-1

Even though the if condition ($num>0) is true, I am not being redirected to the welcome.php, any help from fellow developers?

if(isset($_POST['login'])){
$password=$_POST['password'];
$email=$_POST['email'];
$ret= mysqli_query($con,"SELECT * FROM users WHERE email='$email' and password='$password'");
$num=mysqli_fetch_array($ret);

if($num>0)
{
$extra="welcome.php";
$_SESSION['login']=$_POST['email'];
$_SESSION['id']=$num['id'];
$_SESSION['full_name']=$num['full_name'];

$host=$_SERVER['HTTP_HOST'];
$uri=rtrim(dirname($_SERVER['PHP_SELF']),'/\\');
header("Location:http://$host$uri/$extra");
exit();
}

After login button is clicked, with the correct attributes, Im stuck on the same page, just blank white page.

   <form name="login" action="" method="post">

          <div class="uk-margin">
              <div class="uk-inline">
                   <span class="uk-form-icon" uk-icon="icon: mail"></span>
                      <input class="uk-input" name="email" type="email" placeHolder="Enter your e-mail">
               </div>
           </div>
                    
           <div class="uk-margin">
               <div class="uk-inline">
                   <span class="uk-form-icon" uk-icon="icon: lock"></span>
                      <input class="uk-input" name="password" type="password" placeHolder="Enter your password">
               </div>
                            
           </div>
           <input type="submit" name="login" value="LOG IN" >

    </form>
Rasit Aklar
  • 32
  • 5
  • What is the error message you are receiving? – Amacado Jul 11 '20 at 20:27
  • just blank white page – Rasit Aklar Jul 11 '20 at 20:33
  • enable https://www.php.net/manual/de/function.error-reporting.php – Amacado Jul 11 '20 at 20:34
  • **Warning:** You are wide open to SQL injections. Read up: [preventing it](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php), [why does it happen](https://stackoverflow.com/questions/5721786/how-does-sql-injection-work-and-how-do-i-protect-against-it/5721892). Use prepared statements. Also, it appears you're storing plain-text passwords in your database, which is a major no-no security practice. – Markus AO Jul 11 '20 at 20:37
  • Just trying to get a working code, will encrypt once its done, thanks for the heads up – Rasit Aklar Jul 11 '20 at 20:41

1 Answers1

-1

replace header("location:http://$host$uri/$extra"); with header("Location: http://$host$uri/$extra");

Jatin Parmar
  • 2,759
  • 5
  • 20
  • 31