using header() .

Additional remarks
I took the liberty of converting your code to use mysqli_ instead of the old, outdated and deprecated mysqli_ library. With this, you can use a prepared statement, as I have shown below. Use this approach for all your queries , bind the parameters through placeholders.

session_start();
if (isset($_POST['Login'])) {
    $link = mysqli_connect('localhost','root','password','budget');
    if ($link->connection_errno) {
        die('Could not connect: ' . $con->error);
    }

    $username = $_POST['username'];
    $password = sha1($_POST['password']);

    $stmt = $link->prepare("SELECT a.username, p.password_hash
                            FROM accounts a 
                            INNER JOIN passwords p 
                               ON a.account_id = a.account_id
                            WHERE a.username = ? 
                              AND p.password_hash = ?");
    $stmt->bind_param("ss", $username, $password);
    $stmt->bind_result($resultUsername, $resultPassword);
    $stmt->execute();
    if ($stmt->num_rows) {
        $_SESSION['login_user'] = $username;
        header("Location: welcome.php");
    }
    $stmt->close();
}

What's next?
Fix your passwords. Using sha1() is highly insecure for passwords, look into using passwords_hash() / password_verify() instead.

Answer 2

You need to add single quote around welcome.php

As welcome.php is neither a JavaScript keyword like this nor a number, single quote is mandatory also it is not a variable/object.

JS considers welcome as object and php as its method in welcome.php

Without it, a JavaScript error will be displayed:

ReferenceError: welcome is not defined

<script type="text/javascript">window.location.replace(welcome.php); 
</script>

Also, there is no need of semi-colon ; .

JavaScript redirect without any condition.