1

Hi I have meet a problem here. I need to log in an account here but after i key in all the details and click Sign-In the page will redirect me back to the log in page. But actually the account is already logged in just that it cant redirect back to the Home Page after log in. What problem is this? Im using Session. and i put my session_start in connect.php(which is use to connect to database) Below is The Code

<?php error_reporting(0) ?>
<?php
include_once 'connect.php';
//Code Refer to http://www.w3schools.com/php/func_http_setcookie.asp
if(isset($_SESSION['user'])!="")
{
   header("Location: Home.php");
}
  if(isset($_POST['btn-login']))
   { 
     $username = mysql_real_escape_string($_POST['username']);
     $upass = mysql_real_escape_string($_POST['password']);
     $res=mysql_query("SELECT * FROM user WHERE u_username='$username'");
     $row=mysql_fetch_array($res);
       if($row['u_password']==md5($upass))
          {
            $_SESSION['user'] = $row['u_ID'];
            header("Location: Home.php");
          }
        else
          {
            ?>
            <script>alert('wrong details');</script>
           <?php
          }
 ?>


 <?php
 $year = time() + 31536000;
 setcookie('rememberme', $_POST['username'], $year);

 if ($_POST['rememberme'])
 {
   setcookie ('rememberme',$_POST['username'], $year);
 }
 else
 {
    setcookie(rememberme, $past);
 }


}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<link rel="stylesheet" href="Style.css" type="text/css" />
</head>
<body>
 <div id="header">
 <div id="left">
 <label>AngelService</label><br/>
 <p>Royal Borough of Greenwich</p>
 </div>
 </div>
 <center> <a href="Home.php">Home Page</a>  | <a href="Viewpost.php">View Post</a> | <a href="PostService">Post A Service</a></center>
 <center>
<div id="login-form">
<form method="post">
<table align="center" width="30%" border="0">
  <tr>
    <td><input type="text" name="username" placeholder="Your Username" required value="<?php
     echo $_COOKIE['rememberme']; ?>"/>
   </td>
 </tr>
 <tr>
   <td><input type="password" name="password" placeholder="Your Password" required />
  </td>
</tr>
<tr>
   <td><button type="submit" name="btn-login">Sign In</button></td>
</tr>
<tr>
  <td>
    <input type="checkbox" name="rememberme" value="rememberme" style="font-   size:6px;"> Remember Me<br>
  </td>
 </tr>
  <tr>
  <td>
   <a href="Register.php">Sign Up Here</a></td>
 </tr>
</table>
</form>
</div>
</center>
<div id="footer">
<div id="center" align="center">
    <br/>
    <p>Angel Services | Royal Borough of Greenwich | Created By UOG Student: Kuai Boon Ting</p>

</div>
</div>
</body>
</html>
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Boonting
  • 11
  • 2

2 Answers2

1

You are missing action="Your redirection page" in form tag i.e.,

<form method="post" action="forexample-Home.php">
.....
</form>
Ketan Joshi
  • 101
  • 10
  • hi~try d~ but still cant~ – Boonting Nov 21 '15 at 10:12
  • Where have you stuck? are you getting into this loop ? – Ketan Joshi Nov 21 '15 at 10:14
  • Hi Ketan Joshi I get stuck with the header maybe. Because when i click log in then it straight away redirect back to log in page instead of Home page. – Boonting Nov 21 '15 at 10:25
  • are you getting alert? "Wrong details" one? I tested your code in my local there is no issue in redirecting me to "Home.php" as your if($row['u_password']==md5($upass)) loop does, except you have not written 'action' in your form tag. – Ketan Joshi Nov 21 '15 at 10:27
  • your login.php page and home.php page are different right? – Ketan Joshi Nov 21 '15 at 10:28
  • Yea~ different actually in local host everything ok but once upload to server it will become like this – Boonting Nov 21 '15 at 10:34
  • Try one thing, edit your first line like this if($_POST){...} from if(isset($_POST['btn-login'])) and try.. it might not be the problem but since there seems no issue in code, no harm in trying. – Ketan Joshi Nov 21 '15 at 10:44
  • Still the same~ Cant Work http://stuweb.cms.gre.ac.uk/~kt5924x/WAD-Angel%20Service/Index.php you can try this. Username User3 Password: 123 – Boonting Nov 21 '15 at 10:54
  • Have you inspected? your **form** tag still dont have any url in action property to redirect! right click-> inspect element – Ketan Joshi Nov 21 '15 at 10:59
  • @KetanJoshi If the form sends to another page, how would you validate the login? Then he'd need to put the PHP he has into his home.php file. That in itself is not an issue, but consider the case should the login be invalid - how would you treat that if the user is already sent to another page? :) – Qirel Nov 21 '15 at 11:15
  • @Qirel If login be invalid, he should get **alert("wrong details")** . which he is not, means he is not been getting to the prior **IF block** even. – Ketan Joshi Nov 21 '15 at 11:22
  • @KetanJoshi I'm just saying that if he adds `action="home.php"` to his form, it will redirect to home.php *every time*, even if the login fails, which is why I think it's better that it just submits the form to the same page, then validate the login, and only if it's correct - redirect back to home.php (the way he originally structured his code). – Qirel Nov 21 '15 at 11:23
  • @Qirel yea thats right. Correct. But now the thing is the user already log in but it wouldnt redirect to home.php. i dont know whats wrong – Boonting Nov 21 '15 at 11:52
  • Check out my answer below, @Boonting. Perhaps it's "Header already sent" issue. And are you 100% sure the session is started? – Qirel Nov 21 '15 at 11:54
  • @Qirel yea~ u try the website i post just now. stuweb.cms.gre.ac.uk/~kt5924x/WAD-Angel%20Service/Index.php Username User3 Password: 123 after u log in it will redirect bck to log in page but u click on the post service it will show the ID on the top right. – Boonting Nov 21 '15 at 12:07
  • @Boonting Yeah, I see the session works - so it's most likely a "Header already sent" issue, take a look at [this post](http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php). Also, if you check out my answer below, there's a few pointers on how to improve your code in general. :) – Qirel Nov 21 '15 at 12:10
  • ok thanks but after i read im confused and not really understand. sorry that im new in php – Boonting Nov 21 '15 at 12:25
  • Well, alright. What is it that you don't understand then? @Boonting – Qirel Nov 22 '15 at 17:12
1

There are several things you can do to improve your code. For starters, you do not need to close and open PHP tags directly after each other, like you have 

<?php error_reporting(0) ?>
<?php
include_once 'connect.php';

could just be 

<?php error_reporting(0); 
include_once 'connect.php';

The statement if(isset($_SESSION['user'])!="") doesn't do exactly what you think it does. isset($_SESSION['user']) returns a boolean (true/false), so checking whether or not a boolean is empty won't work. You can do if (!empty($_SESSION['user'])) {... to check if it's set and if it's empty or not. Check out the documentation for isset() and documentation for empty().

For your actual problem though: Note also that your header(); functions cannot be called after any output is made to the browser (any whitespace, HTML or PHP echo). This would appear as a PHP Warning, which will be reported should you put error_reporting(-1); instead of ignoring all errors (as you currently are doing with having error_reporting set to 0).

The other answer suggested using the HTML action-attribute for the form, but in case the login is invalid, it's best to have it sent to the same page, and only redirect should the login be valid. This is called "validate and redirect".

These pointers below are just to improve your code, and not necessarily the cause of your problem.

  1. If you want to set a cookie, it has to be done before any and all output is sent to the browser (see this post), so in case the if($row['u_password']==md5($upass)) statement fails, and it enters the else-brackets, your cookie will not be set.

  2. You should stop using mysql_* functions if you can. They are deprecated, and will be removed in the future. Switch over to mysqli_* or PDO instead. (Check out this post).

  3. Usage of md5 hashing is not that secure. If you have PHP 5.5.0 or higher, you should perhaps look into usage of password_hash and password_verify

  4. After every header("Location: ...."); you should always put a exit;, so that the code stops executing after it's redirecting. (Check out this post).

Community
  • 1
  • 1
Qirel
  • 25,449
  • 7
  • 45
  • 62