php login doesn't redirect

Question

I used Dreamweaver to make a login page but it doesn't work, after hitting submit it just reloads the page, even in sucess or failure it should change to a different page. Anyone knows what I did wrong?

<?php require_once('Connections/trabalhoCD.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['login'])) {
  $loginUsername=$_POST['login'];
  $password=md5($_POST['pass']);
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "tabela1.php";
  $MM_redirectLoginFailed = "login2.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_trabalhoCD, $trabalhoCD);

  $LoginRS__query=sprintf("SELECT login, pass FROM utilizador WHERE login=%s AND pass=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

  $LoginRS = mysql_query($LoginRS__query, $trabalhoCD) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

    if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;       
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<form ACTION="<?php echo $loginFormAction; ?>" method="POST" name="form" id="form">
<table width="600" border="1">
  <tbody>
    <tr>
      <th width="173" scope="row"><label for="login">Login:</label></th>
      <td width="411">
        <input name="login" type="text" id="login" size="20" maxlength="20"></td>
    </tr>
    <tr>
      <th scope="row"><label for="pass">Password:</label></th>
      <td>
        <input name="pass" type="password" id="pass" size="20" maxlength="20"></td>
    </tr>
    <tr>
      <th colspan="2" scope="row"><input type="reset" name="limpar" id="limpar" value="limpar">
        <input type="submit" name="enviar" id="enviar" value="enviar"></th>
    </tr>
  </tbody>
</table>
</form>
</body>
</html>

Won't redirect because "Headers already sent" will be your error. The HTML is counted as output, hence a header. You should `die(header());` to ensure you don't run into the issue. — Darren, Jun 16 '16 at 23:17
It could be those new line characters between your php tags. Try putting all the code into 1 continuous block (except where you're trying to have plain html, of course) — , Jun 16 '16 at 23:36
It says "Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /Applications/MAMP/htdocs/trabalhoCD/login.php:1) in /Applications/MAMP/htdocs/trabalhoCD/login.php on line 38" — Ana Vieira, Jun 16 '16 at 23:37
I think Terminus is right. Your source has open/close php-tags there, where it can be skipped. You have to send to browser a `new line character` (in between close and open tags), but any session, cookies, headers functions needs to be done before any script output, even one not visible character. Try to remove unnecessary php-tags. — Wizard, Jun 17 '16 at 00:05
You can't check for $_SESSION without having already run the `session_start()` command. Put your `session_start();` at the top of your page. You can then check for the existence of session variables anytime thereafter. — Sgt AJ, Jun 17 '16 at 00:55
If I try to put session_start ( ) at the top it tells me that the loginFormAction was not found — Ana Vieira, Jun 17 '16 at 01:55
I finally was able to correct the problem by saving the file in "UTF-8 (no BOM) Thank you for all your help — Ana Vieira, Jun 17 '16 at 22:57

score 0 · Answer 1 · edited May 23 '17 at 12:22

Remove those extra php tags. They are probably adding whitespace that us being sent before you call header

<?php require_once('Connections/trabalhoCD.php');

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

// Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['login'])) {
  $loginUsername=$_POST['login'];
  $password=md5($_POST['pass']);
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "tabela1.php";
  $MM_redirectLoginFailed = "login2.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_trabalhoCD, $trabalhoCD);

  $LoginRS__query=sprintf("SELECT login, pass FROM utilizador WHERE login=%s AND pass=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

  $LoginRS = mysql_query($LoginRS__query, $trabalhoCD) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

    if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;       
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
...

Also, you should try to organize your code in such a way that you don't need to check if a function is defined before you define it (that's a performance issue and just seems, to me, like a bad idea)

Also, the mysql_ library is deprecated in php 5 and removed from php 7. Consider switching to mysqli or PDO which will let you use parameterized queries. (pdo is the way to go, imo)

php login doesn't redirect

1 Answers1