Ask a question    Sign Up Sign In
  1. Home
  2. sql server - Login.php redirects to homepage instead of the header location

61 votes
1 answers

sql server - Login.php redirects to homepage instead of the header location

Get the solution ↓↓↓

I am trying to make a notice board where only the admin can login and post updates(for a school) and I am very new to php. My code works fine in MAMP server on mac, but when I upload it to the 000webhost.com for testing purposes, it does not redirect to the correct page after login and redirects to the index.php page.

Here is my code. I did session_start in my conf.php file.

<?php

// Check if the user is already logged in, if yes then redirect him to welcome page
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
   header('location: logout.php');
   exit;
}

//check if not authorized

// Include config file
require_once '../conf.php';

// Define variables and initialize with empty values
$email = $password =  '';
$email_err = $password_err =  '';

// Processing form data when form is submitted
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

   // Check if email is empty
   if (empty(trim($_POST['email']))) {
      $email_err = 'Please enter email.';
   } else {
      $email = trim($_POST['email']);
   }

   // Check if password is empty
   if (empty(trim($_POST['password']))) {
      $password_err = 'Please enter your password.';
   } else {
      $password = trim($_POST['password']);
   }

   // Validate credentials
   if (empty($email_err) && empty($password_err)) {
      // Prepare a select statement
      $sql = 'SELECT id, email, password FROM users WHERE email = ?';


      if ($stmt = mysqli_prepare($link, $sql)) {
         // Bind variables to the prepared statement as parameters
         mysqli_stmt_bind_param($stmt, 's', $param_email);

         // Set parameters
         $param_email = $email;

         // Attempt to execute the prepared statement
         if (mysqli_stmt_execute($stmt)) {
            // Store result
            mysqli_stmt_store_result($stmt);

            // Check if email exists, if yes then verify password
            if (mysqli_stmt_num_rows($stmt) == 1) {
               // Bind result variables
               mysqli_stmt_bind_result($stmt, $id, $email, $hashed_password);
               if (mysqli_stmt_fetch($stmt)) {
                  //if ( password_verify( $password, $hashed_password ) ) {
                  if (($password == $hashed_password)) {
                     // Password is correct, so start a new session
                     //session_start();

                     // Store data in session variables
                     $_SESSION['loggedin'] = true;
                     $_SESSION['id'] = $id;
                     $_SESSION['email'] = $email;

                     // Redirect user to welcome page
                     header('Location: add_notice.php');
                  } else {
                     // Display an error message if password is not valid
                     $password_err = 'The password you entered was not valid.';
                  }
               }
            } else {
               // Display an error message if email doesn't exist
               $email_err = 'No account found with that email.';
            }
         } else {
            echo 'Oops! Something went wrong. Please try again later.';
         }

         // Close statement
         mysqli_stmt_close($stmt);
      }
   }

   // Close connection
   mysqli_close($link);
}
?>

Please help me with it. I would appreciate it a lot.

535
votes

Answer

Solution:

Just to close off the question...

If you are callingsession_start() in the conf.php file then it needs to be included before any call for$_SESSION[] variables.

Right now you are checking for$_SESSION['loggedin'] before initialising the$_SESSION variables withsession_start().

Move require_once '../conf.php'; above that if statement and it will work e.g.

<?php
// Include config file
require_once '../conf.php';

// Check if the user is already logged in, if yes then redirect him to welcome page
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
   header('location: logout.php');
   exit;
}

//check if not authorized

// Define variables and initialize with empty values
$email = $password =  '';
$email_err = $password_err =  '';

// Processing form data when form is submitted
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

   // Check if email is empty
   if (empty(trim($_POST['email']))) {
      $email_err = 'Please enter email.';
   } else {
      $email = trim($_POST['email']);
   }

   // Check if password is empty
   if (empty(trim($_POST['password']))) {
      $password_err = 'Please enter your password.';
   } else {
      $password = trim($_POST['password']);
   }

   // Validate credentials
   if (empty($email_err) && empty($password_err)) {
      // Prepare a select statement
      $sql = 'SELECT id, email, password FROM users WHERE email = ?';


      if ($stmt = mysqli_prepare($link, $sql)) {
         // Bind variables to the prepared statement as parameters
         mysqli_stmt_bind_param($stmt, 's', $param_email);

         // Set parameters
         $param_email = $email;

         // Attempt to execute the prepared statement
         if (mysqli_stmt_execute($stmt)) {
            // Store result
            mysqli_stmt_store_result($stmt);

            // Check if email exists, if yes then verify password
            if (mysqli_stmt_num_rows($stmt) == 1) {
               // Bind result variables
               mysqli_stmt_bind_result($stmt, $id, $email, $hashed_password);
               if (mysqli_stmt_fetch($stmt)) {
                  //if ( password_verify( $password, $hashed_password ) ) {
                  if (($password == $hashed_password)) {
                     // Password is correct, so start a new session
                     //session_start();

                     // Store data in session variables
                     $_SESSION['loggedin'] = true;
                     $_SESSION['id'] = $id;
                     $_SESSION['email'] = $email;

                     // Redirect user to welcome page
                     header('Location: add_notice.php');
                  } else {
                     // Display an error message if password is not valid
                     $password_err = 'The password you entered was not valid.';
                  }
               }
            } else {
               // Display an error message if email doesn't exist
               $email_err = 'No account found with that email.';
            }
         } else {
            echo 'Oops! Something went wrong. Please try again later.';
         }

         // Close statement
         mysqli_stmt_close($stmt);
      }
   }

   // Close connection
   mysqli_close($link);
}
?>
Write your answer



Share solution ↓

Additional Information:
Link To Source
People are also looking for solutions of the problem: a non-numeric value encountered in

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Similar questions

Find the answer in similar questions on our website.

90 PHP + SQL - Using SQL Server 'Create To' scripts to create tables through PHP
857 php - Use mysql_fetch_array() with foreach() instead of while()
991 PHP: Connect to a MS SQL Server with Dynamic Port Allocation
310 php - Check if a variable has been set with the name of the value of another variable
547 php,mysql,html - Display SQL query(conjunction) properly in HTML
256 php - Cakephp 2.8.4 ignoring hasMany
554 php - Filter content from mysql db with checkboxes using jQuery?
840 installation - How to install PHP in IIS 7.5, Windows Server 2008 R2 (64bits)
709 php - Nested mysql_query() - Resets first result's pointer?
435 php - Mysql to JSON, how to get a nested array?

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.





About the technologies asked in this question

PHP

PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites. The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/


MySQL

DBMS is a database management system. It is designed to change, search, add and delete information in the database. There are many DBMSs designed for similar purposes with different features. One of the most popular is MySQL. It is a software tool designed to work with relational SQL databases. It is easy to learn even for site owners who are not professional programmers or administrators. MySQL DBMS also allows you to export and import data, which is convenient when moving large amounts of information.
https://www.mysql.com/

Welcome to programmierfrage.com

programmierfrage.com is a question and answer site for professional web developers, programming enthusiasts and website builders. Site created and operated by the community. Together with you, we create a free library of detailed answers to any question on programming, web development, website creation and website administration.

Get answers to specific questions

Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.

Help Others Solve Their Issues

Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.