php: How can I redirect to the same page with a error message

Question

I need to redirect to the same page when the input email does not contain an @ sign. The rest of the code is working but whenever I put an email without an @, it's redirecting me to a blank page. (The details of the question are as follows: The login screen needs to have some error checking on its input data. If either the name or the password field is blank, you should display a message of the form:

Email and password are required

Note that we are using "email" and not "user name" to log in in this assignment.

If the password is non-blank and incorrect, you should put up a message of the form:

Incorrect password

For this assignment, you must add one new validation to make sure that the login name contains an at-sign (@) and issue an error in that case:

Email must have an at-sign (@)

If the incoming password, properly hashed matches the stored stored_hash value, the user's browser is redirected to the autos.php page with the user's name as a GET parameter using:

header("Location: autos.php?name=".urlencode($_POST['who']));

You must also use the error_log() function to issue the following message when the user fails login due to a bad password showing the computed hash of the password plus the salt:

error_log("Login fail ".$_POST['who']." $check");

When the login succeeds (ie the hash matches) issue the following log message:

error_log("Login success ".$_POST['who']); )

<?php 

if ( isset($_POST['cancel'] ) ) {
    header("Location: index.php");
    return;
}

$salt = 'XyZzy12*_';
$stored_hash = '1a52e17fa899cf40fb04cfc42e6352f1';  

$failure = false;  


// Check to see if we have some POST data, if we do process it
if ( isset($_POST['email']) && isset($_POST['pass']) ) {
    if ( strlen($_POST['email']) < 1 || strlen($_POST['pass']) < 1 ) {
        $failure = "Email and password are required";
    } else {
        if(strpos($_POST['email'], '@') !== false)
        {
            $check = hash('md5', $salt.$_POST['pass']);
            if ( $check == $stored_hash ) {
                // Redirect the browser to autos.php
                header("Location: autos.php?name=".urlencode($_POST['email']));
                error_log("Login success ".$_POST['email']);
                return;
            } else {
                $failure = "Incorrect password";
                error_log("Login fail ".$_POST['email']." $check");
            }             
        }
        else
        {
            $failure = "Email must have an at-sign @";
            return;
        }

    }
}

// Fall through into the View
?>
<!DOCTYPE html>
<html>
<head>
<?php require_once "bootstrap.php"; ?>
<title>ANIK CHAKRABORTI</title>
</head>
<body>
<div class="container">
<h1>Please Log In</h1>
<?php
// Note triple not equals and think how badly double
// not equals would work here...
if ( $failure !== false ) {
    // Look closely at the use of single and double quotes
    echo('<p style="color: red;">'.htmlentities($failure)."</p>\n");
}
?>
<form method="POST">
<label for="nam">Email</label>
<input type="text" name="email" id="nam"><br/>
<label for="id_1723">Password</label>
<input type="text" name="pass" id="id_1723"><br/>
<input type="submit" value="Log In">
<input type="submit" name="cancel" value="Cancel">
</form>

</div>
</body>

Answer 1

Remove the return from the else chunk after the $failure = "Email must have an at-sign @" line.

I think, without knowing much of how the request is being handled, that according to the example when validation fails the process must not return. It only returns on success because in that case you would have a new header and so when the page loads it gets you somewhere, on failure you need to only change the $failure variable and that is it.