0

I'm building a CMS for a website. The problem is that after the login a blank page appears and it stays until I hit refresh. Then it loads to the correct menu page and everything else is working correctly except this little detail. Any tips to solve this? Thanks, my code is below:

    <?php

session_start();

include_once('../includes/connection.php');
if(isset($_SESSION['logged_in'])) {
    //display index
    ?>

    <html>
    <head>
        <meta charset="UTF-8">
        <title>AdminENG</title>
        <link rel ="stylesheet" href="../assets/style.css"/>
    </head>

        <body>
            <div class="container">
                CMS - ENG
                <ol>

                    <li><a href ="add.php">Add Article</a></li>
                    <li><a href ="delete.php">Delete Article</a></li>
                    <li><a href ="logout.php">Logout</a></li>
                </ol>
            </div>
        </body>
    </html>

    <?php
}
else {
    //display login
    if(isset($_POST['username'], $_POST['password'])) {
        $username = $_POST['username'];
        $password = md5($_POST['password']);

        if (empty($username) || empty($password)) {
            $error = "All fields are required!";
        }
        else {
            $query = $pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password = ?");

            $query->bindValue(1, $username);
            $query->bindValue(2, $password);

            $query->execute();

            $num = $query->rowCount();

            if($num == 1) {
                //user entered the correct details
                $_SESSION['logged_in'] = true;

                header('Location: index.php');
                exit();
            }
            else {
                //user entered false details
                $error = "Incorrect details!";
            }
        }
    }

    ?>

    <html>
    <head>
        <title>AdminENG</title>
        <meta charset="UTF-8">
        <link rel ="stylesheet" href="../assets/style.css"/>
    </head>

        <body>
            <div class="container">
                CMS
                <br><br>

                <?php
                if (isset($error)) { ?>
                    <small style="color:#aa0000"><?php echo $error; ?></small>

                <?php } ?>

                <br><br>

                <form action="index.php" method="post">
                    <input type ="text" name="username" placeholder="Username"/>
                    <input type="password" name="password" placeholder="Password"/>
                    <input type="submit" value="Login"/>
                </form>
            </div>
        </body>
    </html>

    <?php
}
?>
royhowie
  • 11,075
  • 14
  • 50
  • 67
Miguel
  • 1,579
  • 5
  • 18
  • 31
  • are you working on a local machine (lamp/mamp/xampp)? Did you check your php.ini error settings show you possible errors? That might help you debugging. – Andresch Serj Mar 24 '14 at 14:47
  • Also take note of the manual: `For most databases, PDOStatement::rowCount() does not return the number of rows affected by a SELECT statement.` – jeroen Mar 24 '14 at 14:52
  • Actualt this doesn't happen on localhost, just notice this after the upload – Miguel Mar 24 '14 at 14:55
  • And `md5()` is not a good way to protect / store your passwords, use a salted hash with a good hashing algorithm, see for example: http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php – jeroen Mar 24 '14 at 14:58

2 Answers2

4

Your header() redirection is probably not working. Check error log to see what the problem is. There must be absolutely no characters sent to the browser before the header() redirection, else it will fail.

My guess would be that those few spaces before <? in your script (if they are not copy/paste error) could interfere with head() redirection.

Anyway, check your error.log and see what do you have there.

dkasipovic
  • 5,930
  • 1
  • 19
  • 25
  • Sorry for my ignoarance but how can i check error log? – Miguel Mar 24 '14 at 14:51
  • You should see where your errors are stored if you create blank php file and execute `phpinfo()` in it. Among other data there should be error log location. If you are on shared hosting, it's most likely `error_log` file in the directory where php resides, or in root (public_html) directory. If you are administering your server, it could be in `/var/log/apache2` or wherever you set it to be. Also, you can see the location by checking in your `php.ini` file. – dkasipovic Mar 24 '14 at 14:53
  • 1
    Or put this at the top of your script: `ini_set('display_errors',1); error_reporting(E_ALL | E_STRICT);` – jeroen Mar 24 '14 at 14:56
0

You can't use Header after you execute html to the browser. Try replace this: header('Location: index.php');

With this:

<script>window.location="index.php";</script>

OfirH
  • 651
  • 1
  • 8
  • 19
  • Good, your welcome. By the way I was wrong didn't see the `if` in your code. You has the same problem, but it wasn't because of the `html` tags. probably because of the whitespaces on top as one of the answers point out. – OfirH Mar 24 '14 at 15:05
  • @Miguel You should solve the problem, not switch to another language to hide it. – jeroen Mar 24 '14 at 15:08